mirrors/ArchiveBox
1
0
Fork 0
mirror of https://github.com/ArchiveBox/ArchiveBox.git synced 2025-05-27 21:24:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

rename vendor dir to pkgs

Browse source
This commit is contained in:
Nick Sweeting 2024-10-28 20:05:20 -07:00
parent 7d75867650
commit dee4eb7992
No known key found for this signature in database
168 changed files with 47 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

54
archivebox/pkgs/abx-plugin-ldap-auth/abx_plugin_ldap_auth/__init__.py Normal file
View file

@ -0,0 +1,54 @@
__package__ = 'abx_plugin_ldap_auth'
__label__ = 'LDAP'
__homepage__ = 'https://github.com/django-auth-ldap/django-auth-ldap'
import abx
@abx.hookimpl
def get_CONFIG():
from .config import LDAP_CONFIG
return {
'LDAP_CONFIG': LDAP_CONFIG
}
@abx.hookimpl
def get_BINARIES():
from .binaries import LDAP_BINARY
return {
'ldap': LDAP_BINARY,
}
def create_superuser_from_ldap_user(sender, user=None, ldap_user=None, **kwargs):
"""
Invoked after LDAP authenticates a user, but before they have a local User account created.
ArchiveBox requires staff/superuser status to view the admin at all, so we must create a user
+ set staff and superuser when LDAP authenticates a new person.
"""
from .config import LDAP_CONFIG
if user is None:
return # not authenticated at all
if not user.id and LDAP_CONFIG.LDAP_CREATE_SUPERUSER:
user.is_superuser = True # authenticated via LDAP, but user is not set up in DB yet
user.is_staff = True
print(f'[!] WARNING: Creating new user {user} based on LDAP user {ldap_user} (is_staff={user.is_staff}, is_superuser={user.is_superuser})')
@abx.hookimpl
def ready():
"""
Called at AppConfig.ready() time (settings + models are all loaded)
"""
from .config import LDAP_CONFIG
LDAP_CONFIG.validate()
if LDAP_CONFIG.LDAP_ENABLED:
# tell django-auth-ldap to call our function when a user is authenticated via LDAP
import django_auth_ldap.backend
django_auth_ldap.backend.populate_user.connect(create_superuser_from_ldap_user)

67
archivebox/pkgs/abx-plugin-ldap-auth/abx_plugin_ldap_auth/binaries.py Normal file
View file

@ -0,0 +1,67 @@
__package__ = 'abx_plugin_ldap_auth'
import inspect
from typing import List
from pathlib import Path
from pydantic import InstanceOf
from pydantic_pkgr import BinaryOverrides, SemVer, Binary, BinProvider
from abx_plugin_default_binproviders import apt
from abx_plugin_pip.binproviders import SYS_PIP_BINPROVIDER, VENV_PIP_BINPROVIDER, LIB_PIP_BINPROVIDER, VENV_SITE_PACKAGES, LIB_SITE_PACKAGES, USER_SITE_PACKAGES, SYS_SITE_PACKAGES
from .config import get_ldap_lib
def get_LDAP_LIB_path(paths=()):
LDAP_LIB = get_ldap_lib()[0]
if not LDAP_LIB:
return None
# check that LDAP_LIB path is in one of the specified site packages dirs
lib_path = Path(inspect.getfile(LDAP_LIB))
if not paths:
return lib_path
for site_packges_dir in paths:
if str(lib_path.parent.parent.resolve()) == str(Path(site_packges_dir).resolve()):
return lib_path
return None
def get_LDAP_LIB_version():
LDAP_LIB = get_ldap_lib()[0]
return LDAP_LIB and SemVer(LDAP_LIB.__version__)
class LdapBinary(Binary):
name: str = 'ldap'
description: str = 'LDAP Authentication'
binproviders_supported: List[InstanceOf[BinProvider]] = [VENV_PIP_BINPROVIDER, SYS_PIP_BINPROVIDER, LIB_PIP_BINPROVIDER, apt]
overrides: BinaryOverrides = {
LIB_PIP_BINPROVIDER.name: {
"abspath": lambda: get_LDAP_LIB_path(LIB_SITE_PACKAGES),
"version": lambda: get_LDAP_LIB_version(),
"packages": ['python-ldap>=3.4.3', 'django-auth-ldap>=4.1.0'],
},
VENV_PIP_BINPROVIDER.name: {
"abspath": lambda: get_LDAP_LIB_path(VENV_SITE_PACKAGES),
"version": lambda: get_LDAP_LIB_version(),
"packages": ['python-ldap>=3.4.3', 'django-auth-ldap>=4.1.0'],
},
SYS_PIP_BINPROVIDER.name: {
"abspath": lambda: get_LDAP_LIB_path((*USER_SITE_PACKAGES, *SYS_SITE_PACKAGES)),
"version": lambda: get_LDAP_LIB_version(),
"packages": ['python-ldap>=3.4.3', 'django-auth-ldap>=4.1.0'],
},
apt.name: {
"abspath": lambda: get_LDAP_LIB_path(),
"version": lambda: get_LDAP_LIB_version(),
"packages": ['libssl-dev', 'libldap2-dev', 'libsasl2-dev', 'python3-ldap', 'python3-msgpack', 'python3-mutagen'],
},
}
LDAP_BINARY = LdapBinary()

