ldap-ui 0.9.2__py3-none-any.whl → 0.9.4__py3-none-any.whl

ldap_ui/__init__.py

@@ -1 +1 @@
-__version__ = "0.9.2"
+__version__ = "0.9.4"

ldap_ui/__main__.py

@@ -1,5 +1,9 @@
+import logging
+
 import click
 import uvicorn
+from uvicorn.config import LOG_LEVELS
+from uvicorn.logging import ColourizedFormatter
 from uvicorn.main import LEVEL_CHOICES
 
 import ldap_ui
@@ -14,6 +18,13 @@ def print_version(ctx: click.Context, param: click.Parameter, value: bool) -> No
 
 
 @click.command()
+@click.option(
+    "-b",
+    "--base-dn",
+    type=str,
+    default=settings.BASE_DN,
+    help="LDAP base DN. Required unless the BASE_DN environment variable is set.",
+)
 @click.option(
     "-h",
     "--host",
@@ -22,13 +33,6 @@ def print_version(ctx: click.Context, param: click.Parameter, value: bool) -> No
     help="Bind socket to this host.",
     show_default=True,
 )
-@click.option(
-    "-b",
-    "--base-dn",
-    type=str,
-    default=settings.BASE_DN,
-    help="LDAP base DN. Required unless the BASE_DN environment variable is set.",
-)
 @click.option(
     "-p",
     "--port",
@@ -54,12 +58,16 @@ def print_version(ctx: click.Context, param: click.Parameter, value: bool) -> No
     help="Display the current version and exit.",
 )
 def main(base_dn, host, port, log_level):
-    if base_dn:
+    logging.basicConfig(level=LOG_LEVELS[log_level])
+    rootHandler = logging.getLogger().handlers[0]
+    rootHandler.setFormatter(ColourizedFormatter(fmt="%(levelprefix)s %(message)s"))
+
+    if base_dn is not None:
         settings.BASE_DN = base_dn
 
     uvicorn.run(
         "ldap_ui.app:app",
-        log_level=log_level,
+        log_level=logging.INFO,
         host=host,
         port=port,
     )

ldap_ui/app.py

@@ -17,6 +17,7 @@ from typing import AsyncGenerator
 
 import ldap
 from ldap.schema import SubSchema
+from pydantic import ValidationError
 from starlette.applications import Starlette
 from starlette.authentication import (
     AuthCredentials,
@@ -38,10 +39,14 @@ from . import settings
 from .ldap_api import api
 from .ldap_helpers import WITH_OPERATIONAL_ATTRS, empty, ldap_connect, unique
 
-if settings.BASE_DN is None:
-    logging.getLogger("ldap-ui").critical("An LDAP base DN is required!")
+LOG = logging.getLogger("ldap-ui")
+
+if not settings.BASE_DN:
+    LOG.critical("An LDAP base DN is required!")
     sys.exit(1)
 
+LOG.debug("Base DN: %s", settings.BASE_DN)
+
 # Force authentication
 UNAUTHORIZED = Response(
     "Invalid credentials",
@@ -93,8 +98,10 @@ class LdapConnectionMiddleware(BaseHTTPMiddleware):
             return UNAUTHORIZED
 
         except ldap.LDAPError as err:
+            msg = ldap_exception_message(err)
+            LOG.error(msg)
             return PlainTextResponse(
-                ldap_exception_message(err),
+                msg,
                 status_code=500,
             )
 
@@ -149,9 +156,13 @@ class CacheBustingMiddleware(BaseHTTPMiddleware):
         return response
 
 
-async def http_exception(_request: Request, exc: HTTPException):
+async def http_exception(_request: Request, exc: HTTPException) -> Response:
     "Send error responses"
     assert exc.status_code >= 400
+    if exc.status_code < 500:
+        LOG.warning(exc.detail)
+    else:
+        LOG.error(exc.detail)
     return PlainTextResponse(
         exc.detail,
         status_code=exc.status_code,
@@ -159,11 +170,17 @@ async def http_exception(_request: Request, exc: HTTPException):
     )
 
 
-async def forbidden(_request: Request, exc: ldap.LDAPError):
+async def forbidden(_request: Request, exc: ldap.LDAPError) -> Response:
     "HTTP 403 Forbidden"
     return PlainTextResponse(ldap_exception_message(exc), status_code=403)
 
 
+async def http_422(_request: Request, e: ValidationError) -> Response:
+    "HTTP 422 Unprocessable Entity"
+    LOG.warn("Invalid request body", exc_info=e)
+    return Response(repr(e), status_code=422)
+
+
 @contextlib.asynccontextmanager
 async def lifespan(app):
     with ldap_connect() as connection:
@@ -186,6 +203,7 @@ app = Starlette(
     exception_handlers={
         HTTPException: http_exception,
         ldap.INSUFFICIENT_ACCESS: forbidden,
+        ValidationError: http_422,
     },
     lifespan=lifespan,
     middleware=(

ldap_ui/ldap_api.py

@@ -9,7 +9,7 @@ Asynchronous LDAP operations are used as much as possible.
 
