#!/usr/bin/env python3

# avalon-bbs ldaputil.py
# Copyright (C) 2026 The Avalon Team <avalon@icolotl.com>

# This program is free software: you can redistribute it and/or modify it under 
# the terms of the GNU Affero General Public License as published by the Free 
# Software Foundation, either version 3 of the License, or (at your option) any 
# later version.

# This program is distributed in the hope that it will be useful, but WITHOUT ANY 
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 
# PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.

# You should have received a copy of the GNU Affero General Public License along 
# with this program.  If not, see <http://www.gnu.org/licenses/>.

from getpass import getpass

from ldap3 import Server, Connection
from ldap3.utils.conv import escape_filter_chars
from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult

SEARCH_DN = "cn=Search,dc=icolotl,dc=com"
with open("search.key", encoding="utf-8") as file:
    SEARCH_KEY = file.read().strip()

def authenticate(username, password):
    """Attempt to authenticate against the Avalon LDAP Database."""
    server = Server("127.0.0.1")
    try:
        with Connection(server, user=SEARCH_DN, password=SEARCH_KEY, raise_exceptions=True) as conn:
            conn.search("ou=People,dc=icolotl,dc=com", f"(&(objectclass=person)(uid={escape_filter_chars(username)}))")
            if len(conn.entries) != 1:
                return False
            USER_DN = conn.entries[0].entry_dn
        with Connection(server, user=USER_DN, password=password, raise_exceptions=True):
            return True
    except (LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult):
        return False