-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create auth module in api package and add user_is_valid function
- Loading branch information
Showing
1 changed file
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
from easyad import EasyAD | ||
from ldap.filter import escape_filter_chars | ||
# pylint says this is an error but it works so ¯\_(ツ)_/¯ | ||
from ldap import INVALID_CREDENTIALS as LDAP_INVALID_CREDENTIALS | ||
|
||
|
||
|
||
def user_is_valid(username: str, password: str) -> bool: | ||
"""Checks if user is valid and in webqueue2 login group. | ||
Args: | ||
username (str): Career account username. | ||
password (str): Career account passphrase. | ||
Returns: | ||
bool: True if user is valid, otherwise False. | ||
""" | ||
|
||
# Check for empty arguments | ||
if (username == "" or password == ""): | ||
return False | ||
|
||
# Initialize EasyAD | ||
config = { | ||
"AD_SERVER": "boilerad.purdue.edu", | ||
"AD_DOMAIN": "boilerad.purdue.edu" | ||
} | ||
ad = EasyAD(config) | ||
|
||
# Prepare search critiera for Active Directory | ||
credentials = { | ||
"username": escape_filter_chars(username), | ||
"password": password | ||
} | ||
attributes = [ 'cn', "memberOf" ] | ||
filter_string = f'(&(objectClass=user)(|(sAMAccountName={username})))' | ||
|
||
# Do user search | ||
try: | ||
user = ad.search(credentials=credentials, attributes=attributes, filter_string=filter_string)[0] | ||
except LDAP_INVALID_CREDENTIALS: | ||
return False | ||
|
||
# Isolate group names | ||
# Example: | ||
# 'CN=00000227-ECNStuds,OU=BoilerADGroups,DC=BoilerAD,DC=Purdue,DC=edu' becomes | ||
# `00000227-ECNStuds` | ||
user_groups = [ group.split(',')[0].split('=')[1] for group in user["memberOf"] ] | ||
|
||
# Check group membership | ||
webqueue_login_group = "00000227-ECN-webqueue" | ||
if webqueue_login_group not in user_groups: | ||
return False | ||
|
||
return True |