Skip to content

Commit

Permalink
Ldap authentication bug fixed
Browse files Browse the repository at this point in the history
  • Loading branch information
@guimorone
guimorone committed Apr 10, 2023
1 parent 6f9eca3 commit 8dd50bb
Show file tree
Hide file tree
Showing 5 changed files with 73 additions and 59 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ jobs:
uses: marvinpinto/[email protected]
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
title: 'v1.1.3 DynamoDB resource bug fixed'
title: 'v1.1.4 Ldap authentication bug fixed'
prerelease: false
automatic_release_tag: v1.1.3
automatic_release_tag: v1.1.4
files: |
LICENSE
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "pyscora-wrangler"
version = "1.1.3"
version = "1.1.4"
description = "Python lib for DE"
authors = ["Oncase <[email protected]>"]
maintainers = ["Guilherme Morone <[email protected]>"]
Expand Down
102 changes: 52 additions & 50 deletions pyscora_wrangler/aws/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
# AWS

This module contains a set of functions to interact with AWS services.

# Athena
## Athena

See `./athena/__init__.py` for more details.

# Cognito
## Cognito

## `add_user_to_group`
### `add_user_to_group`

### Adds the specified user to the specified group
#### Adds the specified user to the specified group

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :--------------------------------: | :------: | :-----: |
Expand All @@ -21,17 +23,17 @@ Calling this action requires developer credentials.
| `group_name` | `str` | The group name | `True` | `-` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`None`

## `authenticate_user`
### `authenticate_user`

### Initiates the authentication flow, as an administrator
#### Initiates the authentication flow, as an administrator

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-----------------: | :---------------------: | :------------------------------------------------------------------------------------: | :------: | :-----------------: |
Expand All @@ -43,17 +45,17 @@ Calling this action requires developer credentials.
| `app_client_secret` | `str` | The app client secret, if configured | `False` | `None` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`Dict[str, Any]`: Initiates the authentication response, as an administrator.

## `create_group`
### `create_group`

### Creates a new group in the specified user pool
#### Creates a new group in the specified user pool

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :----------------------------------------------: | :------: | :-----: |
Expand All @@ -62,13 +64,13 @@ Calling this action requires developer credentials.
| `description` | `str` | A string containing the description of the group | `False` | `''` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

## `create_user`
### `create_user`

### Creates a new user in the specified user pool
#### Creates a new user in the specified user pool

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :--------------------: | :---------------------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------: | :-----: |
Expand All @@ -78,17 +80,17 @@ Calling this action requires developer credentials.
| `force_alias_creation` | `bool` | TThis parameter is used only if the phone_number_verified or email_verified attribute is set to True. Otherwise, it is ignored | `False` | `False` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

#### Addition args can be found at [boto3 `admin_create_user` docs](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp/client/admin_create_user.html)
##### Addition args can be found at [boto3 `admin_create_user` docs](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp/client/admin_create_user.html)

### Returns
#### Returns

`Dict[str, Any]`: The newly created user.

## `get_all_users`
### `get_all_users`

### Lists the users in the Amazon Cognito user pool
#### Lists the users in the Amazon Cognito user pool

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-----------------: | :---------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------: | :-----: |
Expand All @@ -97,51 +99,51 @@ Calling this action requires developer credentials.
| `filter` | `str` | A filter string of the form “AttributeName Filter-Type “AttributeValue””. Quotation marks within the filter string must be escaped using the backslash () character | `False` | `''` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`List[Dict[str, Any]]`: The users returned in the request to list users.

## `get_user`
### `get_user`

### Gets the specified user by user name in a user pool as an administrator. Works on any user
#### Gets the specified user by user name in a user pool as an administrator. Works on any user

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :---------------------------------------------------------------------------------: | :------: | :-----: |
| `userpool_id` | `str` | The user pool ID for the user pool where you want to get information about the user | `True` | `-` |
| `username` | `str` | The user name of the user you want to retrieve | `True` | `-` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`Dict[str, Any]`: Represents the response from the server from the request to get the specified user as an administrator.

## `get_users_from_group`
### `get_users_from_group`

### Lists the users in the specified group
#### Lists the users in the specified group

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :-------------------------------------------------------------------------: | :------: | :-----: |
| `userpool_id` | `str` | The user pool ID for the user pool on which the search should be performed. | `True` | `-` |
| `group_name` | `str` | The name of the group | `True` | `-` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`List[Dict[str, Any]]`: The users returned in the request to list users.

