simplify connection code for ldap testing

Welcome.py

@@ -17,7 +17,7 @@
 if "password_correct" not in st.session_state:
     st.session_state["password_correct"] = False
 
-with st.sidebar:
+with (((st.sidebar))):
     # Display the logo on the sidebar
     # Create three columns
     col1, col2, col3 = st.columns([1, 2, 1])
@@ -26,19 +26,19 @@
     with col2:
         st.image("img/logo.svg", width=100)
 
-
     def credentials_entered():
         """Checks whether a password entered by the user is correct."""
-        if nglc.ldap_login(username=st.session_state.username, password=st.session_state.password):
+        if nglc.ldap_login(username=st.session_state.username,
+                           password=st.session_state.password):
             st.session_state["password_correct"] = True
             del st.session_state["password"]  # Don't store the password.
         else:
             st.session_state["password_correct"] = False
 
-        if "password_correct" in st.session_state and not st.session_state["password_correct"]:
+        if ("password_correct" in st.session_state and
+                not st.session_state["password_correct"]):
             st.error("😕 Password incorrect")
 
-
     st.write("Login with your university credentials.")
 
     # Show input for password.
@@ -61,7 +61,7 @@ def check_password():
 st.markdown(
     f"""
     This portal is an open-source app to allow users to chat with several chatbot experts from OpenAI's ChatGPT.
-    
+   
     **👈 Login on the sidebar** to enter the chat area!
     ### Want to learn more about your rights as an user for this app?
     - Check out [Datenschutz]({os.environ['DATENSCHUTZ']})
@@ -72,4 +72,5 @@ def check_password():
 if not check_password():
     st.stop()
 
+st.success("ENTER")
 st.page_link()

nginx_ldap_connector.py

@@ -1,9 +1,9 @@
 import logging
 import os
+import ssl
 from dotenv import load_dotenv
 
-from flask import Flask, request
-from ldap3 import Server, Connection, ALL, AUTO_BIND_NO_TLS
+from ldap3 import Server, Connection, ALL, AUTO_BIND_NO_TLS, Tls
 
 load_dotenv()
 
@@ -16,13 +16,16 @@
 ldap_user_dn = os.environ['LDAP_USER_DN']
 ldap_search_filter = os.environ['LDAP_SEARCH_FILTER']
 
-app = Flask(__name__)
+ciphers = os.environ['CIPHERS']
 
 
 def connect(user_dn=None, password=None):
+    tls = Tls(ciphers=ciphers, validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLS)
+
     server = Server(ldap_server,
                     port=ldap_port,
                     use_ssl=True,
+                    tls=tls,
                     get_info=ALL)
     # Note: AUTO_BIND_NO_TLS means no Start TLS
     # See: https://github.com/cannatag/ldap3/issues/1061
@@ -50,35 +53,10 @@ def ldap_login(username: str, password: str) -> dict[str, list]:
 
     logging.debug('Searching for user data')
     conn.search(
-            ldap_base_dn,
-            ldap_search_filter.format(username=username),
-            attributes=attributes)
+        ldap_base_dn,
+        ldap_search_filter.format(username=username),
+        attributes=attributes)
     if len(conn.entries) != 1:
         raise ValueError('Search must return exactly one result', conn.entries)
     logging.debug('Found user data')
     return conn.entries[0].entry_attributes_as_dict
-
-
-def check_auth(auth):
-    if not auth:
-        return False
-    try:
-        ldap_login(auth.username, auth.password)
-    except Exception as e:
-        logging.debug('Error logging in: %s', e)
-        return False
-    return True
-
-
-@app.route('/auth')
-def auth():
-    if not check_auth(request.authorization):
-        return ('Unauthorized', 401, {
-            'WWW-Authenticate': 'Basic realm="Login Required"'
-        })
-    return 'okay'
-
-
-if __name__ == '__main__':
-    app.run(host=os.environ.get('LISTEN_ADDR', '127.0.0.1'),
-            port=os.environ.get('LISTEN_PORT' '5000'))