In this tutorial, I will take you through how to implement authentication of users in your Flask application using LDAP. To demonstrate this, I will create a small application with a home page and a login page. The user would need to enter the login details on the login page. If the credentials entered by the user are successfully authenticated on the provided LDAP server, the user will be logged in. If not, the user will be shown an appropriate message.
The following packages need to installed for the application that we’ll be developing.
The above commands should install all the required packages that are needed for this application to work.
First the application needs to be structured in a way that it is easy to understand.
All the files will be discussed below. The static folder contains the standard Bootstrap CSS and JS files.
First, the configuration file needs to be written:
In the file above, the application has been configured with different options as needed by the extensions as well as by the LDAP configuration. This is followed by the initialisation of the extensions and finally creation of the database.
The last statement creates a new database at the location provided against SQLALCHEMY_DATABASE_URI if a database does not already exist at that location, otherwise it loads the application with the same database.
The file above starts with the creation of a User model which contains just a username field for demonstration purpose. You can add as many fields as needed according to the context of the application.
The methods is_authenticated(), is_active(), is_anonymous() and get_id() are needed by the Flask-Login extension. The try_login() method does the actual authentication process by first creating a connection with the LDAP server and then using the username and password to log in the server by creating a simple bind.
In the above file, the methods load_user() and get_current_user() are needed by Flask-Login extension. Next are the handlers for our application, which are decorated by their respective routes.
home() just renders the home page for the user. The content of the home page is determined by the template flask_app/my_app/templates/home.html, which we’ll discuss shortly.
The handler of primary interest is login() as it handles the complete login process. If a logged in user tries to access this page, the page will automatically redirect to the home page. Otherwise, the login process will begin where the LDAP username and password of the user is taken as form input from flask_app/my_app/templates/login.html.
Using these credentials, the application tries to authenticate the user from the LDAP server provided in the configuration we saw earlier. If the user is authenticated, the application creates a new record for the user if a first time user is accessing the application, otherwise it just logs the user in with the existing record of the user.
Flash messages are shown to the user as and when required to keep the user engaged with the application.
logout() hander simply clears the session of the currently logged in user as a result of which the user is logged out.
Above is the base file which contains the header, footer and other basic components which remain common throughout the application. This helps in keeping the templates very modular and easy to understand as each template only contains the code relevant to its handler and functionality.
Even though all the common components are defined here, I have added an empty block for scripts which can be extended in any template which inherits base.html. Notice how the flashing of messages is being done above and how the Bootstrap CSS classes are dynamically being played with to make the flash message alert box appropriately styled.
The container block will be extended by the rest of the templates to add their respective contents.
Notice how the base template has been extended and content for the home page has been added inside the block container.
If the user is logged in, the user is greeted with the username and shown a message to log out. Otherwise, the user is shown a message to log in with the link to login page.
The login template simply contains a form with fields for username and password.
To run the application, execute the script run.py. The contents of this script are:
Now just execute from the command line:
All user passwords are password.
Over the course of this tutorial, we built a small but effective web application using Flask with the help of the Flask-Login extension. This application simply takes a username and password and authenticates the user against the LDAP server provided. Use your imagination to tweak and extend the application as per your needs.
