問題
小米的openfalcon在使用ldap首次登陸成功後,會在本地建立同名的賬號, 這就有個問題當你更新了ldap的密碼時,openfalcon是沒有同步本地賬號密碼的功能
二次改造
-
方便我們debug, 先把日誌的debug開啟,預設是沒有執行時日誌的,只有console日誌
# 編輯檔案 dashboard/rrd/utils/logger.py
import
sys
from rrd
import
config
import
logging
file_handler = logging.FileHandler(filename=
'/data1/dev/open-falcon/dashboard/var/running.log'
)
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s'
)
file_handler.setFormatter(formatter)
logging.getLogger().addHandler(file_handler)
logging.getLogger().setLevel(logging.DEBUG)
-
新增兩個util方法 dashboard/rrd/view/utils.py
def get_Apitoken(name, password):
d = {
"name"
: name,
"password"
: password}
h = {
"Content-type"
:
"application/json"
}
r = requests.post(
"%s/user/login"
%(config.API_ADDR,), \
data=json.dumps(d), headers=h)
if
r.status_code !=
200
:
raise Exception(
"%s %s"
%(r.status_code, r.text))
sig = json.loads(r.text)[
"sig"
]
return
json.dumps({
"name"
:name,
"sig"
:sig})
def get_user_id(name, Apitoken):
h = {
"Content-type"
:
"application/json"
,
"Apitoken"
:Apitoken}
r = requests.get(
"%s/user/name/%s"
%(config.API_ADDR,name), headers=h)
if
r.status_code !=
200
:
user_id = -
1
return
user_id
user_id = json.loads(r.text)[
"id"
]
return
user_id
-
重構登陸函式
diff --git a/rrd/view/auth/auth.py b/rrd/view/auth/auth.py
index c203c4c..a546b95
100644
--- a/rrd/view/auth/auth.py
+++ b/rrd/view/auth/auth.py
@@ -
17
,
6
+
17
,
7
@@
from flask
import
request, g, abort, render_template, redirect
from flask.ext.babel
import
refresh
import
requests
+
import
traceback
import
json
from rrd
import
app
from rrd
import
config
@@ -
48
,
6
+
49
,
7
@@ def auth_login():
if
ldap ==
"1"
:
try
:
ldap_info = view_utils.ldap_login_user(name, password)
+ log.debug(
"ldap_info: %s"
%ldap_info)
h = {
"Content-type"
:
"application/json"
}
d = {
@@ -
58
,
12
+
60
,
20
@@ def auth_login():
"phone"
: ldap_info[
'phone'
],
}
- r = requests.post(
"%s/user/create"
%(config.API_ADDR,), \
+ Apitoken = view_utils.get_Apitoken(
'admin'
,
'admin_password'
)
+ user_id = view_utils.get_user_id(name, Apitoken)
+ log.debug(
'apitoken:%s, user_id:%s'
%(Apitoken, user_id))
+
+
if
user_id >
0
:
+ r = requests.put(
"%s/admin/change_user_passwd"
%(config.API_ADDR), data=json.dumps({
"user_id"
:user_id,"passwor
+ log.debug(
'ldap login success and synchronize user password'
)
+
else
:
+ r = requests.post(
"%s/user/create"
%(config.API_ADDR,), \
data=json.dumps(d), headers=h)
- log.debug(
"%s:%s"
%(r.status_code, r.text))
+ log.debug(
"create user status %s:%s"
%(r.status_code, r.text))
- #TODO: update password in db
if
ldap password changed
except Exception as e:
+ log.debug(traceback.format_exc())
ret[
"msg"
] = str(e)
return
json.dumps(ret)
完