Skip to content
Snippets Groups Projects
Commit eb86bb8c authored by Ivan Procaccini's avatar Ivan Procaccini :computer:
Browse files

Merge branch 'impersonating-other-users' into 'master'

support impersonating other users.

See merge request !12
parents 965f12e6 3fa05936
No related branches found
No related tags found
1 merge request!12support impersonating other users.
Pipeline #329565 passed
......@@ -8,6 +8,11 @@ from ldap.ldapobject import SimpleLDAPObject
from app.protocols import Authenticator
# Impersonation constants
IMPERSONATION_PATTERN = r"([a-z0-9]+) as ([a-z0-9]+)"
IMPERSONATORS = ["ac4014", "infosys", "ip914", "jsbailey", "ld507", "rbc"]
# Used to parse key-value LDAP attributes
ATTRIBUTE_PATTERN = r"([A-Za-z0-9]+)=([A-Za-z0-9-@]+)"
USERNAME_FILTER_TEMPLATE = "(&(objectClass=user)(sAMAccountName=%s))"
......@@ -71,12 +76,18 @@ class DocLdapAuthenticator(Authenticator):
:param attributes: names of the attributes to filter for
:return: attr_name -> attr_value dict for given username
"""
logging_in_as = username
users = re.match(IMPERSONATION_PATTERN, username)
if users:
impersonator, impersonated = users.groups()
username = impersonator
logging_in_as = impersonated if impersonator in IMPERSONATORS else impersonator
connection = ldap.initialize(self.server_url)
connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
connection.simple_bind_s(BINDING_TEMPLATE % username, password)
attributes = serialise_ldap_attributes(
self._raw_attributes(username, query_attrs, connection)
self._raw_attributes(logging_in_as, query_attrs, connection)
)
connection.unbind_s()
return attributes
......
......@@ -2,7 +2,7 @@ from ..database import db
class AuthenticatedUser(db.Model):
username = db.Column(db.String(10), primary_key=True)
username = db.Column(db.String(20), primary_key=True)
firstname = db.Column(db.String)
surname = db.Column(db.String)
role = db.Column(db.String, nullable=False)
......
"""Increase length of authenticated user.
Revision ID: c7458a7dd4d8
Revises: 39059e9c2ab2
Create Date: 2022-11-07 17:10:21.574512
"""
import sqlalchemy as sa
from alembic import op
# revision identifiers, used by Alembic.
revision = "c7458a7dd4d8"
down_revision = "39059e9c2ab2"
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column(
"authenticated_user",
"username",
existing_type=sa.VARCHAR(length=10),
type_=sa.String(length=20),
existing_nullable=False,
)
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column(
"authenticated_user",
"username",
existing_type=sa.String(length=20),
type_=sa.VARCHAR(length=10),
existing_nullable=False,
)
# ### end Alembic commands ###
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment