julia/self-service-api
1
0
Fork 0
forked from finallycoffee/self-service-api
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: julia:d1af7200655e1dea6551a8396844b1965a0a6c91
Branches Tags
julia:main
finallycoffee:main
...
compare: julia:782e0f7b9757b2d8e3fc1978a0f119de0e10f991
Branches Tags
julia:main
finallycoffee:main

2 Commits
d1af720065 ... 782e0f7b97

Author SHA1 Message Date
Julia Luna
782e0f7b97
feat: store bcrypt encoded passwords 2021-06-06 18:04:15 +02:00
Julia Luna
3cde9f1078
chore: clean up code 2021-06-06 18:03:24 +02:00
2 changed files with 27 additions and 17 deletions
Show Stats Expand all files Collapse all files

1
requirements.txt
View File

@ -8,3 +8,4 @@ python-ldap==3.3.1
starlette==0.14.2 starlette==0.14.2
typing-extensions==3.10.0.0 typing-extensions==3.10.0.0
uvicorn==0.13.4 uvicorn==0.13.4
bcrypt==3.2.0

43
src/main.py
View File

@ -1,31 +1,40 @@
import bcrypt
import ldap import ldap
from fastapi import FastAPI, HTTPException, Response from fastapi import FastAPI, HTTPException, Response
from pydantic import BaseModel from pydantic import BaseModel
from ldap import modlist
from config import LDAP_URI, LDAP_BASE_DN from config import LDAP_BASE_DN, LDAP_URI
app = FastAPI() app = FastAPI()
class PasswordUpdate(BaseModel): class PasswordUpdate(BaseModel):
bind_pw: str bind_pw: str
userPassword: str userPassword: str
@app.post("/users/{rdn}/updatePassword", status_code=204, response_class=Response) @app.post("/users/{rdn}/updatePassword", status_code=204, response_class=Response)
def change_password(rdn: str, updateRequest: PasswordUpdate): def change_password(rdn: str, update_request: PasswordUpdate):
try: try:
ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", updateRequest.bind_pw) ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", update_request.bind_pw)
except ldap.INVALID_CREDENTIALS as e: except ldap.INVALID_CREDENTIALS as e:
raise HTTPException(status_code=401, detail=str(e)) raise HTTPException(status_code=401, detail=str(e))
_update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", updateRequest.userPassword) new_pass = _hash_password(update_request.userPassword)
_update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", new_pass)
def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str): def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str):
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
conn = ldap.initialize(server_uri) conn = ldap.initialize(server_uri)
conn.simple_bind_s(bind_dn, bind_pw) conn.simple_bind_s(bind_dn, bind_pw)
return conn return conn
def _update_ldap_userPassword(conn, dn: str, new_pass: str): def _update_ldap_userPassword(conn, dn: str, new_pass: str):
changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )] changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )]
result = conn.modify_ext_s(dn, changes) result = conn.modify_ext_s(dn, changes)
def _hash_password(pw: str):
hash_b = bcrypt.hashpw(pw.encode(), bcrypt.gensalt())
return '{BCRYPT}' + hash_b.decode()