fix[__init__.py]: correct check if accessGroupFilter and accessGroupAttribute is not set

fix[__init__.py]: correct ldap search when no accessGroupAttribute is set
--- a/radicale-auth-ldap/init.py
+++ b/radicale-auth-ldap/init.py
@ -0,0 +1,141 @@
 from radicale.auth import BaseAuth
 from radicale.log import logger

 import ldap3

 PLUGIN_CONFIG_SCHEMA = {"auth": {
    "ldap_server_url": {
        "value": None,
        "type": str},
    "ldap_binddn": {
        "value": None,
        "type": str},
    "ldap_secret": {
        "value": None,
        "type": str},
    "ldap_search_base": {
        "value": None,
        "type": str},
    "ldap_user_filter": {
        "value": None,
        "type": str},
    "ldap_user_attribute": {
        "value": None,
        "type": str},
    "ldap_access_group_filter": {
        "value": "None",
        "type": str},
    "ldap_access_group_attribute": {
        "value": "None",
        "type": str}}}

 class Auth(BaseAuth):
    def __init__(self, configuration):
        super().__init__(configuration.copy(PLUGIN_CONFIG_SCHEMA))

    def login(self, user, password):
        """Check if ``user``/``password`` couple is valid."""
        serverUrl = self.configuration.get("auth", "ldap_server_url")
        binddn = self.configuration.get("auth", "ldap_binddn")
        secret = self.configuration.get("auth", "ldap_secret")
        searchBase = self.configuration.get("auth", "ldap_search_base")
        userFilter = self.configuration.get("auth", "ldap_user_filter")
        userAttribute = self.configuration.get("auth", "ldap_user_attribute")
        accessGroupFilter = self.configuration.get("auth", "ldap_access_group_filter")
        accessGroupAttribute = self.configuration.get("auth", "ldap_access_group_attribute")

        logger.info("LDAP: start connection")
        logger.debug("LDAP: server URL: %s" % serverUrl)
        logger.debug("LDAP: binddn: %s" % binddn)
        logger.debug("LDAP: secret: %s" % secret)
        ## TODO: check for errors
        server = ldap3.Server(serverUrl)
        conn = ldap3.Connection(server, binddn, secret)
        conn.bind()
        result = conn.result

        logger.info("LDAP: connection successful")
        logger.debug("LDAP bind result: %s" % str(result))

        if result['description'] == "invalidCredentials":
            logger.warning("LDAP: binddn credentials are invalid")
            return ""

        if (not accessGroupFilter == "None") and (not accessGroupAttribute == "None"):
            logger.debug("LDAP access group filter: %s" % accessGroupFilter)
            logger.debug("LDAP access group attribute: %s" % accessGroupAttribute)

            logger.debug("LDAP: search access group")
            conn.search(searchBase, accessGroupFilter)
            numberOfResponseEntries = len(conn.response)

            # ~ logger.debug("LDAP:")
            logger.debug("LDAP search result: %s" % str(conn.result))
            logger.debug("LDAP number of response entries: %s" % str(numberOfResponseEntries))

            if numberOfResponseEntries > 0:
                if numberOfResponseEntries == 1:
                    accessGroupDn = conn.response[0]['dn']
                    logger.debug("LDAP access group DN: %s" % accessGroupDn)
                else:
                    logger.warning("LDAP: more than 1 group found")
                    return ""
            else:
                logger.warning("LDAP: no group found")
                return ""

        logger.debug("LDAP user filter: %s" % userFilter)
        logger.debug("LDAP user attribute: %s" % userAttribute)

        logger.debug("LDAP: search user %s" % user)
        if (not accessGroupFilter == "None") and (not accessGroupAttribute == "None"):
            conn.search(searchBase, userFilter.format(name=user), attributes=[userAttribute, accessGroupAttribute])
        else:
            conn.search(searchBase, userFilter.format(name=user), attributes=[userAttribute])
        numberOfResponseEntries = len(conn.response)

        logger.debug("LDAP search result: %s" % str(conn.result))
        logger.debug("LDAP number of response entries: %s" % str(numberOfResponseEntries))

        if numberOfResponseEntries > 0:
            if numberOfResponseEntries == 1:
                userDn = conn.response[0]['dn']
                userAttributeValue = conn.response[0]['attributes'][userAttribute]
                logger.debug("LDAP user DN: %s" % userDn)

                if (not accessGroupFilter == "None") and (not accessGroupAttribute == "None"):
                    userMemberOf = conn.response[0]['attributes'][accessGroupAttribute]

                    userIsInAccessGroup = False
                    for group in userMemberOf:
                        if group == accessGroupDn:
                            userIsInAccessGroup = True
                            break

                    if userIsInAccessGroup:
                        logger.debug("LDAP: user is in access group")
                    else:
                        logger.debug("LDAP: user is NOT in access group")
                        return ""
            else:
                logger.warning("LDAP: more than 1 user found")
                return ""
        else:
            logger.warning("LDAP: no user found")
            return ""

        logger.debug("LDAP: restart connection for user")
        ## TODO: check for errors
        server = ldap3.Server(serverUrl)
        conn = ldap3.Connection(server, userDn, password)
        conn.bind()
        result = conn.result

        logger.debug("LDAP bind result: %s" % str(result))

        if result['description'] == "invalidCredentials":
            logger.warning("LDAP: user credentials are invalid")
            return ""
        else:
            logger.info("LDAP: user successful verified")
            return userAttributeValue
--- a/setup.py
+++ b/setup.py
@ -0,0 +1,11 @@
 #!/usr/bin/env python3

 from distutils.core import setup

 setup(
    name="radicale-auth-ldap",
    version="0.1",
    description="LDAP Authentication Plugin for Radicale 3",
    author="Dennis Buchhorn",
    install_requires=["radicale >= 3.0", "ldap3 >= 2.3"],
    packages=["radicale-auth-ldap"])
Author	SHA1	Message	Date
Dennis Buchhorn	f9fbb8a0c7	fix[__init__.py]: correct check if accessGroupFilter and accessGroupAttribute is not set	10 months ago
Dennis Buchhorn	62484e45d8	fix[__init__.py]: correct ldap search when no accessGroupAttribute is set	10 months ago
Dennis Buchhorn	bfcf711e77	fix[__init__.py]: correct check if accessGroupFilter and accessGroupAttribute is not set	10 months ago
Dennis Buchhorn	e3c66e7f37	fix[__init__.py]: correct check if accessGroupFilter and accessGroupAttribute is not set	10 months ago
Dennis Buchhorn	3c33627ead	fix[__init__.py]: correct check if accessGroupFilter is not set	10 months ago
Dennis Buchhorn	f2c0602e09	feat[__init__.py]: add more logging	10 months ago
Dennis Buchhorn	61516154d2	feat[-multiple-]: create first version	10 months ago