from flask import Blueprint, render_template, request, redirect, url_for, flash, session <<<<<<< HEAD import os ======= >>>>>>> b9a8b9c0a9c322c129ac50b3dec0ffb3c6d82a83 from functools import wraps from ldap3 import Server, Connection, ALL from ldap3.core.exceptions import LDAPException class LoginAuth: def __init__(self): # Create Blueprint self.bp = Blueprint("auth", __name__) # ------------------------------- # LDAP CONFIGURATION # ------------------------------- <<<<<<< HEAD self.LDAP_SERVER = os.getenv( "LDAP_SERVER", "ldap://host.docker.internal:389" ) ======= self.LDAP_SERVER = "ldap://localhost:389" >>>>>>> b9a8b9c0a9c322c129ac50b3dec0ffb3c6d82a83 self.BASE_DN = "ou=users,dc=lcepl,dc=org" # LDAP Users DN # ------------------------------- # LOGIN ROUTE # ------------------------------- @self.bp.route('/login', methods=['GET', 'POST']) def login(): if request.method == 'POST': username = request.form.get("username") password = request.form.get("password") <<<<<<< HEAD if not username or not password: flash("Username and password are required!", "danger") return render_template("login.html") user_dn = f"uid={username},{self.BASE_DN}" server = Server(self.LDAP_SERVER, get_info=ALL) ======= if not username or not password: flash("Username and password are required!", "danger") return render_template("login.html") user_dn = f"uid={username},{self.BASE_DN}" server = Server(self.LDAP_SERVER, get_info=ALL) >>>>>>> b9a8b9c0a9c322c129ac50b3dec0ffb3c6d82a83 try: # Attempt LDAP bind conn = Connection(server, user=user_dn, password=password, auto_bind=True) if conn.bound: <<<<<<< HEAD ======= >>>>>>> b9a8b9c0a9c322c129ac50b3dec0ffb3c6d82a83 session['user'] = username flash(f"Login successful! Welcome {username}", "success") return redirect(url_for('welcome')) else: flash("Invalid username or password!", "danger") except LDAPException as e: flash(f"LDAP login failed: {str(e)}", "danger") finally: if 'conn' in locals(): conn.unbind() <<<<<<< HEAD # GET request: show login form return render_template("login.html") # LOGIN ROUTE # @self.bp.route('/login', methods=['GET', 'POST']) # def login(): # if request.method == 'POST': # username = request.form.get("username") # password = request.form.get("password") # # Dummy validation — REPLACE with DB check later # if username == "admin" and password == "admin123": # session['user'] = username # flash("Login successful!", "success") # return redirect(url_for('welcome')) # else: # flash("Invalid username or password!", "danger") # return render_template("login.html") ======= # GET request: show login form return render_template("login.html") >>>>>>> b9a8b9c0a9c322c129ac50b3dec0ffb3c6d82a83 # ------------------------------- # LOGOUT ROUTE # ------------------------------- @self.bp.route('/logout') def logout(): session.clear() flash("Logged out successfully!", "success") return redirect(url_for('auth.login')) # =================================================== # LOGIN REQUIRED DECORATOR INSIDE CLASS # =================================================== def login_required(self, f): """ Protect routes: redirect to login if user not authenticated. """ @wraps(f) def wrapper(*args, **kwargs): if "user" not in session: flash("Please login first!", "danger") return redirect(url_for("auth.login")) return f(*args, **kwargs) return wrapper