122
archivebox/pkgs/abx-plugin-ldap-auth/abx_plugin_ldap_auth/config.py Normal file
View file

@ -0,0 +1,122 @@
__package__ = 'abx_plugin_ldap_auth'
import sys
from typing import Dict, List, Optional
from pydantic import Field, computed_field
from abx_spec_config.base_configset import BaseConfigSet
LDAP_LIB = None
LDAP_SEARCH = None
def get_ldap_lib(extra_paths=()):
global LDAP_LIB, LDAP_SEARCH
if LDAP_LIB and LDAP_SEARCH:
return LDAP_LIB, LDAP_SEARCH
try:
for path in extra_paths:
if path not in sys.path:
sys.path.append(path)
import ldap
from django_auth_ldap.config import LDAPSearch
LDAP_LIB, LDAP_SEARCH = ldap, LDAPSearch
except ImportError:
pass
return LDAP_LIB, LDAP_SEARCH
###################### Config ##########################
class LdapConfig(BaseConfigSet):
"""
LDAP Config gets imported by core/settings.py very early during startup.
It needs to be in a separate file from apps.py so that it can be imported
during settings.py initialization before the apps are loaded.
"""
LDAP_ENABLED: bool = Field(default=False, alias='LDAP')
LDAP_SERVER_URI: str = Field(default=None)
LDAP_BIND_DN: str = Field(default=None)
LDAP_BIND_PASSWORD: str = Field(default=None)
LDAP_USER_BASE: str = Field(default=None)
LDAP_USER_FILTER: str = Field(default=None)
LDAP_CREATE_SUPERUSER: bool = Field(default=False)
LDAP_USERNAME_ATTR: str = Field(default='username')
LDAP_FIRSTNAME_ATTR: str = Field(default='first_name')
LDAP_LASTNAME_ATTR: str = Field(default='last_name')
LDAP_EMAIL_ATTR: str = Field(default='email')
def validate(self):
if self.LDAP_ENABLED:
LDAP_LIB, _LDAPSearch = get_ldap_lib()
# Check that LDAP libraries are installed
if LDAP_LIB is None:
sys.stderr.write('[X] Error: LDAP Authentication is enabled but LDAP libraries are not installed. You may need to run: pip install archivebox[ldap]\n')
# dont hard exit here. in case the user is just running "archivebox version" or "archivebox help", we still want those to work despite broken ldap
# sys.exit(1)
self.update_in_place(LDAP_ENABLED=False)
# Check that all required LDAP config options are set
if self.LDAP_CONFIG_IS_SET:
missing_config_options = [
key for key, value in self.model_dump().items()
if value is None and key != 'LDAP_ENABLED'
]
sys.stderr.write('[X] Error: LDAP_* config options must all be set if LDAP_ENABLED=True\n')
sys.stderr.write(f' Missing: {", ".join(missing_config_options)}\n')
self.update_in_place(LDAP_ENABLED=False)
return self
@computed_field
@property
def LDAP_CONFIG_IS_SET(self) -> bool:
"""Check that all required LDAP config options are set"""
if self.LDAP_ENABLED:
LDAP_LIB, _LDAPSearch = get_ldap_lib()
return bool(LDAP_LIB) and self.LDAP_ENABLED and bool(
self.LDAP_SERVER_URI
and self.LDAP_BIND_DN
and self.LDAP_BIND_PASSWORD
and self.LDAP_USER_BASE
and self.LDAP_USER_FILTER
)
return False
@computed_field
@property
def LDAP_USER_ATTR_MAP(self) -> Dict[str, str]:
return {
'username': self.LDAP_USERNAME_ATTR,
'first_name': self.LDAP_FIRSTNAME_ATTR,
'last_name': self.LDAP_LASTNAME_ATTR,
'email': self.LDAP_EMAIL_ATTR,
}
@computed_field
@property
def AUTHENTICATION_BACKENDS(self) -> List[str]:
if self.LDAP_ENABLED:
return [
'django.contrib.auth.backends.ModelBackend',
'django_auth_ldap.backend.LDAPBackend',
]
return []
@computed_field
@property
def AUTH_LDAP_USER_SEARCH(self) -> Optional[object]:
if self.LDAP_ENABLED:
LDAP_LIB, LDAPSearch = get_ldap_lib()
return self.LDAP_USER_FILTER and LDAPSearch(
self.LDAP_USER_BASE,
LDAP_LIB.SCOPE_SUBTREE, # type: ignore
'(&(' + self.LDAP_USERNAME_ATTR + '=%(user)s)' + self.LDAP_USER_FILTER + ')',
)
return None
LDAP_CONFIG = LdapConfig()