From 8dd50bb76ac9ed8e6c697038f06825f1d38953db Mon Sep 17 00:00:00 2001 From: Guilherme Morone Date: Mon, 10 Apr 2023 15:50:40 -0300 Subject: [PATCH] Ldap authentication bug fixed --- .github/workflows/publish.yml | 4 +- pyproject.toml | 2 +- pyscora_wrangler/aws/README.md | 102 +++++++++++----------- pyscora_wrangler/ldap/README.md | 4 +- pyscora_wrangler/ldap/service/__init__.py | 20 +++-- 5 files changed, 73 insertions(+), 59 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ab1dd67..81ea494 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -35,8 +35,8 @@ jobs: uses: marvinpinto/action-automatic-releases@v1.2.1 with: repo_token: ${{ secrets.GITHUB_TOKEN }} - title: 'v1.1.3 DynamoDB resource bug fixed' + title: 'v1.1.4 Ldap authentication bug fixed' prerelease: false - automatic_release_tag: v1.1.3 + automatic_release_tag: v1.1.4 files: | LICENSE diff --git a/pyproject.toml b/pyproject.toml index 47a3295..53f6f64 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "pyscora-wrangler" -version = "1.1.3" +version = "1.1.4" description = "Python lib for DE" authors = ["Oncase "] maintainers = ["Guilherme Morone "] diff --git a/pyscora_wrangler/aws/README.md b/pyscora_wrangler/aws/README.md index e0256fa..cf88016 100644 --- a/pyscora_wrangler/aws/README.md +++ b/pyscora_wrangler/aws/README.md @@ -1,18 +1,20 @@ +# AWS + This module contains a set of functions to interact with AWS services. -# Athena +## Athena See `./athena/__init__.py` for more details. -# Cognito +## Cognito -## `add_user_to_group` +### `add_user_to_group` -### Adds the specified user to the specified group +#### Adds the specified user to the specified group Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :--------------------------------: | :------: | :-----: | @@ -21,17 +23,17 @@ Calling this action requires developer credentials. | `group_name` | `str` | The group name | `True` | `-` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `None` -## `authenticate_user` +### `authenticate_user` -### Initiates the authentication flow, as an administrator +#### Initiates the authentication flow, as an administrator Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-----------------: | :---------------------: | :------------------------------------------------------------------------------------: | :------: | :-----------------: | @@ -43,17 +45,17 @@ Calling this action requires developer credentials. | `app_client_secret` | `str` | The app client secret, if configured | `False` | `None` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `Dict[str, Any]`: Initiates the authentication response, as an administrator. -## `create_group` +### `create_group` -### Creates a new group in the specified user pool +#### Creates a new group in the specified user pool Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :----------------------------------------------: | :------: | :-----: | @@ -62,13 +64,13 @@ Calling this action requires developer credentials. | `description` | `str` | A string containing the description of the group | `False` | `''` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -## `create_user` +### `create_user` -### Creates a new user in the specified user pool +#### Creates a new user in the specified user pool Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :--------------------: | :---------------------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------: | :-----: | @@ -78,17 +80,17 @@ Calling this action requires developer credentials. | `force_alias_creation` | `bool` | TThis parameter is used only if the phone_number_verified or email_verified attribute is set to True. Otherwise, it is ignored | `False` | `False` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -#### Addition args can be found at [boto3 `admin_create_user` docs](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp/client/admin_create_user.html) +##### Addition args can be found at [boto3 `admin_create_user` docs](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp/client/admin_create_user.html) -### Returns +#### Returns `Dict[str, Any]`: The newly created user. -## `get_all_users` +### `get_all_users` -### Lists the users in the Amazon Cognito user pool +#### Lists the users in the Amazon Cognito user pool -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-----------------: | :---------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------: | :-----: | @@ -97,17 +99,17 @@ Calling this action requires developer credentials. | `filter` | `str` | A filter string of the form “AttributeName Filter-Type “AttributeValue””. Quotation marks within the filter string must be escaped using the backslash () character | `False` | `''` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `List[Dict[str, Any]]`: The users returned in the request to list users. -## `get_user` +### `get_user` -### Gets the specified user by user name in a user pool as an administrator. Works on any user +#### Gets the specified user by user name in a user pool as an administrator. Works on any user Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :---------------------------------------------------------------------------------: | :------: | :-----: | @@ -115,15 +117,15 @@ Calling this action requires developer credentials. | `username` | `str` | The user name of the user you want to retrieve | `True` | `-` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `Dict[str, Any]`: Represents the response from the server from the request to get the specified user as an administrator. -## `get_users_from_group` +### `get_users_from_group` -### Lists the users in the specified group +#### Lists the users in the specified group -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :-------------------------------------------------------------------------: | :------: | :-----: | @@ -131,17 +133,17 @@ Calling this action requires developer credentials. | `group_name` | `str` | The name of the group | `True` | `-` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `List[Dict[str, Any]]`: The users returned in the request to list users. -## `remove_user_from_group` +### `remove_user_from_group` -### Removes the specified user from the specified group +#### Removes the specified user from the specified group Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :--------------------------------: | :------: | :-----: | @@ -150,17 +152,17 @@ Calling this action requires developer credentials. | `group_name` | `str` | The group name | `True` | `-` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `None` -## `remove_user_from_userpool` +### `remove_user_from_userpool` -### Deletes a user as an administrator. Works on any user +#### Deletes a user as an administrator. Works on any user Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :------------------------------------------------------------------: | :------: | :-----: | @@ -168,15 +170,15 @@ Calling this action requires developer credentials. | `username` | `str` | The user name of the user you want to delete | `True` | `-` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `None` -## `resend_confirmation_code` +### `resend_confirmation_code` -### Resends the confirmation (for confirmation of registration) to a specific user in the user pool +#### Resends the confirmation (for confirmation of registration) to a specific user in the user pool -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :-------------------------------------------------------------------------------: | :------: | :-----: | @@ -184,21 +186,21 @@ Calling this action requires developer credentials. | `username` | `str` | The username attribute of the user to whom you want to resend a confirmation code | `True` | `-` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `Dict[str, Any]`: The code delivery details returned by the server in response to the request to resend the confirmation code. -## `set_user_password` +### `set_user_password` -### Sets the specified user's password in a user pool as an administrator. Works on any user +#### Sets the specified user's password in a user pool as an administrator. Works on any user -#### The password can be temporary or permanent. If it is temporary, the user status enters the `FORCE_CHANGE_PASSWORD` state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password. +##### The password can be temporary or permanent. If it is temporary, the user status enters the `FORCE_CHANGE_PASSWORD` state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password. -#### Once the user has set a new password, or the password is permanent, the user status is set to `Confirmed`. +##### Once the user has set a new password, or the password is permanent, the user status is set to `Confirmed`. Calling this action requires developer credentials. -### Parameters +#### Parameters | Name | Type | Description | Required | Default | | :-------------: | :---------------------: | :--------------------------------------------------------------------------: | :------: | :-----: | @@ -208,14 +210,14 @@ Calling this action requires developer credentials. | `permanent` | `bool` | `True` if the password is permanent, `False` if it is temporary | `True` | `True` | | `boto3_session` | `boto3.session.Session` | Custom boto3 session | `False` | `None` | -### Returns +#### Returns `None` -# DynamoDB +## DynamoDB See `./dynamodb/__init__.py` for more details. -# Other Services +## Other Services Check out [boto3 docs](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) and [awswrangler docs](https://pypi.org/project/awswrangler/) for more information. diff --git a/pyscora_wrangler/ldap/README.md b/pyscora_wrangler/ldap/README.md index b270d1d..2a1991c 100644 --- a/pyscora_wrangler/ldap/README.md +++ b/pyscora_wrangler/ldap/README.md @@ -1,6 +1,8 @@ +# Ldap + Services and functions to simplify ldap management, including extracting ldap infos. -# LdapService +## LdapService Class with utils ldap methods. diff --git a/pyscora_wrangler/ldap/service/__init__.py b/pyscora_wrangler/ldap/service/__init__.py index 5ab310e..f2d66e4 100644 --- a/pyscora_wrangler/ldap/service/__init__.py +++ b/pyscora_wrangler/ldap/service/__init__.py @@ -98,7 +98,7 @@ def is_user_authenticated(self) -> bool: return self.__user_is_authenticated def auth(self, username: str, password: str) -> bool: - """Authenticate user to ldap server + """Authenticate user to ldap server in SIMPLE mode Args: username (str): The user `username`. @@ -122,7 +122,6 @@ def auth(self, username: str, password: str) -> bool: raise ValueError('Invalid credentials.') - root_dn = self.ldap_config.get('root_dn', '') port = int(self.ldap_config.get('port', 389)) server_alias = self.ldap_config.get('server_alias', []) @@ -135,10 +134,12 @@ def auth(self, username: str, password: str) -> bool: else None, ) - self.__ldap_user = f'CN={self.__ldap_username},{root_dn}' - self.__ldap_connection = Connection( - server, user=self.__ldap_user, password=self.__ldap_password, raise_exceptions=False + server, + user=self.__ldap_username, + password=self.__ldap_password, + authentication='SIMPLE', + raise_exceptions=False, ) if self.__ldap_connection.bind(): @@ -151,6 +152,15 @@ def auth(self, username: str, password: str) -> bool: return self.is_user_authenticated() + def logout(self) -> None: + """Unbind the connect to the ldap server""" + + if self.__ldap_connection: + try: + self.__ldap_connection.unbind() + except Exception as err: + logger.error(f'[logout] {err}') + def get_ldap_groups(self) -> List[str]: """Returns A list containing the ldap groups."""