more ldap migration

2022-06-18 19:35:05 +02:00 · 2022-06-18 19:35:05 +02:00 · c6042973fe
commit c6042973fe
parent 927562fecb
7 changed files with 55 additions and 31 deletions
--- a/lenticular_cloud/migrations/versions/0518a8625b50_remove_ldap_add_rest_to_db.py
+++ b/lenticular_cloud/migrations/versions/0518a8625b50_remove_ldap_add_rest_to_db.py
@ -7,6 +7,12 @@ Create Date: 2022-06-17 13:15:33.450531
 """
 from alembic import op
 import sqlalchemy as sa
+from flask import current_app
+from lenticular_cloud.model import User
+from ldap3_orm import AttrDef, EntryBase as _EntryBase, ObjectDef, EntryType
+from ldap3_orm import Reader
+from ldap3 import Connection, Server, ALL
+import logging


 # revision identifiers, used by Alembic.
@ -17,6 +23,14 @@ depends_on = None


 def upgrade():
+    app = current_app
+    server = Server(app.config['LDAP_URL'], get_info=ALL)
+    ldap_conn = Connection(server, app.config['LDAP_BIND_DN'], app.config['LDAP_BIND_PW'], auto_bind=True) # TODO auto_bind read docu
+    base_dn = app.config['LDAP_BASE_DN']
+    object_def = ObjectDef(["inetOrgPerson"], ldap_conn)
+    user_base_dn = f"ou=users,{base_dn}"
+
+
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_table('app_token',
    sa.Column('id', sa.Integer(), nullable=False),
@ -36,8 +50,21 @@ def upgrade():
    op.add_column('user', sa.Column('enabled', sa.Boolean(), server_default="false", nullable=True))
    # ### end Alembic commands ###

-    op.execute("UPDATE `user` SET enabled= 1;")
-    #op.execute('UPDATE `user` SET password_hashed = "";')
+    op.execute(User.__table__.update().values({'enabled': True}))
+    conn = op.get_bind()
+    users = conn.execute(User.__table__.select())
+
+    for user in users:
+        print(f"migrating user {user.username}")
+        reader = Reader(ldap_conn, object_def, user_base_dn, f'(uid={user.username})')
+        result = reader.search()
+        if len(result) == 0:
+            print(f"WARNING: could not migrate user {user.username}")
+            continue
+        ldap_object = result[0]
+        password_hashed = ldap_object.userPassword[0].decode().replace('{CRYPT}','')
+        op.execute(User.__table__.update().values({'password_hashed': password_hashed}).where(User.id == user.id))
+


 def downgrade():