Merge pull request #27 from dignajar/refactor/include-all-active-dire…

…ctory-groups-in-chache

refactor: Include all AD groups into the cache

files/aldap.py

@@ -116,15 +116,15 @@ def validateGroups(self, username:str, groups:list):
 		if self.groupConditional == 'or':
 			if len(matchedGroups) > 0:
 				self.logs.info({'message':'At least one group is valid for the user.', 'username': username, 'matchedGroups': ','.join(matchedGroups), 'groups': ','.join(groups), 'conditional': self.groupConditional})
-				return True,matchedGroups
+				return True,matchedGroups,adGroups
 		# Conditiona AND, true if all the groups match
 		elif self.groupConditional == 'and':
 			if len(groups) == len(matchesByGroup):
 				self.logs.info({'message':'All groups are valid for the user.', 'username': username, 'matchedGroups': ','.join(matchedGroups), 'groups': ','.join(groups), 'conditional': self.groupConditional})
-				return True,matchedGroups
+				return True,matchedGroups,adGroups
 		else:
 			self.logs.error({'message':'Invalid conditional group.', 'username': username, 'conditional': self.groupConditional})
-			return False,[]
+			return False,[],[]
 
 		self.logs.error({'message':'Invalid groups for the user.', 'username': username, 'matchedGroups': ','.join(matchedGroups), 'groups': ','.join(groups), 'conditional': self.groupConditional})
-		return False,[]
+		return False,[],[]

files/cache.py

@@ -33,15 +33,15 @@ def addUser(self, username:str, password:str):
 		if username not in self.cache:
 			self.logs.info({'message':'Adding user to the cache.', 'username': username})
 			passwordHash = self.__hash__(password)
-			self.cache[username] = {'password': passwordHash, 'matchedGroups': []}
+			self.cache[username] = {'password': passwordHash, 'adGroups': []}
 
-	def addGroups(self, username:str, matchedGroups:list):
+	def addGroups(self, username:str, adGroups:list):
 		'''
 			Add user groups to the cache
 		'''
 		if username in self.cache:
-			self.logs.info({'message':'Adding groups to the cache.', 'username': username, 'matchedGroups': ','.join(matchedGroups)})
-			self.cache[username]['matchedGroups'] = list(set(self.cache[username]['matchedGroups'] + matchedGroups))
+			self.logs.info({'message':'Adding groups to the cache.', 'username': username})
+			self.cache[username]['adGroups'] = adGroups
 
 	def validateUser(self, username:str, password:str) -> bool:
 		'''
@@ -69,6 +69,9 @@ def validateUser(self, username:str, password:str) -> bool:
 		return False
 
 	def __findMatch__(self, group:str, adGroup:str):
+		# Extract the Common Name from the string (letters, spaces, underscores and hyphens)
+		adGroup = re.match('(?i)CN=((\w*\s?_?-?)*)', adGroup).group(1)
+
 		# Disable case sensitive
 		if not self.groupCaseSensitive:
 			adGroup = adGroup.lower()
@@ -86,12 +89,13 @@ def validateGroups(self, username:str, groups:list):
 			Returns True if the groups are valid for the user, False otherwise
 		'''
 		if username in self.cache:
+			adGroups = self.cache[username]['adGroups']
+
+			self.logs.info({'message':'Validating groups from cache.', 'username': username, 'groups': ','.join(groups), 'conditional': self.groupConditional})
 			matchedGroups = []
 			matchesByGroup = []
-			cacheGroups = self.cache[username]['matchedGroups']
-			self.logs.info({'message':'Validating groups via cache.', 'username': username, 'cacheGroups': ','.join(cacheGroups)})
 			for group in groups:
-				matches = list(filter(None,list(map(self.__findMatch__, repeat(group), cacheGroups))))
+				matches = list(filter(None,list(map(self.__findMatch__, repeat(group), adGroups))))
 				if matches:
 					matchesByGroup.append((group,matches))
 					matchedGroups.extend(matches)

files/main.py

@@ -188,11 +188,11 @@ def login(username, password):
 		matchingGroups = list(map(cleanMatchingGroups, matchingGroups))
 		validGroups, matchedGroups = cache.validateGroups(username, matchingGroups)
 		if not validGroups:
-			validGroups, matchedGroups = aldap.validateGroups(username, matchingGroups)
+			validGroups, matchedGroups, adGroups = aldap.validateGroups(username, matchingGroups)
 			if not validGroups:
 				return False
 			else:
-				cache.addGroups(username, matchedGroups)
+				cache.addGroups(username, adGroups)
 
 	# Success
 	setRegister(username, matchedGroups)