 import base64
 import io
-from typing import Any, Optional, Tuple
+from typing import Any, Optional, Tuple, Union
 
 import ldap
 import ldif
@@ -17,6 +17,7 @@ from ldap.ldapobject import LDAPObject
 from ldap.modlist import addModlist, modifyModlist
 from ldap.schema import SubSchema
 from ldap.schema.models import AttributeType, LDAPSyntax, ObjectClass
+from pydantic import BaseModel, Field, TypeAdapter
 from starlette.datastructures import UploadFile
 from starlette.exceptions import HTTPException
 from starlette.requests import Request
@@ -144,6 +145,9 @@ def _entry(schema: SubSchema, res: Tuple[str, Any]) -> dict[str, Any]:
     }
 
 
+Entry = TypeAdapter(dict[str, list[bytes]])
+
+
 @api.route("/entry/{dn}", methods=("GET", "POST", "DELETE", "PUT"))
 async def entry(request: Request) -> Response:
     "Edit directory entries"
@@ -164,9 +168,9 @@ async def entry(request: Request) -> Response:
         return NO_CONTENT
 
     # Copy JSON payload into a dictionary of non-empty byte strings
-    json = await request.json()
+    json = Entry.validate_json(await request.body())
     req = {
-        k: [s.encode() for s in filter(None, v)]
+        k: [s for s in filter(None, v)]
         for k, v in json.items()
         if k not in PHOTOS and (k not in PASSWORDS or request.method == "PUT")
     }
@@ -277,8 +281,14 @@ async def ldifUpload(
     "Import LDIF"
 
     reader = LDIFReader(await request.body(), request.state.ldap)
-    reader.parse()
-    return NO_CONTENT
+    try:
+        reader.parse()
+        return NO_CONTENT
+    except ValueError as e:
+        return Response(e.args[0], status_code=422)
+
+
+Rdn = TypeAdapter(str)
 
 
 @api.route("/rename/{dn}", methods=("POST",))
@@ -286,16 +296,22 @@ async def rename(request: Request) -> JSONResponse:
     "Rename an entry"
 
     dn = request.path_params["dn"]
-    rdn = await request.json()
+    rdn = Rdn.validate_json(await request.body())
     connection = request.state.ldap
     await empty(connection, connection.rename(dn, rdn, delold=0))
     return NO_CONTENT
 
 
-def _cn(entry: dict) -> Optional[str]:
-    "Try to extract a CN"
-    if "cn" in entry and entry["cn"]:
-        return entry["cn"][0].decode()
+class ChangePasswordRequest(BaseModel):
+    old: str
+    new1: str
+
+
+class CheckPasswordRequest(BaseModel):
+    check: str = Field(min_length=1)
+
+
+PasswordRequest = TypeAdapter(Union[ChangePasswordRequest, CheckPasswordRequest])
 
 
 @api.route("/entry/password/{dn}", methods=("POST",))
@@ -303,22 +319,22 @@ async def passwd(request: Request) -> JSONResponse:
     "Update passwords"
 
     dn = request.path_params["dn"]
-    args = await request.json()
+    args = PasswordRequest.validate_json(await request.body())
 
-    if "check" in args:
+    if type(args) is CheckPasswordRequest:
         with ldap_connect() as con:
             try:
-                con.simple_bind_s(dn, args["check"])
+                con.simple_bind_s(dn, args.check)
                 return JSONResponse(True)
             except ldap.INVALID_CREDENTIALS:
                 return JSONResponse(False)
 
-    if "old" in args and "new1" in args:
+    else:
         connection = request.state.ldap
-        if args["new1"]:
+        if args.new1:
             await empty(
                 connection,
-                connection.passwd(dn, args.get("old") or None, args["new1"]),
+                connection.passwd(dn, args.old or None, args.new1),
             )
             _dn, attrs = await get_entry_by_dn(connection, dn)
             return JSONResponse(attrs["userPassword"][0].decode())
@@ -328,6 +344,12 @@ async def passwd(request: Request) -> JSONResponse:
             return JSONResponse(None)
 
 
+def _cn(entry: dict) -> Optional[str]:
+    "Try to extract a CN"
+    if "cn" in entry and entry["cn"]:
+        return entry["cn"][0].decode()
+
+
 @api.route("/search/{query:path}")
 async def search(request: Request) -> JSONResponse:
     "Search the directory"

