I am trying to build user authentication in Flask app. The authentication needs to be done using the LDAP server. The documentation given on this
link is not very clear. It asks for the LDAP_USERNAME and LDAP_PASSWORD. Is this same as as username and password for a user? I want to fetch this from the login page which I was going to do using request.forms. :
#app.route('/login')
def login():
user = request.form['user_name']
password = request.form['password']
ldap_authenticate_user(user, password)
Has anyone successfully used the Flask-LDAP using flask-simpleldap ?
I wrote flask-simpleldap and just found this, I hope this will be useful for someone. LDAP_USERNAME and LDAP_PASSWORD are the credentials you use to bind to a directory server. It's usually a service account and it's the account that will be used to run queries against the directory server, e.g. search for users/groups, bind a user account etc.
There are some example apps in the github repo that should help you understand a bit better.
Related
I am creating an app that allows users to either login with a username and password, or through Google authentication. I have signup and login working for both flows. This is done by creating two separate login (and signup) endpoints for password and Google users.
I am now working on using dependency injection to allow users to request various endpoints which will decode their JWT and return the data if they are authenticated, as shown here: https://fastapi.tiangolo.com/tutorial/security/get-current-user/
This works fine for users that have logged in with a username and password, since this dependency uses OAuth2PasswordBearer.
However, this of course does not work with my Google users since
They don't have a password
The tokenUrl parameter for OAuth2PasswordBearer is set to my password users' login endpoint.
How can I achieve a get_logged_in_user(token: str = Depends(oauth2_scheme)) function that words both for users who have logged in with a password and those who have logged in through Google?
I'm using firebase auth sdk for an application and I'd like to log the user in. I cannot understand how it works.
To create a new user I run this code:
from firebase_admin import auth
....
def create_user(email, password):
user = auth.create_user(email=email, password=password)
return user
Now I'd like to log the user in. The auth doesn't have a method to log in the user. It has a auth.get_user_by_email(email) or some other methods to get user(s), but it has no method to check user's password. My application (API) gets email and password and I need to return the user if the email and password match.
How do I do this using the firebase sdk?
Thank you.
Logging into Firebase happens on the client, not on the server. So the Firebase Admin SDKs don't have a method to sign the user in, but all client-side SDKs (such as the Web/JavaScript SDK) have methods to sign in the user.
If you want to sign in a specific user from your Python code, you can call the REST API, or use a library like Pyrebase that wraps this REST API: https://github.com/thisbejim/Pyrebase#authentication.
I am making an API in Flask for a simple jQuery mobile + PhoneGap app to be packaged and downloaded. As I understand, all the calls to the database should be made with JavaScript, AJAX, and JSON. Since the app is about the user, and all of the views draw data from the logged user, I am not sure how to proceed with the authentication. As I understand, the workflow should be:
user logs in (json encoded username and password)
server generates token with expiration (i.e. 24h) for that user
this token is saved on the mobile app as a cookie or in localstorage
all of the calls to the server are done with this token which identifies the current user: /api/token=12345
when the toke expires, a new login prompt is required
I thought of implementing this with Flask-Security's authentication token. Is there a more straightforward way of accomplishing this?
Flask-JWT seems like a pretty straight-forward solution.
Then on the front end you can just add an HTTP interceptor to add X-Auth-Token to the headers or something.
I want to implement software client which will interact with django server. I need users loging in on client.
Is it possible check user is in database and its password, only with username and it's password ? Something like:
if user_valid(username, password):
do something;
I don't want to send open password, is it possible to send only it's hash? How can I obtain valid hash? The auth method in this case shoud be:
if user_valid(username, password_hash):
do something;
Check out https://github.com/jpulgarin/django-tokenapi
Basically you'll need to generate a token based on the user .. in the example below, the author is using user primarykey and password.
Example:
https://github.com/jpulgarin/django-tokenapi/blob/master/tokenapi/tokens.py#L15
Following that.. you can implement a custom authentication backend .. which will allow user to login using the generated token.
Example:
https://github.com/jpulgarin/django-tokenapi/blob/master/tokenapi/backends.py#L13
More information on custom authentication backend
https://docs.djangoproject.com/en/1.7/topics/auth/customizing/#customizing-authentication-in-django
I am planning on creating an application for the students of my school, and I want to restrict user registration to emails of the form person#myschool.edu. I would prefer to not manually create the user table and do the password hashing and such. Are there any libraries you can recommend for this?
Thanks for the help.
Sometimes, if you just send the user to a login screen you will end in a redirect loop if the user is already logged with a Google Account.
What i have found to be a good answer to this problem is to redirect the user to a log out page so he can later login with the domain you want.
I have used this for my code
user = users.get_current_user()
#Check if the user is in #mydomain.com
if user:
emailDomain = user.email().split("#")
if emailDomain[1] == "mydomain.com":
return True
else:
self.redirect(users.create_logout_url('/startPage'))
else:
self.redirect(users.create_login_url(self.request.uri))
This way, the application logs you out automatically and asks for your domain credentials
Since you said you don't know how the email are registered, that you don't want to manage a login/password database and you just need a regexp or somethings (I quote here!), I assume you could keep it very simple.
Something like.
user = users.get_current_user()
if user:
emailDomain = user.email().split("#")
if emailDomain == "yourschool.edu":
doSomething()
That way, all the trouble of registering to your app is given to the users (who will need to get a Google Account).