Ldap sync

amivapi/users/__init__.py

@@ -18,7 +18,7 @@
     restrict_filters,
 )
 from .subscriberlist import init_subscriber_list
-
+from .usersync import init_user_sync
 
 def init_app(app):
     """Register resources and blueprints, add hooks and validation."""
@@ -45,3 +45,4 @@ def init_app(app):
     app.on_fetched_item_users += hide_fields
 
     init_subscriber_list(app)
+    init_user_sync(app)

amivapi/users/usersync.py

@@ -0,0 +1,36 @@
+# -*- coding: utf-8 -*-
+#
+# license: AGPLv3, see LICENSE for details. In addition we strongly encourage
+#          you to buy us beer if we meet and you like the software.
+"""Provide an endpoint to sync users as if they logged in on the Website."""
+from flask import abort, request, Blueprint, g, jsonify
+
+from amivapi import ldap
+from amivapi.auth import authenticate
+from amivapi.groups import check_group_permissions
+
+blueprint = Blueprint('user_sync', __name__)
+
+@blueprint.route('/usersync', methods=['POST'])
+def usersync():
+    """Sync user with LDAP as if they logged in.
+
+    Runs the ldap sync if the user has readwrite permission on the users resource
+
+    request body:
+    `{"nethz": "hmuster"}`
+    """
+    authenticate()
+    check_group_permissions('users')
+
+    if g.get('resource_admin'):
+        nethz = request.json.get('nethz')
+        if nethz:
+            res = ldap.sync_one(nethz)
+            return jsonify(res)
+        abort(422)
+    abort(401)
+
+def init_user_sync(app):
+    """Register the user_sync blueprint."""
+    app.register_blueprint(blueprint)

dev_mongoinit.js

@@ -11,15 +11,49 @@ db.createUser(
     }
 );
 
-db.getSiblingDB('test_amivapi').createUser(
-    {
-        user: "test_user",
-        pwd: "test_pw",
-        roles: [
-            {
-                role: "readWrite",
-                db: "test_amivapi"
-            }
-        ]
-    }
-);
+db = db.getSiblingDB('amivapi');
+
+// Create admin user with password admin
+let userId = db.users.insertOne({
+    nethz: 'admin',
+    password: '$pbkdf2-sha256$5$OqfUmtNaq5UyRohxDuGckw$9H/UL5N5dA7JmUq7ohRPfmJ84OUnpRKjTgsMeuFilXM',
+    email: "[email protected]",
+    membership: "regular",
+    gender: "female",
+    firstname: "ad",
+    lastname: "min",
+    _etag: "27f987fd9dd45d491e5aea3e27730israndom",
+}).insertedId;
+
+// Create admin group with permissions on all resources
+let groupId = db.groups.insertOne({
+    name: 'admin',
+    permissions: {
+        apikeys: "readwrite",
+        users: "readwrite",
+        sessions: "readwrite",
+        events: "readwrite",
+        eventsignups: "readwrite",
+        groups: "readwrite",
+        groupmemberships: "readwrite",
+        joboffers: "readwrite",
+        beverages: "read",
+        studydocuments: "readwrite",
+        oauthclients: "readwrite",
+    },
+    _etag: "27f987fd9dd45d491e5aea3e27730israndom",
+}).insertedId;
+
+// Add admin to admin group
+db.groupmemberships.insertOne({
+    user: userId,
+    group: groupId,
+    _etag: "27f987fd9dd45d491e5aea3e27730israndom",
+})
+
+// Add Local Tool client for admin tool
+db.oauthclients.insertOne({
+    client_id: "Local Tool",
+    redirect_uri: "http://localhost",
+    _etag: "27f987fd9dd45d491e5aea3e27730israndom",
+});