{ldap_ui-0.9.2.dist-info → ldap_ui-0.9.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ldap-ui
-Version: 0.9.2
+Version: 0.9.4
 Summary: A fast and versatile LDAP editor
 Author: dnknth
 License: MIT License
@@ -15,6 +15,7 @@ Classifier: Topic :: Software Development :: Libraries
 Requires-Python: >=3.7
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
+Requires-Dist: pydantic
 Requires-Dist: python-ldap
 Requires-Dist: python-multipart
 Requires-Dist: starlette
@@ -85,7 +86,23 @@ python3 -m venv --system-site-packages venv
 pip3 install ldap-ui
 ```
 
-Possibly after a shell `rehash`, it is available as `ldap-ui`.
+Possibly after a shell `rehash`, it is available as `ldap-ui`:
+
+```text
+Usage: ldap-ui [OPTIONS]
+
+Options:
+  -b, --base-dn TEXT              LDAP base DN. Required unless the BASE_DN
+                                  environment variable is set.
+  -h, --host TEXT                 Bind socket to this host.  [default:
+                                  127.0.0.1]
+  -p, --port INTEGER              Bind socket to this port. If 0, an available
+                                  port will be picked.  [default: 5000]
+  -l, --log-level [critical|error|warning|info|debug|trace]
+                                  Log level. [default: info]
+  --version                       Display the current version and exit.
+  --help                          Show this message and exit.
+```
 
 ## Development
 

{ldap_ui-0.9.2.dist-info → ldap_ui-0.9.4.dist-info}/RECORD

@@ -1,7 +1,7 @@
-ldap_ui/__init__.py,sha256=gqT-BGoeEItda9fICQDvLbxEjWRIBhFJxPxxKvmHLUo,22
-ldap_ui/__main__.py,sha256=XEW0IGh-BZ0MUnzHmLRgnqSee8r0o_oRgcQ_8WSNC0g,1345
-ldap_ui/app.py,sha256=8iYzv92zl6XeqeF8JjaYT-68wgYSrcsq9CQK0O0bsCE,6443
-ldap_ui/ldap_api.py,sha256=ecK8K-7-tkoA2df2dbQT8y61I70r7NukE3BQFNN1BsE,12776
+ldap_ui/__init__.py,sha256=e56AvHfJCtG2ZwwINqsxINVbehWdKxMYgIDbjd7P-II,22
+ldap_ui/__main__.py,sha256=m1rmS8LgWag5KP0tf0bZ5VskJ3eWhB4rhCViC66lzUI,1651
+ldap_ui/app.py,sha256=I_JuRLYYy-zeMzvDMqVQMshzP_PFDLMAMlFoRgEgR6M,6945
+ldap_ui/ldap_api.py,sha256=l6Wnjzm8ycaY-xXT2JNuHTTvLEsOEXGJnJhDdD72N5Q,13267
 ldap_ui/ldap_helpers.py,sha256=DRpKtqEX_OvYJBuvzTNi0CcZAu446wwUiOezlkBAxrQ,3045
 ldap_ui/schema.py,sha256=apbdLK_WpED0IzmrdktWTu4ESz8GfdOoJuRicFC84YY,3327
 ldap_ui/settings.py,sha256=PmugPMAmFmNa3bM4XKsur89ELORZ103DxrP7ZbsuopY,2260
@@ -16,9 +16,9 @@ ldap_ui/statics/assets/index-CA45Sb-q.js,sha256=qejoldzV9wbUVar1ljURYwyTb2DYn3HQ
 ldap_ui/statics/assets/index-CA45Sb-q.js.gz,sha256=1yJTHdcLZLU2d6DkPKbmNEFiOlPo7vIWXYyg_fidSdE,43710
 ldap_ui/statics/assets/index-DlTKbnmq.css,sha256=Rpthz_HvUybqmodfPCnOXFsSwGd7v8hhh-p-duAzf1E,48119
 ldap_ui/statics/assets/index-DlTKbnmq.css.gz,sha256=Ctq3hMh_BBVt9zsh9CYlHpVtDDHanicyGPAdcGXIFXw,11532
-ldap_ui-0.9.2.dist-info/LICENSE.txt,sha256=UpJ0sDIqHxbOtzy1EG4bCHs9R_99ODxxPDK4NZ0g3I0,1042
-ldap_ui-0.9.2.dist-info/METADATA,sha256=7NuYPD10C_50VRimJO-besonFetFEETpZmdFm13MSEg,6824
-ldap_ui-0.9.2.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
-ldap_ui-0.9.2.dist-info/entry_points.txt,sha256=TGxMkXYeZP5m5NjZxWmgzITYWhSdj2mR_GGUYmHhGws,50
-ldap_ui-0.9.2.dist-info/top_level.txt,sha256=t9Agyig1nDdJuQvx_UVuk1n28pgswc1BIYw8E6pWado,8
-ldap_ui-0.9.2.dist-info/RECORD,,
+ldap_ui-0.9.4.dist-info/LICENSE.txt,sha256=UpJ0sDIqHxbOtzy1EG4bCHs9R_99ODxxPDK4NZ0g3I0,1042
+ldap_ui-0.9.4.dist-info/METADATA,sha256=zNGp6KEaiXTr5ym0eWo8GwzIjy_oTTsXEBABYaDXuUE,7557
+ldap_ui-0.9.4.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
+ldap_ui-0.9.4.dist-info/entry_points.txt,sha256=TGxMkXYeZP5m5NjZxWmgzITYWhSdj2mR_GGUYmHhGws,50
+ldap_ui-0.9.4.dist-info/top_level.txt,sha256=t9Agyig1nDdJuQvx_UVuk1n28pgswc1BIYw8E6pWado,8
+ldap_ui-0.9.4.dist-info/RECORD,,