ldap-ui 0.9.1__py3-none-any.whl → 0.9.3__py3-none-any.whl

ldap_ui/__init__.py

@@ -1,14 +1 @@
-import uvicorn
-
-from . import settings
-
-__version__ = "0.9.1"
-
-
-def run():
-    uvicorn.run(
-        "ldap_ui.app:app",
-        log_level="info",
-        host="127.0.0.1" if settings.DEBUG else None,
-        port=5000,
-    )
+__version__ = "0.9.3"

ldap_ui/__main__.py

@@ -1,4 +1,69 @@
-from ldap_ui import run
+import click
+import uvicorn
+from uvicorn.main import LEVEL_CHOICES
+
+import ldap_ui
+
+from . import settings
+
+
+def print_version(ctx: click.Context, param: click.Parameter, value: bool) -> None:
+    if value:
+        click.echo(ldap_ui.__version__)
+        ctx.exit()
+
+
+@click.command()
+@click.option(
+    "-b",
+    "--base-dn",
+    type=str,
+    default=settings.BASE_DN,
+    help="LDAP base DN. Required unless the BASE_DN environment variable is set.",
+)
+@click.option(
+    "-h",
+    "--host",
+    type=str,
+    default="127.0.0.1",
+    help="Bind socket to this host.",
+    show_default=True,
+)
+@click.option(
+    "-p",
+    "--port",
+    type=int,
+    default=5000,
+    help="Bind socket to this port. If 0, an available port will be picked.",
+    show_default=True,
+)
+@click.option(
+    "-l",
+    "--log-level",
+    type=LEVEL_CHOICES,
+    default=None,
+    help="Log level. [default: info]",
+    show_default=True,
+)
+@click.option(
+    "--version",
+    is_flag=True,
+    callback=print_version,
+    expose_value=False,
+    is_eager=True,
+    help="Display the current version and exit.",
+)
+def main(base_dn, host, port, log_level):
+    if base_dn:
+        settings.BASE_DN = base_dn
+
+    uvicorn.run(
+        "ldap_ui.app:app",
+        log_level=log_level,
+        host=host,
+        port=port,
+    )
+
 
 if __name__ == "__main__":
-    run()
+    main()

ldap_ui/app.py

@@ -11,11 +11,13 @@ No sessions, no cookies, nothing else.
 import base64
 import binascii
 import contextlib
+import logging
+import sys
 from typing import AsyncGenerator
 
 import ldap
-import uvicorn
 from ldap.schema import SubSchema
+from pydantic import ValidationError
 from starlette.applications import Starlette
 from starlette.authentication import (
     AuthCredentials,
@@ -37,6 +39,12 @@ from . import settings
 from .ldap_api import api
 from .ldap_helpers import WITH_OPERATIONAL_ATTRS, empty, ldap_connect, unique
 
+LOG = logging.getLogger("ldap-ui")
+
+if settings.BASE_DN is None:
+    LOG.critical("An LDAP base DN is required!")
+    sys.exit(1)
+
 # Force authentication
 UNAUTHORIZED = Response(
     "Invalid credentials",
@@ -144,7 +152,7 @@ class CacheBustingMiddleware(BaseHTTPMiddleware):
         return response
 
 
-async def http_exception(_request: Request, exc: HTTPException):
+async def http_exception(_request: Request, exc: HTTPException) -> Response:
     "Send error responses"
     assert exc.status_code >= 400
     return PlainTextResponse(
@@ -154,11 +162,17 @@ async def http_exception(_request: Request, exc: HTTPException):
     )
 
 
-async def forbidden(_request: Request, exc: ldap.LDAPError):
+async def forbidden(_request: Request, exc: ldap.LDAPError) -> Response:
     "HTTP 403 Forbidden"
     return PlainTextResponse(ldap_exception_message(exc), status_code=403)
 
 
+async def http_422(_request: Request, e: ValidationError) -> Response:
+    "HTTP 422 Unprocessable Entity"
+    LOG.exception("Invalid request body", exc_info=e)
+    return Response(repr(e), status_code=422)
+
+
 @contextlib.asynccontextmanager
 async def lifespan(app):
     with ldap_connect() as connection:
@@ -181,6 +195,7 @@ app = Starlette(
     exception_handlers={
         HTTPException: http_exception,
         ldap.INSUFFICIENT_ACCESS: forbidden,
+        ValidationError: http_422,
     },
     lifespan=lifespan,
     middleware=(

ldap_ui/ldap_api.py

@@ -9,7 +9,7 @@ Asynchronous LDAP operations are used as much as possible.
 
 import base64
 import io
-from typing import Any, Optional, Tuple
+from typing import Any, Optional, Tuple, Union
 
 import ldap
 import ldif
@@ -17,6 +17,7 @@ from ldap.ldapobject import LDAPObject
 from ldap.modlist import addModlist, modifyModlist
 from ldap.schema import SubSchema
 from ldap.schema.models import AttributeType, LDAPSyntax, ObjectClass
+from pydantic import BaseModel, Field, TypeAdapter
 from starlette.datastructures import UploadFile
 from starlette.exceptions import HTTPException
 from starlette.requests import Request
@@ -144,6 +145,9 @@ def _entry(schema: SubSchema, res: Tuple[str, Any]) -> dict[str, Any]:
     }
 
 
+Entry = TypeAdapter(dict[str, list[bytes]])
+
+
 @api.route("/entry/{dn}", methods=("GET", "POST", "DELETE", "PUT"))
 async def entry(request: Request) -> Response:
     "Edit directory entries"
@@ -164,9 +168,9 @@ async def entry(request: Request) -> Response:
         return NO_CONTENT
 
     # Copy JSON payload into a dictionary of non-empty byte strings
-    json = await request.json()
+    json = Entry.validate_json(await request.body())
     req = {
-        k: [s.encode() for s in filter(None, v)]
+        k: [s for s in filter(None, v)]
         for k, v in json.items()
         if k not in PHOTOS and (k not in PASSWORDS or request.method == "PUT")
     }
@@ -277,8 +281,14 @@ async def ldifUpload(
     "Import LDIF"
 
     reader = LDIFReader(await request.body(), request.state.ldap)
-    reader.parse()
-    return NO_CONTENT
+    try:
+        reader.parse()
+        return NO_CONTENT
+    except ValueError as e:
+        return Response(e.args[0], status_code=422)
+
+
+Rdn = TypeAdapter(str)
 
 
 @api.route("/rename/{dn}", methods=("POST",))
@@ -286,16 +296,22 @@ async def rename(request: Request) -> JSONResponse:
     "Rename an entry"
 
     dn = request.path_params["dn"]
-    rdn = await request.json()
+    rdn = Rdn.validate_json(await request.body())
     connection = request.state.ldap
     await empty(connection, connection.rename(dn, rdn, delold=0))
     return NO_CONTENT
 
 
-def _cn(entry: dict) -> Optional[str]:
-    "Try to extract a CN"
-    if "cn" in entry and entry["cn"]:
-        return entry["cn"][0].decode()
+class ChangePasswordRequest(BaseModel):
+    old: str
+    new1: str
+
+
+class CheckPasswordRequest(BaseModel):
+    check: str = Field(min_length=1)
+
+
+PasswordRequest = TypeAdapter(Union[ChangePasswordRequest, CheckPasswordRequest])
 
 
 @api.route("/entry/password/{dn}", methods=("POST",))
@@ -303,22 +319,22 @@ async def passwd(request: Request) -> JSONResponse:
     "Update passwords"
 
     dn = request.path_params["dn"]
-    args = await request.json()
+    args = PasswordRequest.validate_json(await request.body())
 
-    if "check" in args:
+    if type(args) is CheckPasswordRequest:
         with ldap_connect() as con:
             try:
-                con.simple_bind_s(dn, args["check"])
+                con.simple_bind_s(dn, args.check)
                 return JSONResponse(True)
             except ldap.INVALID_CREDENTIALS:
                 return JSONResponse(False)
 
