Merge branch 'impersonating-other-users' into 'master'

support impersonating other users. See merge request !12

Merge branch 'impersonating-other-users' into 'master'
eb86bb8c · Ivan Procaccini · 965f12e6 · 3fa05936 · eb86bb8c · eb86bb8c
Commit eb86bb8c authored 2 years ago by Ivan Procaccini
--- a/app/ldap_authentication/authenticator.py
+++ b/app/ldap_authentication/authenticator.py
@@ -8,6 +8,11 @@ from ldap.ldapobject import SimpleLDAPObject

 from app.protocols import Authenticator

+# Impersonation constants
+IMPERSONATION_PATTERN = r"([a-z0-9]+) as ([a-z0-9]+)"
+IMPERSONATORS = ["ac4014", "infosys", "ip914", "jsbailey", "ld507", "rbc"]
+
+
 # Used to parse key-value LDAP attributes
 ATTRIBUTE_PATTERN = r"([A-Za-z0-9]+)=([A-Za-z0-9-@]+)"
 USERNAME_FILTER_TEMPLATE = "(&(objectClass=user)(sAMAccountName=%s))"
@@ -71,12 +76,18 @@ class DocLdapAuthenticator(Authenticator):
        :param attributes: names of the attributes to filter for
        :return: attr_name -> attr_value dict for given username
        """
+        logging_in_as = username
+        users = re.match(IMPERSONATION_PATTERN, username)
+        if users:
+            impersonator, impersonated = users.groups()
+            username = impersonator
+            logging_in_as = impersonated if impersonator in IMPERSONATORS else impersonator
        connection = ldap.initialize(self.server_url)
        connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
        connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
        connection.simple_bind_s(BINDING_TEMPLATE % username, password)
        attributes = serialise_ldap_attributes(
-            self._raw_attributes(username, query_attrs, connection)
+            self._raw_attributes(logging_in_as, query_attrs, connection)
        )
        connection.unbind_s()
        return attributes

--- a/app/models/administration.py
+++ b/app/models/administration.py
@@ -2,7 +2,7 @@ from ..database import db


 class AuthenticatedUser(db.Model):
-    username = db.Column(db.String(10), primary_key=True)
+    username = db.Column(db.String(20), primary_key=True)
    firstname = db.Column(db.String)
    surname = db.Column(db.String)
    role = db.Column(db.String, nullable=False)

--- a/migrations/versions/c7458a7dd4d8_increase_length_of_authenticated_user.py
+++ b/migrations/versions/c7458a7dd4d8_increase_length_of_authenticated_user.py
+"""Increase length of authenticated user.
+
+Revision ID: c7458a7dd4d8
+Revises: 39059e9c2ab2
+Create Date: 2022-11-07 17:10:21.574512
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "c7458a7dd4d8"
+down_revision = "39059e9c2ab2"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column(
+        "authenticated_user",
+        "username",
+        existing_type=sa.VARCHAR(length=10),
+        type_=sa.String(length=20),
+        existing_nullable=False,
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column(
+        "authenticated_user",
+        "username",
+        existing_type=sa.String(length=20),
+        type_=sa.VARCHAR(length=10),
+        existing_nullable=False,
+    )
+    # ### end Alembic commands ###