Commit 6f44b4b0 authored by nimrod's avatar nimrod
Browse files

First draft.

Depends on my fork of flask-simpleldap.
parent 84d359c6
Loading
Loading
Loading
Loading
Loading
+2 −0
Original line number Diff line number Diff line
*
!app.py
!requirements.txt
+12 −6
Original line number Diff line number Diff line
@@ -3,11 +3,13 @@ FROM registry.hub.docker.com/library/python:3.9-slim-buster as wheels
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y \
        build-essential \
        git \
        libldap2-dev \
        libsasl2-dev \
    ;
WORKDIR /wheels
RUN python3 -m pip wheel https://github.com/python-ldap/python-ldap/releases/download/python-ldap-3.3.1/python-ldap-3.3.1.tar.gz
RUN python3 -m pip wheel git+https://github.com/adarnimrod/flask-simpleldap.git@ldapi-support#egg=flask-simpleldap

FROM registry.hub.docker.com/library/python:3.9-slim-buster
# hadolint ignore=DL3008
@@ -15,13 +17,17 @@ RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        libldap-2.4-2 \
        libsasl2-2 \
        wget \
    && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --from=wheels /wheels/*.whl /wheels/
RUN pip install /wheels/*.whl
# hadolint ignore=DL3013
RUN pip install --no-cache-dir \
        flask \
        flask-ldap \
        gunicorn \
    ;
WORKDIR /app
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt
COPY * ./
USER nobody
EXPOSE 8080
ENV FORWARDED_ALLOW_IPS "*"
HEALTHCHECK CMD wget --spider --quiet http://localhost:8080/ping --user-agent 'Docker Healthcheck' || exit 1
CMD ["gunicorn", "--bind", "0.0.0.0:8080", "--log-file", "-", "--workers", "2", "app:app"]
+7 −0
Original line number Diff line number Diff line
@@ -4,6 +4,13 @@

LDAP authentication webserver to use with Nginx' auth\_request.

## Configuration

All of the configuration is done with environment variables. For the
complete list see <https://flask-simpleldap.readthedocs.io/en/latest/#configuration>
and
<https://flask.palletsprojects.com/en/1.1.x/config/#configuring-from-environment-variables>.

## License

This software is licensed under the MIT license (see `LICENSE.txt`).

app.py

0 → 100644
+51 −0
Original line number Diff line number Diff line
"""LDAP authentication webserver to use with Nginx' auth_request."""
# pylint: disable=import-error

import os
from flask import Flask
from flask_simpleldap import LDAP

app = Flask(__name__)
app.config["SECRET_KEY"] = os.getenv("SECRET_KEY", os.urandom(16))
app.config["LDAP_SCHEMA"] = os.getenv("LDAP_SCHEMA", "ldapi")
app.config["LDAP_HOST"] = os.getenv("LDAP_HOST", "localhost")
app.config["LDAP_PORT"] = int(os.getenv("LDAP_PORT", "389"))
app.config["LDAP_USERNAME"] = os.getenv("LDAP_USERNAME")
app.config["LDAP_PASSWORD"] = os.getenv("LDAP_PASSWORD")
app.config["LDAP_USE_TLS"] = (
    os.getenv("LDAP_USE_TLS", "false").lower() == "true"
)
app.config["LDAP_REQUIRE_CERT"] = (
    os.getenv("LDAP_REQUIRE_CERT", "false").lower() == "true"
)
app.config["LDAP_BASE_DN"] = os.getenv("LDAP_BASE_DN")
app.config["LDAP_REALM_NAME"] = os.getenv(
    "LDAP_REALM_NAME", "LDAP authentication"
)
app.config["LDAP_OPENLDAP"] = (
    os.getenv("LDAP_OPENLDAP", "false").lower() == "true"
)
app.config["LDAP_OBJECTS_DN"] = os.getenv(
    "LDAP_OBJECTS_DN", "distinguishedName"
)
app.config["LDAP_USER_OBJECT_FILTER"] = os.getenv(
    "LDAP_USER_OBJECT_FILTER", "(&(objectclass=Person)(userPrincipalName=%s))"
)

ldap = LDAP(app)


@app.route("/ping")
def ping():
    """Healthcheck."""
    return "pong"


@app.route("/validate")
@ldap.basic_auth_required
def login():
    return "OK"


if __name__ == "__main__":
    app.run()

requirements.txt

0 → 100644
+4 −0
Original line number Diff line number Diff line
flask
flask-simpleldap
gunicorn
python-ldap