From 72530669dbc76768c0f6c2c681b663b07ee9a773 Mon Sep 17 00:00:00 2001
From: Krakinou <misterl56@hotmail.com>
Date: Sun, 13 Jan 2019 12:33:17 +0100
Subject: [PATCH] Patch sources

---
 sources/patches/app-config.patch | 24 +++++++++++
 sources/patches/app-ub.patch     | 72 ++++++++++++++++++++++++++++++++
 sources/patches/app-web.patch    | 44 +++++++++++++++++++
 3 files changed, 140 insertions(+)
 create mode 100644 sources/patches/app-config.patch
 create mode 100644 sources/patches/app-ub.patch
 create mode 100644 sources/patches/app-web.patch

diff --git a/sources/patches/app-config.patch b/sources/patches/app-config.patch
new file mode 100644
index 0000000..c816372
--- /dev/null
+++ b/sources/patches/app-config.patch
@@ -0,0 +1,24 @@
+--- a/cps/templates/config_edit.html	2019-01-12 09:01:08.000000000 +0100
++++ b/cps/templates/config_edit.html	2019-01-13 11:21:11.000000000 +0100
+@@ -162,6 +162,21 @@
+       </div>
+     </div>
+     {% endif %}
++    <div class="form-group">
++      <input type="checkbox" id="config_use_ldap" name="config_use_ldap" data-control="ldap-settings" {% if content.config_use_ldap %}checked{% endif %}>
++      <label for="config_use_ldap">{{_('Use')}} LDAP Authentication</label>
++      </div>
++    <div data-related="ldap-settings">
++      <div class="form-group">
++        <label for="config_ldap_provider_url">{{_('LDAP Provider URL')}}</label>
++        <input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{% if content.config_use_ldap != None %}{{ content.config_ldap_provider_url }}{% endif %}" autocomplete="off">
++      </div>
++      <div class="form-group">
++        <label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
++        <input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if content.config_use_ldap != None %}{{ content.config_ldap_dn }}{% endif %}" autocomplete="off">
++      </div>
++    </div>
++    </div>
+       </div>
+     </div>
+   </div>
diff --git a/sources/patches/app-ub.patch b/sources/patches/app-ub.patch
new file mode 100644
index 0000000..5da0e64
--- /dev/null
+++ b/sources/patches/app-ub.patch
@@ -0,0 +1,72 @@
+--- a/cps/ub.py	2019-01-12 09:01:08.000000000 +0100
++++ b/cps/ub.py	2019-01-13 11:21:11.000000000 +0100
+@@ -148,6 +148,14 @@
+     def __repr__(self):
+         return '<User %r>' % self.nickname
+ 
++    #Login via LDAP method
++    @staticmethod
++    def try_login(username, password):
++        conn = get_ldap_connection()
++        conn.simple_bind_s(
++             config.config_ldap_dn.replace("%s", username),
++             password
++        )
+ 
+ # Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from
+ # User Base (all access methods are declared there)
+@@ -306,6 +314,9 @@
+     config_use_goodreads = Column(Boolean)
+     config_goodreads_api_key = Column(String)
+     config_goodreads_api_secret = Column(String)
++    config_use_ldap = Column(Boolean)
++    config_ldap_provider_url = Column(String)
++    config_ldap_dn = Column(String)
+     config_mature_content_tags = Column(String)
+     config_logfile = Column(String)
+     config_ebookconverter = Column(Integer, default=0)
+@@ -379,6 +390,9 @@
+         self.config_use_goodreads = data.config_use_goodreads
+         self.config_goodreads_api_key = data.config_goodreads_api_key
+         self.config_goodreads_api_secret = data.config_goodreads_api_secret
++        self.config_use_ldap = data.config_use_ldap
++        self.config_ldap_provider_url = data.config_ldap_provider_url
++        self.config_ldap_dn = data.config_ldap_dn
+         if data.config_mature_content_tags:
+             self.config_mature_content_tags = data.config_mature_content_tags
+         else:
+@@ -662,13 +676,20 @@
+         conn.execute("ALTER TABLE Settings ADD column `config_calibre` String DEFAULT ''")
+         session.commit()
+     try:
++        session.query(exists().where(Settings.config_use_ldap)).scalar()
++    except exc.OperationalError:
++        conn = engine.connect()
++        conn.execute("ALTER TABLE Settings ADD column `config_use_ldap` INTEGER DEFAULT 0")
++        conn.execute("ALTER TABLE Settings ADD column `config_ldap_provider_url` String DEFAULT ''")
++        conn.execute("ALTER TABLE Settings ADD column `config_ldap_dn` String DEFAULT ''")
++        session.commit()
++    try:
+         session.query(exists().where(Settings.config_theme)).scalar()
+     except exc.OperationalError:  # Database is not compatible, some rows are missing
+         conn = engine.connect()
+         conn.execute("ALTER TABLE Settings ADD column `config_theme` INTEGER DEFAULT 0")
+         session.commit()
+ 
+-
+     # Remove login capability of user Guest
+     conn = engine.connect()
+     conn.execute("UPDATE user SET password='' where nickname = 'Guest' and password !=''")
+@@ -778,6 +799,12 @@
+     migrate_Database()
+     clean_database()
+ 
++#get LDAP connection
++def get_ldap_connection():
++    import ldap
++    conn = ldap.initialize('ldap://{}'.format(config.config_ldap_provider_url))
++    return conn
++
+ # Generate global Settings Object accessible from every file
+ config = Config()
+ searched_ids = {}
diff --git a/sources/patches/app-web.patch b/sources/patches/app-web.patch
new file mode 100644
index 0000000..f8536d9
--- /dev/null
+++ b/sources/patches/app-web.patch
@@ -0,0 +1,44 @@
+--- a/cps/web.py	2019-01-12 09:01:08.000000000 +0100
++++ b/cps/web.py	2019-01-13 11:21:11.000000000 +0100
+@@ -2363,7 +2363,18 @@
+     if request.method == "POST":
+         form = request.form.to_dict()
+         user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first()
+-        if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
++        if config.config_use_ldap and user:
++            import ldap
++            try:
++                ub.User.try_login(form['username'], form['password'])
++                login_user(user, remember=True)
++                flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
++                return redirect_back(url_for("index"))
++            except ldap.INVALID_CREDENTIALS:
++                ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
++                app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress)
++                flash(_(u"Wrong Username or Password"), category="error")
++        elif user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
+             login_user(user, remember=True)
+             flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
+             return redirect_back(url_for("index"))
+@@ -3088,6 +3099,21 @@
+         if "config_ebookconverter" in to_save:
+             content.config_ebookconverter = int(to_save["config_ebookconverter"])
+ 
++        #LDAP configuratop,
++        if "config_use_ldap" in to_save and to_save["config_use_ldap"] == "on":
++            if not "config_ldap_provider_url" in to_save or not "config_ldap_dn" in to_save:
++                ub.session.commit()
++                flash(_(u'Please enter a LDAP provider and a DN'), category="error")
++                return render_title_template("config_edit.html", content=config, origin=origin,
++                                             gdrive=gdriveutils.gdrive_support, gdriveError=gdriveError,
++                                             goodreads=goodreads_support, title=_(u"Basic Configuration"),
++                                             page="config")
++            else:
++                content.config_use_ldap = 1
++                content.config_ldap_provider_url = to_save["config_ldap_provider_url"]
++                content.config_ldap_dn = to_save["config_ldap_dn"]
++                db_change = True
++
+         # Remote login configuration
+         content.config_remote_login = ("config_remote_login" in to_save and to_save["config_remote_login"] == "on")
+         if not content.config_remote_login: