mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-05-18 20:29:44 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
b7f6ac4b7e40ef153c2fd4288edf36684c394f1b
TimeTracker/app/utils/auth_method.py
T
Dries Peeters e34a668ddc feat(auth): add LDAP directory authentication 
Introduce AUTH_METHOD values ldap and all, with LDAP_* environment settings, ldap3-based LDAPService (search, optional groupOfNames checks, user bind, DB sync), and users.auth_provider (local|oidc|ldap) via migration 153_add_user_auth_provider.

Login supports LDAP-only and combined all (local then LDAP where appropriate); OIDC callback sets auth_provider. Forgot/reset/change password flows skip LDAP-managed accounts. Admin System Settings gains a read-only LDAP summary and POST /admin/ldap/test. Production env validation requires core LDAP variables when LDAP is enabled; OIDC registration and docs recognize all.

Documentation: new docs/admin/configuration/LDAP_SETUP.md; updates to OIDC_SETUP, GETTING_STARTED, Docker guides, Render deploy notes, docs README, and CHANGELOG. Tests: tests/test_ldap_auth.py; test_oidc_logout allows auth_method all.
2026-04-27 19:08:08 +02:00

43 lines
1.4 KiB
Python
Raw Blame History

"""Helpers for AUTH_METHOD parsing (none | local | oidc | ldap | both | all)."""
from __future__ import annotations
_VALID = frozenset({"none", "local", "oidc", "ldap", "both", "all"})
def normalize_auth_method(raw: str | None) -> str:
"""Return a valid auth method string; unknown values become 'local' in non-production via caller."""
s = (raw or "local").strip().lower()
return s if s in _VALID else "local"
def auth_includes_local(auth_method: str | None) -> bool:
m = normalize_auth_method(auth_method)
return m in ("local", "both", "all")
def auth_includes_oidc(auth_method: str | None) -> bool:
m = normalize_auth_method(auth_method)
return m in ("oidc", "both", "all")
def auth_includes_ldap(auth_method: str | None) -> bool:
m = normalize_auth_method(auth_method)
return m in ("ldap", "all")
def requires_password_form(auth_method: str | None) -> bool:
"""True when login form should collect a password (local, ldap, or combined modes)."""
m = normalize_auth_method(auth_method)
return m in ("local", "both", "ldap", "all")
def forgot_password_available(auth_method: str | None) -> bool:
"""Forgot-password link when any local-password account may exist."""
return auth_includes_local(auth_method)
def ldap_enabled_from_auth_method(auth_method: str | None) -> bool:
"""LDAP auth is active for this AUTH_METHOD (same as Config LDAP_ENABLED)."""
return auth_includes_ldap(auth_method)
Reference in New Issue View Git Blame Copy Permalink