AppCode/LoginAuth.py

@@ -1,40 +1,71 @@
 from flask import Blueprint, render_template, request, redirect, url_for, flash, session
-from flask import flash,redirect,url_for
 from functools import wraps
-from flask import session
+from ldap3 import Server, Connection, ALL
+from ldap3.core.exceptions import LDAPException
+
 
 class LoginAuth:
     def __init__(self):
+        # Create Blueprint
         self.bp = Blueprint("auth", __name__)
 
+        # -------------------------------
+        # LDAP CONFIGURATION
+        # -------------------------------
+        self.LDAP_SERVER = "ldap://localhost:389"
+ 
+        self.BASE_DN = "ou=users,dc=lcepl,dc=org"        # LDAP Users DN
+
+        # -------------------------------
         # LOGIN ROUTE
+        # -------------------------------
         @self.bp.route('/login', methods=['GET', 'POST'])
         def login():
             if request.method == 'POST':
                 username = request.form.get("username")
                 password = request.form.get("password")
 
-                # Dummy validation — REPLACE with DB check later
-                if username == "admin" and password == "admin123":
-                    session['user'] = username
-                    flash("Login successful!", "success")
-                    return redirect(url_for('welcome'))
-                else:
-                    flash("Invalid username or password!", "danger")
+                if not username or not password:
+                    flash("Username and password are required!", "danger")
+                    return render_template("login.html")
 
+                user_dn = f"uid={username},{self.BASE_DN}"
+                server = Server(self.LDAP_SERVER, get_info=ALL)
+
+                try:
+                    # Attempt LDAP bind
+                    conn = Connection(server, user=user_dn, password=password, auto_bind=True)
+                    if conn.bound:
+                        session['user'] = username
+                        flash(f"Login successful! Welcome {username}", "success")
+                        return redirect(url_for('welcome'))
+                    else:
+                        flash("Invalid username or password!", "danger")
+                except LDAPException as e:
+                    flash(f"LDAP login failed: {str(e)}", "danger")
+                finally:
+                    if 'conn' in locals():
+                        conn.unbind()
+
+            # GET request: show login form
             return render_template("login.html")
 
+        # -------------------------------
         # LOGOUT ROUTE
+        # -------------------------------
         @self.bp.route('/logout')
         def logout():
             session.clear()
             flash("Logged out successfully!", "success")
             return redirect(url_for('auth.login'))
-        
-        # ===================================================
-    #       LOGIN REQUIRED DECORATOR INSIDE CLASS
+
+    # ===================================================
+    # LOGIN REQUIRED DECORATOR INSIDE CLASS
     # ===================================================
     def login_required(self, f):
+        """
+        Protect routes: redirect to login if user not authenticated.
+        """
         @wraps(f)
         def wrapper(*args, **kwargs):
             if "user" not in session: