diff --git a/schemas/qwc-ldap-auth.json b/schemas/qwc-ldap-auth.json new file mode 100644 index 0000000..6bd78fa --- /dev/null +++ b/schemas/qwc-ldap-auth.json @@ -0,0 +1,48 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://raw.githubusercontent.com/qwc-services/qwc-ldap-auth/master/schemas/qwc-ldap-auth.json", + "title": "QWC LDAP authentication service", + "type": "object", + "properties": { + "$schema": { + "title": "JSON Schema", + "description": "Reference to JSON schema of this config", + "type": "string", + "format": "uri", + "default": "https://raw.githubusercontent.com/qwc-services/qwc-ldap-auth/master/schemas/qwc-ldap-auth.json" + }, + "service": { + "title": "Service name", + "type": "string", + "const": "ldap-auth" + }, + "config": { + "title": "Config options", + "type": "object", + "properties": { + "login_hint":{ + "description": "Login hint text, shown above login form fields. Either a string, or dictionary `{\"\": \"\"}`. When providing a dictionary, the entry matching the current locale will be searched, with fallback to `en` if no entry for the current locale exists, and fallback to an empty string if no `en` entry exists.", + "type": { + "oneOf":[ + {"type": "string"}, + { + "type": "object", + "patternProperties": { + "^[a-z]{2}$": { + "type": "string" + } + } + } + ] + } + } + }, + "required": [ + ] + } + }, + "required": [ + "service", + "config" + ] +} diff --git a/src/server.py b/src/server.py index d58ae7c..1c3f7f1 100644 --- a/src/server.py +++ b/src/server.py @@ -18,6 +18,7 @@ import i18n from qwc_services_core.jwt import jwt_manager from qwc_services_core.auth import GroupNameMapper +from qwc_services_core.runtime_config import RuntimeConfig from qwc_services_core.tenant_handler import ( TenantHandler, TenantPrefixMiddleware, TenantSessionInterface) @@ -115,12 +116,10 @@ ldap_manager = LDAP3LoginManager(app) # Setup a LDAP3 Login Manager. -if os.environ.get('TENANT_HEADER'): - app.wsgi_app = TenantPrefixMiddleware( - app.wsgi_app, os.environ.get('TENANT_HEADER')) +tenant_handler = TenantHandler(app.logger) -if os.environ.get('TENANT_HEADER') or os.environ.get('TENANT_URL_RE'): - app.session_interface = TenantSessionInterface(os.environ) +app.wsgi_app = TenantPrefixMiddleware(app.wsgi_app) +app.session_interface = TenantSessionInterface(os.environ) # Create a dictionary to store the users in when they authenticate. @@ -209,6 +208,10 @@ def home(): @app.route('/login', methods=['GET', 'POST']) def login(): + config_handler = RuntimeConfig("ldapAuth", app.logger) + tenant = tenant_handler.tenant() + config = config_handler.tenant_config(tenant) + target_url = url_path(request.args.get('url', '/')) if current_user.is_authenticated: return redirect(target_url) @@ -239,8 +242,16 @@ def login(): errors.remove('Invalid Username/Password.') errors.append(i18n.t('auth.auth_failed')) + login_hint = config.get('login_hint') + if isinstance(login_hint, dict): + login_hint = login_hint.get( + i18n.get('locale'), + login_hint.get('en', '') + ) + return render_template('login.html', form=form, i18n=i18n, - title=i18n.t("auth.login_page_title")) + title=i18n.t("auth.login_page_title"), + login_hint=login_hint) @app.route('/verify_login', methods=['POST']) diff --git a/src/static/style.css b/src/static/style.css index 134afc2..9d47762 100644 --- a/src/static/style.css +++ b/src/static/style.css @@ -76,3 +76,8 @@ input:focus { display: block; margin-top: 12px; } + +.login-hint { + text-align: left; + font-size: 14px; +} diff --git a/src/templates/login.html b/src/templates/login.html index c5d5484..335e601 100644 --- a/src/templates/login.html +++ b/src/templates/login.html @@ -11,6 +11,11 @@

{{ i18n.t('auth.login_form_title') }}