## `remove_user_from_group`
### `remove_user_from_group`

### Removes the specified user from the specified group
#### Removes the specified user from the specified group

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :--------------------------------: | :------: | :-----: |
Expand All @@ -150,55 +152,55 @@ Calling this action requires developer credentials.
| `group_name` | `str` | The group name | `True` | `-` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`None`

## `remove_user_from_userpool`
### `remove_user_from_userpool`

### Deletes a user as an administrator. Works on any user
#### Deletes a user as an administrator. Works on any user

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :------------------------------------------------------------------: | :------: | :-----: |
| `userpool_id` | `str` | The user pool ID for the user pool where you want to delete the user | `True` | `-` |
| `username` | `str` | The user name of the user you want to delete | `True` | `-` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`None`

## `resend_confirmation_code`
### `resend_confirmation_code`

### Resends the confirmation (for confirmation of registration) to a specific user in the user pool
#### Resends the confirmation (for confirmation of registration) to a specific user in the user pool

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :-------------------------------------------------------------------------------: | :------: | :-----: |
| `client_id` | `str` | The ID of the client associated with the user pool | `True` | `-` |
| `username` | `str` | The username attribute of the user to whom you want to resend a confirmation code | `True` | `-` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`Dict[str, Any]`: The code delivery details returned by the server in response to the request to resend the confirmation code.

## `set_user_password`
### `set_user_password`

### Sets the specified user's password in a user pool as an administrator. Works on any user
#### Sets the specified user's password in a user pool as an administrator. Works on any user

#### The password can be temporary or permanent. If it is temporary, the user status enters the `FORCE_CHANGE_PASSWORD` state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password.
##### The password can be temporary or permanent. If it is temporary, the user status enters the `FORCE_CHANGE_PASSWORD` state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password.

#### Once the user has set a new password, or the password is permanent, the user status is set to `Confirmed`.
##### Once the user has set a new password, or the password is permanent, the user status is set to `Confirmed`.

Calling this action requires developer credentials.

### Parameters
#### Parameters

| Name | Type | Description | Required | Default |
| :-------------: | :---------------------: | :--------------------------------------------------------------------------: | :------: | :-----: |
Expand All @@ -208,14 +210,14 @@ Calling this action requires developer credentials.
| `permanent` | `bool` | `True` if the password is permanent, `False` if it is temporary | `True` | `True` |
| `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` |

### Returns
#### Returns

`None`

# DynamoDB
## DynamoDB

See `./dynamodb/__init__.py` for more details.

# Other Services
## Other Services

Check out [boto3 docs](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) and [awswrangler docs](https://pypi.org/project/awswrangler/) for more information.
4 changes: 3 additions & 1 deletion pyscora_wrangler/ldap/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Ldap

Services and functions to simplify ldap management, including extracting ldap infos.

# LdapService
## LdapService

Class with utils ldap methods.

Expand Down
20 changes: 15 additions & 5 deletions pyscora_wrangler/ldap/service/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ def is_user_authenticated(self) -> bool:
return self.__user_is_authenticated

def auth(self, username: str, password: str) -> bool:
"""Authenticate user to ldap server
"""Authenticate user to ldap server in SIMPLE mode
Args:
username (str): The user `username`.
Expand All @@ -122,7 +122,6 @@ def auth(self, username: str, password: str) -> bool:

raise ValueError('Invalid credentials.')

root_dn = self.ldap_config.get('root_dn', '')
port = int(self.ldap_config.get('port', 389))
server_alias = self.ldap_config.get('server_alias', [])

Expand All @@ -135,10 +134,12 @@ def auth(self, username: str, password: str) -> bool:
else None,
)

self.__ldap_user = f'CN={self.__ldap_username},{root_dn}'

self.__ldap_connection = Connection(
server, user=self.__ldap_user, password=self.__ldap_password, raise_exceptions=False
server,
user=self.__ldap_username,
password=self.__ldap_password,
authentication='SIMPLE',
raise_exceptions=False,
)

if self.__ldap_connection.bind():
Expand All @@ -151,6 +152,15 @@ def auth(self, username: str, password: str) -> bool:

return self.is_user_authenticated()

def logout(self) -> None:
"""Unbind the connect to the ldap server"""

if self.__ldap_connection:
try:
self.__ldap_connection.unbind()
except Exception as err:
logger.error(f'[logout] {err}')

def get_ldap_groups(self) -> List[str]:
"""Returns A list containing the ldap groups."""

Expand Down

0 comments on commit 8dd50bb

Please sign in to comment.