Welcome, {{ current_user.data.givenName }}

from flask import Flask, url_for
from flask_ldap3_login import LDAP3LoginManager
from flask_login import LoginManager, login_user, UserMixin, current_user
from flask import render_template_string, redirect, render_template
from flask_ldap3_login.forms import LDAPLoginForm
from mfa import generateOTP, generateSecret
# from ad import updateMfaSecret
from db import setupMfaSecret, updateMfaSecret, getMfaSecret, removeMfa
import yamlcon

app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret'
app.config['DEBUG'] = True

# Setup LDAP Configuration Variables. Change these to your own settings.
# All configuration directives can be found in the documentation.

# Hostname of your LDAP Server
app.config['LDAP_HOST'] = 'corp.bbrunson.com'

app.config['LDAP_PORT'] = 389

# Base DN of your directory
app.config['LDAP_BASE_DN'] = 'dc=corp,dc=bbrunson,dc=com'

# Users DN to be prepended to the Base DN
app.config['LDAP_USER_DN'] = 'cn=users'

# Groups DN to be prepended to the Base DN
# app.config['LDAP_GROUP_DN'] = 'cn=groups'

# The RDN attribute for your user schema on LDAP
app.config['LDAP_USER_RDN_ATTR'] = 'cn'

# The Attribute you want users to authenticate to LDAP with.
app.config['LDAP_USER_LOGIN_ATTR'] = 'sAMAccountName'

adinfo = yamlcon.load("adinfo.yaml")

# The Username to bind to LDAP with
app.config['LDAP_BIND_USER_DN'] = adinfo.get('adbind_user', '')

# The Password to bind to LDAP with
app.config['LDAP_BIND_USER_PASSWORD'] = adinfo.get('adbind_pass', '')

login_manager = LoginManager(app)              # Setup a Flask-Login Manager
ldap_manager = LDAP3LoginManager(app)          # Setup a LDAP3 Login Manager.

# Create a dictionary to store the users in when they authenticate
# This example stores users in memory.
users = {}


# Declare an Object Model for the user, and make it comply with the
# flask-login UserMixin mixin.
class User(UserMixin):
    def __init__(self, dn, username, data):
        self.dn = dn
        self.username = username
        self.data = data

    def __repr__(self):
        return self.dn

    def get_id(self):
        return self.dn


# Declare a User Loader for Flask-Login.
# Simply returns the User if it exists in our 'database', otherwise
# returns None.
@login_manager.user_loader
def load_user(id):
    if id in users:
        return users[id]
    return None


# Declare The User Saver for Flask-Ldap3-Login
# This method is called whenever a LDAPLoginForm() successfully validates.
# Here you have to save the user, and return it so it can be used in the
# login controller.
@ldap_manager.save_user
def save_user(dn, username, data, memberships):
    user = User(dn, username, data)
    users[dn] = user
    return user


# Declare some routes for usage to show the authentication process.
@app.route('/')
def home():
    # Redirect users who are not logged in.
    if not current_user or current_user.is_anonymous:
        return redirect(url_for('login'))

    # User is logged in, so show them a page with their cn and dn.
    # template = """
    # <h1>Welcome, {{ current_user.data.givenName }}</h1>

    # <h2> Email: {{ current_user.data.mail }}</h2>
    # <h2>{{ current_user.dn }}</h2> 
    # """
    print(current_user)
    print(current_user.data)
    print(current_user.data['objectSid'])

    # return render_template_string(template)
    return render_template('home.html', current_user=current_user, mfaurl=url_for('two_factor'))

@app.route('/2fa')
def two_factor():
    if not current_user or current_user.is_anonymous:
        return redirect(url_for('login'))
    
    if getMfaSecret(user=current_user.data['sAMAccountName']):
        currSecret = "MFA already setup"
        code = generateOTP(getMfaSecret(user=current_user.data['sAMAccountName']))

    elif not getMfaSecret(user=current_user.data['sAMAccountName']):
        setupMfaSecret(user=current_user.data['sAMAccountName'], secret=generateSecret())
        # currSecret = current_user.data['mfaSecret']
        currSecret = getMfaSecret(user=current_user.data['sAMAccountName'])
        code = ''
    
    print(currSecret)
    return render_template('2fa.html', currSecret=currSecret, code=code, homeurl=url_for('home'), delurl=url_for('delTwoFactor'))

@app.route('/del2fa')
def delTwoFactor():
    if not current_user or current_user.is_anonymous:
        return redirect(url_for('login'))
    
    removeMfa(user=current_user.data['sAMAccountName'])

    return redirect(url_for('home'))

@app.route('/manual_login')
def manual_login():
    # Instead of using the form, you can alternatively authenticate
    # using the authenticate method.
    # This WILL NOT fire the save_user() callback defined above.
    # You are responsible for saving your users.
    app.ldap3_login_manager.authenticate('username', 'password')


@app.route('/login', methods=['GET', 'POST'])
def login():
    template = """
    {{ get_flashed_messages() }}
    {{ form.errors }}
    <form method="POST">
        <label>Username{{ form.username() }}</label>
        <label>Password{{ form.password() }}</label>
        {{ form.submit() }}
        {{ form.hidden_tag() }}
    </form>
    """

    # Instantiate a LDAPLoginForm which has a validator to check if the user
    # exists in LDAP.
    form = LDAPLoginForm()

    if form.validate_on_submit():
        # Successfully logged in, We can now access the saved user object
        # via form.user.
        login_user(form.user)  # Tell flask-login to log them in.
        return redirect('/')  # Send them home

    return render_template_string(template, form=form)


if __name__ == '__main__':
    app.run()