I am working on an email client powered by Django and IMAPClient library.
On the client-side, users have interface for associating their mailboxes (like test1#gmail.com, test2#gmail.com, etc...) with their accounts in my app . And the goal is to store credentials info so that the user has to go through the procedure of inserting password and host name (like imap.gmail.com) only once unless he deliverately logs out from an account.
The question is, where and how should the login/password/hostname data used for establishing IMAP connection be stored? Is it my server's DB? Or some sort of .ini files? I remember, reading a post about python/imap where they stored it in .ini files, but I can't find it now.
Currently, I store credentials and IMAP hostname info in my local db. Thus, in each view that needs to fetch info from IMAP server, I query my server db to get the data and After this, I initialize IMAPClient variable for establishing connection with the IMAP server. And I have a terrible feeling that this is junk code:
def show_mail(request, login):
user_email_info = UserEmailInfo.objects.get(user_id = request.user.id,
login = login)
HOST = user_email_info.host #'imap.gmail.com'
USERNAME = user_email_info.login
PASSWORD = user_email_info.psw
server = IMAPClient(HOST, use_uid=True, ssl=True)
server.login(USERNAME, PASSWORD)
P.S. I am not sure whether this question is related more to general python/Django rather than IMAP. So if I am missing something, please give a hint on this, I'll edit the question in a timely manner.
Related
I am using the ldap3 library (https://ldap3.readthedocs.io/en/latest/) with Python and authenticating against LDAP
conn = Connection(server, user='CN=person,OU=Service Accounts,DC=mydc,DC=mydomain,DC=co,DC=uk', password='Password123', auto_bind=True)
The below works but only because I know the person value. How would I set this up so someone can authenticate using their mail or user ID e.g. forename.surname
At the moment they would need to use the dn form which of course no user will ever be likely to know
Thanks
Using this page https://ldap3.readthedocs.io/en/latest/tutorial_intro.html#logging-into-the-server
I got the following to work
from ldap3 import Server, Connection, ALL, NTLM
server = Server('ldap://my_ldap_server', get_info='ALL')
conn = Connection(server, user="mydomain\\user", password='Password123', authentication=NTLM)
conn.bind()
authenticated = conn.bound
print(authenticated)
conn.unbind()
At the moment they would need to use the dn form which of course no user will ever be likely to know
With standard LDAP directories, you're supposed to bind with the application's own account first, then perform a search for some attribute as the username (e.g. search Active Directory for sAMAccountName=theuser), and finally use the found entry's DN as the actual bind DN for password verification.
For Active Directory in particular, you can directly specify either the UPN theuser#ad.example.com or the legacy SAM account name EXAMPLE\theuser in place of the bind DN.
I have an ldap server who I connect to using `con = ldap.initialize(server)` and I bind to the server using `con.simple_bind_s(bind_dn, bind_password)`.
Now I want a authenticate a user using this ldap connection using his username and password which is different from the bind username and password. I searched a lot but didn't get any concrete answer.
Any help is appreciated.Thanks.
con.simple_bind_s(POST[bind_dn], POST[bind_password])
Can be used for both admin and users, something like this:
con.simple_bind_s(uid=1000,ou=people,o=org, password)
con.simple_bind_s(cn=Directory Manager, password)
In general, you can find ready to use modules in python that allow the management for users session using the same priciple, ceck this: https://turbogears.readthedocs.io/en/latest/cookbook/ldap-auth.html
So, I have two servers:
1) Dev
2) Prod
I am using pymssql.connect() for connecting to a SQL database to which Dev\user has access. The problem is that Prod\user does not have access, but it is the same password to login to both servers, thus if I could do something like, on the "prod" server
user = input("user:")
pymssql.connect("select 2",server_db,user=user,password=None)
then I can hard type user=dev\user and still use the password from authentication, which does not work. If I set user=None, then automatically user and pw is from the authentication, but is it not possible to extract either of those?
I cannot type the password since it is a job which runs each night.
I am trying to build an flask app on AWS lambda, which needs to access https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly to get the Mac Address of chrome devices by domain name and chrome device id.
Basically the working flow is blew:
A Chrome Extension deployed by G-Suit sends an request with domain name and device id to AWS(as we are using AWS), then the AWS sends an request with domain name and device id to Google Cloud to get Mac Address.
I started with using an access the directory API as a service account like service_account.Credentials.from_service_account_file(SERVICE_ACCOUNT_FILE, scopes=SCOPES, subject="username#domainName.com"), and it works. However, I realised it was wrong implementation as the domainName would be changed and subject will be different for each domain as the Chrome Extension can be deployed via different domains.
Then I started to use the sample code from Google(https://developers.google.com/api-client-library/python/auth/web-app), and I was able to access the domain and get the Mac Address of each device.
However, the problem is it requires to choose the email when you call the google api for the first time. But as I mentioned above, this app is going to run on AWS, so clearly users cannot choose the email.
So is that possible that we just use the domainName instead of choosing email to do the authentication and access the different directories? If so, is there any examples or documentations I need to read?
I suspect I need to modify this part from the sample, but I am still getting confused how it works.
#app.route('/adminlogin')
def authorize():
# Create flow instance to manage the OAuth 2.0 Authorization Grant Flow steps.
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=SCOPES)
flow.redirect_uri = flask.url_for('oauth2callback', _external=True)
authorization_url, state = flow.authorization_url(
# Enable offline access so that you can refresh an access token without
# re-prompting the user for permission. Recommended for web server apps.
access_type='offline',
approval_prompt="force",
# Enable incremental authorization. Recommended as a best practice.
#include_granted_scopes='true'
)
# Store the state so the callback can verify the auth server response.
flask.session['state'] = state
return flask.redirect(authorization_url)
Any hint will be helpful.
Prior to the 1.7.6 dev server update, I was able to use /_ah/remote_api to upload test data to my dev server having to go through the authentication process by not entering a username and password (hitting return twice). Since the update, this now continuously asks for a username and password, regardless of what I put in - often says error incorrect username or password. I am currently targeting localhost:8080,
def auth_func():
return (raw_input('Username:'), getpass.getpass('Password:'))
remote_api_stub.ConfigureRemoteApi(None, '/_ah/remote_api', auth_func,
'localhost:8080')
though there are two new servers including the API server and the admin server. Has anyone else encountered this? if so, how did you fix it?
Thanks!
Jon
Apparently thanks to Tim - If you use the new dev_appserver then you need to sepecify a email like looking username and a single character as a password on the local development server in order for it to accept and move past the login stage.