From 12739d04d725ec0c508294ecf01d2911f2966cc3 Mon Sep 17 00:00:00 2001
From: JensDiemer <git@jensdiemer.de>
Date: Sat, 12 Dec 2020 12:23:07 +0100
Subject: [PATCH] Support SSO authentication via django-auth-ldap

Other changes:

* Bugfix Redis cache backend
* remove "virtualenv" and use "python3 -m venv"
---
 README.md                        |  4 +--
 conf/ynh_pyinventory_settings.py | 45 +++++++++++++++++++++++++++++---
 manifest.json                    |  2 +-
 scripts/_common.sh               |  6 +++--
 scripts/install                  |  3 ++-
 scripts/upgrade                  |  3 ++-
 6 files changed, 53 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 5807919..128d8ff 100644
--- a/README.md
+++ b/README.md
@@ -31,9 +31,9 @@ You can edit the file `$final_path/local_settings.py` to enable or disable featu
 
 # Miscellaneous
 
-## LDAP connexion
+## LDAP connection
 
-TODO: https://github.com/django-auth-ldap/django-auth-ldap
+Supported by https://github.com/django-auth-ldap/django-auth-ldap
 
 ## Links
 
diff --git a/conf/ynh_pyinventory_settings.py b/conf/ynh_pyinventory_settings.py
index b7d2e4e..5760e63 100644
--- a/conf/ynh_pyinventory_settings.py
+++ b/conf/ynh_pyinventory_settings.py
@@ -11,6 +11,8 @@
 
 from pathlib import Path as __Path
 
+import ldap
+from django_auth_ldap.config import LDAPSearch
 from inventory_project.settings.base import *  # noqa
 
 DEBUG = False
@@ -34,6 +36,45 @@ PATH_URL = PATH_URL.strip('/')
 ROOT_URLCONF = 'ynh_urls'  # /opt/yunohost/pyinventory/ynh_urls.py
 
 # -----------------------------------------------------------------------------
+# https://github.com/django-auth-ldap/django-auth-ldap
+
+LDAP_SERVER_URI = 'ldap://localhost:389'
+LDAP_START_TLS = True
+
+# enable anonymous searches
+# https://django-auth-ldap.readthedocs.io/en/latest/authentication.html?highlight=anonymous#search-bind
+LDAP_BIND_DN = ''
+LDAP_BIND_PASSWORD = ''
+
+LDAP_ROOT_DN = 'ou=users,dc=yunohost,dc=org'
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_ROOT_DN, ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    'username': 'uid',
+    'first_name': 'givenName',
+    'last_name': 'sn',
+    'email': 'mail',
+}
+
+# This is the default, but I like to be explicit.
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+
+# Use LDAP group membership to calculate group permissions.
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+# Cache distinguished names and group memberships for an hour to minimize LDAP traffic
+AUTH_LDAP_CACHE_TIMEOUT = 3600
+
+# Keep ModelBackend around for per-user permissions and superuser
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+# -----------------------------------------------------------------------------
+
 
 ADMINS = (
     ('__ADMIN__', '__ADMINMAIL__'),
@@ -84,9 +125,6 @@ CACHES = {
         # 'LOCATION': 'unix:///var/run/redis/redis.sock?db=1',
         'OPTIONS': {
             'CLIENT_CLASS': 'django_redis.client.DefaultClient',
-            'PARSER_CLASS': 'redis.connection.HiredisParser',
-            'PASSWORD': None,
-            'CONNECTION_POOL_KWARGS': {},
         },
         'KEY_PREFIX': '__APP__',
     },
@@ -137,6 +175,7 @@ LOGGING = {
         'django': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
         'axes': {'handlers': ['syslog', 'mail_admins'], 'level': 'WARNING', 'propagate': False},
         'django_tools': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
+        'django_auth_ldap': {'handlers': ['syslog', 'mail_admins'], 'level': 'DEBUG', 'propagate': False},
         'inventory': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
     },
 }
diff --git a/manifest.json b/manifest.json
index 016744a..b5b39d4 100644
--- a/manifest.json
+++ b/manifest.json
@@ -5,7 +5,7 @@
 	"description": {
 		"en": "Web based management to catalog things including state and location etc."
 	},
-	"version": "0.8.1~ynh4",
+	"version": "0.8.1~ynh5",
 	"url": "https://github.com/jedie/PyInventory",
 	"license": "GPL-3.0",
 	"maintainer": {
diff --git a/scripts/_common.sh b/scripts/_common.sh
index b756cdf..6662b74 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -24,12 +24,14 @@ log_file="${log_path}/pyinventory.log"
 #=================================================
 
 # dependencies used by the app
-pkg_dependencies="build-essential python3-dev python3-pip python3-virtualenv virtualenv git \
-	postgresql postgresql-contrib"
+pkg_dependencies="build-essential python3-dev python3-pip python3-virtualenv git \
+	postgresql postgresql-contrib python3-ldap libldap2-dev libsasl2-dev"
 
 # PyInventory's version for PIP and settings file
 pyinventory_version="0.8.1"
 
+# Extra python packages:
+pypi_extras="django-redis django-auth-ldap"
 
 #=================================================
 # Redis HELPERS
diff --git a/scripts/install b/scripts/install
index bef3992..15a0947 100755
--- a/scripts/install
+++ b/scripts/install
@@ -102,7 +102,7 @@ ynh_system_user_create --username="$app" --home_dir="$final_path" --use_shell
 #=================================================
 ynh_script_progression --message="Install PyInventory using PIP..." --weight=80
 
-virtualenv --python=python3 "${final_path}/venv"
+python3 -m venv "${final_path}/venv"
 chown -R "$app" "$final_path"
 
 #run source in a 'sub shell'
@@ -113,6 +113,7 @@ chown -R "$app" "$final_path"
 	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pip
 	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary
 	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version"
+	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade ${pypi_extras}
 )
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index ed156cc..30cbb63 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -87,7 +87,7 @@ ynh_add_systemd_config --service="$app" --template="pyinventory.service"
 
 ynh_script_progression --message="Install pyinventory using PIP..." --weight=15
 
-virtualenv --python=python3 "${final_path}/venv"
+python3 -m venv "${final_path}/venv"
 chown -R "$app" "$final_path"
 
 #run source in a 'sub shell'
@@ -98,6 +98,7 @@ chown -R "$app" "$final_path"
   ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pip
   ynh_exec_as $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary
   ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version"
+	ynh_exec_as $app $final_path/venv/bin/pip install --upgrade ${pypi_extras}
 )
 
 #=================================================