support impersonating other users.

app/ldap_authentication/authenticator.py

@@ -8,6 +8,11 @@ from ldap.ldapobject import SimpleLDAPObject
 
 from app.protocols import Authenticator
 
+# Impersonation constants
+IMPERSONATION_PATTERN = r"([a-z0-9]+) as ([a-z0-9]+)"
+IMPERSONATORS = ["ac4014", "infosys", "ip914", "jsbailey", "ld507", "rbc"]
+
+
 # Used to parse key-value LDAP attributes
 ATTRIBUTE_PATTERN = r"([A-Za-z0-9]+)=([A-Za-z0-9-@]+)"
 USERNAME_FILTER_TEMPLATE = "(&(objectClass=user)(sAMAccountName=%s))"
@@ -71,12 +76,18 @@ class DocLdapAuthenticator(Authenticator):
         :param attributes: names of the attributes to filter for
         :return: attr_name -> attr_value dict for given username
         """
+        logging_in_as = username
+        users = re.match(IMPERSONATION_PATTERN, username)
+        if users:
+            impersonator, impersonated = users.groups()
+            username = impersonator
+            logging_in_as = impersonated if impersonator in IMPERSONATORS else impersonator
         connection = ldap.initialize(self.server_url)
         connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
         connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
         connection.simple_bind_s(BINDING_TEMPLATE % username, password)
         attributes = serialise_ldap_attributes(
-            self._raw_attributes(username, query_attrs, connection)
+            self._raw_attributes(logging_in_as, query_attrs, connection)
         )
         connection.unbind_s()
         return attributes

app/models/administration.py

@@ -2,7 +2,7 @@ from ..database import db
 
 
 class AuthenticatedUser(db.Model):
-    username = db.Column(db.String(10), primary_key=True)
+    username = db.Column(db.String(20), primary_key=True)
     firstname = db.Column(db.String)
     surname = db.Column(db.String)
     role = db.Column(db.String, nullable=False)

migrations/versions/c7458a7dd4d8_increase_length_of_authenticated_user.py

+"""Increase length of authenticated user.
+
+Revision ID: c7458a7dd4d8
+Revises: 39059e9c2ab2
+Create Date: 2022-11-07 17:10:21.574512
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "c7458a7dd4d8"
+down_revision = "39059e9c2ab2"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column(
+        "authenticated_user",
+        "username",
+        existing_type=sa.VARCHAR(length=10),
+        type_=sa.String(length=20),
+        existing_nullable=False,
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column(
+        "authenticated_user",
+        "username",
+        existing_type=sa.String(length=20),
+        type_=sa.VARCHAR(length=10),
+        existing_nullable=False,
+    )
+    # ### end Alembic commands ###