-    if "old" in args and "new1" in args:
+    else:
         connection = request.state.ldap
-        if args["new1"]:
+        if args.new1:
             await empty(
                 connection,
-                connection.passwd(dn, args.get("old") or None, args["new1"]),
+                connection.passwd(dn, args.old or None, args.new1),
             )
             _dn, attrs = await get_entry_by_dn(connection, dn)
             return JSONResponse(attrs["userPassword"][0].decode())
@@ -328,6 +344,12 @@ async def passwd(request: Request) -> JSONResponse:
             return JSONResponse(None)
 
 
+def _cn(entry: dict) -> Optional[str]:
+    "Try to extract a CN"
+    if "cn" in entry and entry["cn"]:
+        return entry["cn"][0].decode()
+
+
 @api.route("/search/{query:path}")
 async def search(request: Request) -> JSONResponse:
     "Search the directory"

ldap_ui/settings.py

@@ -14,7 +14,7 @@ SECRET_KEY = os.urandom(16)
 # LDAP settings
 #
 LDAP_URL = config("LDAP_URL", default="ldap:///")
-BASE_DN = config("BASE_DN")  # Always required
+BASE_DN = config("BASE_DN", default=None)
 
 USE_TLS = config(
     "USE_TLS",

{ldap_ui-0.9.1.dist-info → ldap_ui-0.9.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ldap-ui
-Version: 0.9.1
+Version: 0.9.3
 Summary: A fast and versatile LDAP editor
 Author: dnknth
 License: MIT License
@@ -12,9 +12,10 @@ Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Topic :: Software Development :: Libraries
-Requires-Python: >=3.8
+Requires-Python: >=3.7
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
+Requires-Dist: pydantic
 Requires-Dist: python-ldap
 Requires-Dist: python-multipart
 Requires-Dist: starlette
@@ -85,7 +86,23 @@ python3 -m venv --system-site-packages venv
 pip3 install ldap-ui
 ```
 
-Possibly after a shell `rehash`, it is available as `ldap-ui`.
+Possibly after a shell `rehash`, it is available as `ldap-ui`:
+
+```text
+Usage: ldap-ui [OPTIONS]
+
+Options:
+  -b, --base-dn TEXT              LDAP base DN. Required unless the BASE_DN
+                                  environment variable is set.
+  -h, --host TEXT                 Bind socket to this host.  [default:
+                                  127.0.0.1]
+  -p, --port INTEGER              Bind socket to this port. If 0, an available
+                                  port will be picked.  [default: 5000]
+  -l, --log-level [critical|error|warning|info|debug|trace]
+                                  Log level. [default: info]
+  --version                       Display the current version and exit.
+  --help                          Show this message and exit.
+```
 
 ## Development
 

{ldap_ui-0.9.1.dist-info → ldap_ui-0.9.3.dist-info}/RECORD

@@ -1,10 +1,10 @@
-ldap_ui/__init__.py,sha256=qWn38sHkooVeCw9daRP9jbAi2NLrMetwUD8NaCWPrv4,224
-ldap_ui/__main__.py,sha256=J0Hc3IiwRAjNKeov7tCLgpZJwT2iUHcmXb4UmazRqU4,62
-ldap_ui/app.py,sha256=68__BoGHFJU8HePoTKyYTM8B305s_dYnlKb8e9yWm8I,6312
-ldap_ui/ldap_api.py,sha256=ecK8K-7-tkoA2df2dbQT8y61I70r7NukE3BQFNN1BsE,12776
+ldap_ui/__init__.py,sha256=xKd3pzbczuMsdB08eLAOqZDUd_q1IRxwZ_ccAFL4c4A,22
+ldap_ui/__main__.py,sha256=RzzkUuwqEk9bPG9pPaBZHA6EvFhXFKI89cF7jdX9RPw,1345
+ldap_ui/app.py,sha256=2gy0khq8whbrxJbA-jNo2Ss7oiW-XxQKWM6Jbxp5d7I,6759
+ldap_ui/ldap_api.py,sha256=l6Wnjzm8ycaY-xXT2JNuHTTvLEsOEXGJnJhDdD72N5Q,13267
 ldap_ui/ldap_helpers.py,sha256=DRpKtqEX_OvYJBuvzTNi0CcZAu446wwUiOezlkBAxrQ,3045
 ldap_ui/schema.py,sha256=apbdLK_WpED0IzmrdktWTu4ESz8GfdOoJuRicFC84YY,3327
-ldap_ui/settings.py,sha256=qEN2fechOCZ935VAa47cPimQruEq7h-iq9d7ascDtZc,2265
+ldap_ui/settings.py,sha256=PmugPMAmFmNa3bM4XKsur89ELORZ103DxrP7ZbsuopY,2260
 ldap_ui/statics/favicon.ico,sha256=_PMMM_C1ER5cpJTXZcRgISR4igj44kA4u8Trl-Ko3L0,4286
 ldap_ui/statics/index.html,sha256=twUC90MNTfNFpQLiLIwUuU3H6RRDiPY92BnMRgIGRWU,827
 ldap_ui/statics/assets/fontawesome-webfont-B-jkhYfk.woff2,sha256=Kt78vAQefRj88tQXh53FoJmXqmTWdbejxLbOM9oT8_4,77160
@@ -16,9 +16,9 @@ ldap_ui/statics/assets/index-CA45Sb-q.js,sha256=qejoldzV9wbUVar1ljURYwyTb2DYn3HQ
 ldap_ui/statics/assets/index-CA45Sb-q.js.gz,sha256=1yJTHdcLZLU2d6DkPKbmNEFiOlPo7vIWXYyg_fidSdE,43710
 ldap_ui/statics/assets/index-DlTKbnmq.css,sha256=Rpthz_HvUybqmodfPCnOXFsSwGd7v8hhh-p-duAzf1E,48119
 ldap_ui/statics/assets/index-DlTKbnmq.css.gz,sha256=Ctq3hMh_BBVt9zsh9CYlHpVtDDHanicyGPAdcGXIFXw,11532
-ldap_ui-0.9.1.dist-info/LICENSE.txt,sha256=UpJ0sDIqHxbOtzy1EG4bCHs9R_99ODxxPDK4NZ0g3I0,1042
-ldap_ui-0.9.1.dist-info/METADATA,sha256=uENv_PqySjK3XhZ0pF9kf7FiQ--WDHeHDD0a1--1YWc,6824
-ldap_ui-0.9.1.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
-ldap_ui-0.9.1.dist-info/entry_points.txt,sha256=rJuKzXUTziBohZ3-tt4-WbD2DOO1LHfzwnDm2HdCg84,40
-ldap_ui-0.9.1.dist-info/top_level.txt,sha256=t9Agyig1nDdJuQvx_UVuk1n28pgswc1BIYw8E6pWado,8
-ldap_ui-0.9.1.dist-info/RECORD,,
+ldap_ui-0.9.3.dist-info/LICENSE.txt,sha256=UpJ0sDIqHxbOtzy1EG4bCHs9R_99ODxxPDK4NZ0g3I0,1042
+ldap_ui-0.9.3.dist-info/METADATA,sha256=tDswFFkkDqk_wc40dnfq455_lWXmUmaGFntAgNcbiQc,7557
+ldap_ui-0.9.3.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
+ldap_ui-0.9.3.dist-info/entry_points.txt,sha256=TGxMkXYeZP5m5NjZxWmgzITYWhSdj2mR_GGUYmHhGws,50
+ldap_ui-0.9.3.dist-info/top_level.txt,sha256=t9Agyig1nDdJuQvx_UVuk1n28pgswc1BIYw8E6pWado,8
+ldap_ui-0.9.3.dist-info/RECORD,,

ldap_ui-0.9.3.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+ldap-ui = ldap_ui.__main__:main

ldap_ui-0.9.1.dist-info/entry_points.txt

@@ -1,2 +0,0 @@
-[console_scripts]
-ldap-ui = ldap_ui:run