falcon适配ldap密码同步

问题

小米的openfalcon在使用ldap首次登陆成功后,会在本地创建同名的账号, 这就有个问题当你更新了ldap的密码时,openfalcon是没有同步本地账号密码的功能

二次改造

1. 方便我们debug, 先把日志的debug打开,默认是没有运行时日志的,只有console日志

   # 编辑文件 dashboard/rrd/utils/logger.py
   
   import  sys
   from rrd  import  config
   import  logging
   file_handler = logging.FileHandler(filename= '/data1/dev/open-falcon/dashboard/var/running.log' )
   formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s' )
   file_handler.setFormatter(formatter)
   logging.getLogger().addHandler(file_handler)
   logging.getLogger().setLevel(logging.DEBUG)

2. 添加两个util方法 dashboard/rrd/view/utils.py

   def get_Apitoken(name, password):
       d = { "name" : name,  "password" : password}
       h = { "Content-type" : "application/json" }
       r = requests.post( "%s/user/login"  %(config.API_ADDR,), \
               data=json.dumps(d), headers=h)
       if  r.status_code !=  200 :
           raise Exception( "%s %s"  %(r.status_code, r.text))
       sig = json.loads(r.text)[ "sig" ]
       return  json.dumps({ "name" :name, "sig" :sig})
   
   def get_user_id(name, Apitoken):
       h = { "Content-type" : "application/json" , "Apitoken" :Apitoken}
       r = requests.get( "%s/user/name/%s"  %(config.API_ADDR,name), headers=h)
       if  r.status_code !=  200 :
           user_id = - 1
           return  user_id
       user_id = json.loads(r.text)[ "id" ]
       return  user_id

3. 重构登陆函数

   diff --git a/rrd/view/auth/auth.py b/rrd/view/auth/auth.py
   index c203c4c..a546b95  100644
   --- a/rrd/view/auth/auth.py
   +++ b/rrd/view/auth/auth.py
   @@ - 17 , 6  + 17 , 7  @@
    from flask  import  request, g, abort, render_template, redirect
    from flask.ext.babel  import  refresh
    import  requests
   + import  traceback
    import  json
    from rrd  import  app
    from rrd  import  config
   @@ - 48 , 6  + 49 , 7  @@ def auth_login():
            if  ldap ==  "1" :
                try :
                    ldap_info = view_utils.ldap_login_user(name, password)
   +                log.debug( "ldap_info: %s"  %ldap_info)
                    h = { "Content-type" : "application/json" }
                    d = {
   @@ - 58 , 12  + 60 , 20  @@ def auth_login():
                        "phone" : ldap_info[ 'phone' ],
                    }
   -                r = requests.post( "%s/user/create"  %(config.API_ADDR,), \
   +                Apitoken = view_utils.get_Apitoken( 'admin' ,  'admin_password' )
   +                user_id = view_utils.get_user_id(name, Apitoken)
   +                log.debug( 'apitoken:%s, user_id:%s'  %(Apitoken, user_id))
   +
   +                 if  user_id >  0 :
   +                    r = requests.put( "%s/admin/change_user_passwd"  %(config.API_ADDR), data=json.dumps({ "user_id" :user_id,"passwor
   +                    log.debug( 'ldap login success and synchronize user password' )
   +                 else :
   +                    r = requests.post( "%s/user/create"  %(config.API_ADDR,), \
                            data=json.dumps(d), headers=h)
   -                log.debug( "%s:%s"  %(r.status_code, r.text))
   +                    log.debug( "create user status %s:%s"  %(r.status_code, r.text))
   -                #TODO: update password in db  if  ldap password changed
                except Exception as e:
   +                log.debug(traceback.format_exc())
                    ret[ "msg" ] = str(e)
                    return  json.dumps(ret)

   完

转载于:https://www.cnblogs.com/txwsqk/p/9967510.html