falcon适配ldap密码同步

问题

小米的openfalcon在使用ldap首次登陆成功后,会在本地创建同名的账号, 这就有个问题当你更新了ldap的密码时,openfalcon是没有同步本地账号密码的功能

二次改造

1. 方便我们debug, 先把日志的debug打开,默认是没有运行时日志的,只有console日志

   # 编辑文件 dashboard/rrd/utils/logger.py

     

   import sys

   from rrd import config

   import logging

   file_handler = logging.FileHandler(filename='/data1/dev/open-falcon/dashboard/var/running.log')

   formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')

   file_handler.setFormatter(formatter)

   logging.getLogger().addHandler(file_handler)

   logging.getLogger().setLevel(logging.DEBUG)

2. 添加两个util方法 dashboard/rrd/view/utils.py

   def get_Apitoken(name, password):

       d = {"name": name, "password": password}

       h = {"Content-type":"application/json"}

       r = requests.post("%s/user/login" %(config.API_ADDR,),

               data=json.dumps(d), headers=h)

       if r.status_code != 200:

           raise Exception("%s %s" %(r.status_code, r.text))

       sig = json.loads(r.text)["sig"]

       return json.dumps({"name":name,"sig":sig})

    

   def get_user_id(name, Apitoken):

       h = {"Content-type":"application/json","Apitoken":Apitoken}

       r = requests.get("%s/user/name/%s" %(config.API_ADDR,name), headers=h)

       if r.status_code != 200:

           user_id = -1

           return user_id

       user_id = json.loads(r.text)["id"]

       return user_id

3. 重构登陆函数

   diff --git a/rrd/view/auth/auth.py b/rrd/view/auth/auth.py

   index c203c4c..a546b95 100644

   --- a/rrd/view/auth/auth.py

   +++ b/rrd/view/auth/auth.py

   @@ -17,6 +17,7 @@

    from flask import request, g, abort, render_template, redirect

    from flask.ext.babel import refresh

    import requests

   +import traceback

    import json

    from rrd import app

    from rrd import config

   @@ -48,6 +49,7 @@ def auth_login():

            if ldap == "1":

                try:

                    ldap_info = view_utils.ldap_login_user(name, password)

   +                log.debug("ldap_info: %s" %ldap_info)

                    h = {"Content-type":"application/json"}

                    d = {

   @@ -58,12 +60,20 @@ def auth_login():

                        "phone": ldap_info['phone'],

                    }

   -                r = requests.post("%s/user/create" %(config.API_ADDR,),

   +                Apitoken = view_utils.get_Apitoken('admin', 'admin_password')

   +                user_id = view_utils.get_user_id(name, Apitoken)

   +                log.debug('apitoken:%s, user_id:%s' %(Apitoken, user_id))

   +

   +                if user_id > 0:

   +                    r = requests.put("%s/admin/change_user_passwd" %(config.API_ADDR), data=json.dumps({"user_id":user_id,"passwor

   +                    log.debug('ldap login success and synchronize user password')

   +                else:

   +                    r = requests.post("%s/user/create" %(config.API_ADDR,),

                            data=json.dumps(d), headers=h)

   -                log.debug("%s:%s" %(r.status_code, r.text))

   +                    log.debug("create user status %s:%s" %(r.status_code, r.text))

   -                #TODO: update password in db if ldap password changed

                except Exception as e:

   +                log.debug(traceback.format_exc())

                    ret["msg"] = str(e)

                    return json.dumps(ret)

   完