smile/cbmi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

everything except admin works

Browse source
This commit is contained in:
Uwe Kamper 2013-10-26 20:06:42 +02:00
parent 5691659fe1
commit 5558882b9a
6 changed files with 101 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

17
account/cbase_members.py
View file

@ -60,10 +60,8 @@ class MemberValues(object):
Save the values back to the LDAP server. Save the values back to the LDAP server.
""" """
dn = "uid=%s,ou=crew,dc=c-base,dc=org" % self._username dn = "uid=%s,ou=crew,dc=c-base,dc=org" % self._username
print 'setting dn=', dn
# TODO: Use settings for url l = ldap.initialize(settings.CBASE_LDAP_URL)
l = ldap.initialize("ldap://lea.cbrp3.c-base.org:389/")
l.simple_bind_s(dn, self._password) l.simple_bind_s(dn, self._password)
mod_attrs = [] mod_attrs = []
@ -83,6 +81,18 @@ class MemberValues(object):
print "modattrs: ",mod_attrs print "modattrs: ",mod_attrs
result = l.modify_s(dn, mod_attrs) result = l.modify_s(dn, mod_attrs)
print "result is: ", result print "result is: ", result
l.unbind_s()
def change_password(self, new_password):
"""
Change the password of the member.
You do not need to call save() after calling change_password().
"""
l = ldap.initialize(settings.CBASE_LDAP_URL)
user_dn = self._get_bind_dn()
l.simple_bind_s(user_dn, self._password)
l.passwd_s(user_dn, self._password, new_password)
l.unbind_s()
def to_dict(self): def to_dict(self):
result = {} result = {}
@ -119,3 +129,4 @@ class MemberValues(object):
print "result is: ", result print "result is: ", result
# TODO: if len(result)==0 # TODO: if len(result)==0
return result[0][1] return result[0][1]
session.unbind_s()

25
account/forms.py
View file

@ -61,11 +61,36 @@ class WlanPresenceForm(forms.Form):
class PasswordForm(forms.Form): class PasswordForm(forms.Form):
old_password = forms.CharField(max_length=255, widget=forms.PasswordInput,
label=_('Old password'),
help_text=_('Enter your current password here.'))
password1 = forms.CharField(max_length=255, widget=forms.PasswordInput, password1 = forms.CharField(max_length=255, widget=forms.PasswordInput,
label=_('New password')) label=_('New password'))
password2 = forms.CharField(max_length=255, widget=forms.PasswordInput, password2 = forms.CharField(max_length=255, widget=forms.PasswordInput,
label=_('Repeat password')) label=_('Repeat password'))
def __init__(self, *args, **kwargs):
self._request = kwargs.pop('request', None)
super(PasswordForm, self).__init__(*args, **kwargs)
def clean(self):
cleaned_data = super(PasswordForm, self).clean()
old_password = cleaned_data.get('old_password')
username = self._request.user.username
user = authenticate(username=username, password=old_password)
if not user or not user.is_active:
raise forms.ValidationError(_('The old password was incorrect.'),
code='old_password_wrong')
password1 = cleaned_data.get('password1')
password2 = cleaned_data.get('password2')
if password1 != password2:
raise forms.ValidationError(
_('The new passwords were not identical.'),
code='not_identical')
return cleaned_data
class RFIDForm(forms.Form): class RFIDForm(forms.Form):
rfid = forms.CharField(max_length=255, label=_('Your RFID'), rfid = forms.CharField(max_length=255, label=_('Your RFID'),

8
account/templates/start.html → account/templates/home.html
View file

@ -25,6 +25,14 @@
</li> </li>
</ul> </ul>
<h3>{% trans "Your group memberships" %}</h3>
{% trans "You are part of the following LDAP groups:" %}
<ul>
{% for group in groups %}
<li><span class="label label-info">{{ group }}</span></li>
{% endfor %}
</ul>
<h3>{% trans "Management information" %}</h3> <h3>{% trans "Management information" %}</h3>
<ul> <ul>

1
account/templates/password.html
View file

@ -9,7 +9,6 @@
{% endblock %} {% endblock %}
{% block form_fields %} {% block form_fields %}
{{ form.non_field_errors }}
<form action="{% url account.views.password %}" method="post" class="form-horizontal well"> <form action="{% url account.views.password %}" method="post" class="form-horizontal well">
{% csrf_token %} {% csrf_token %}
{{ form|crispy }} {{ form|crispy }}

76
account/views.py
View file

@ -1,8 +1,11 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import hashlib
from django.conf import settings
import os
import base64
import hashlib
from django.conf import settings
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response from django.shortcuts import render_to_response
from django.template.context import RequestContext from django.template.context import RequestContext
@ -16,8 +19,7 @@ from django.utils.translation import ugettext as _
from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \ from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \
RFIDForm, NRF24Form, SIPPinForm, CLabPinForm RFIDForm, NRF24Form, SIPPinForm, CLabPinForm
from cbase_members import MemberValues, retrieve_member from cbase_members import retrieve_member
def landingpage(request): def landingpage(request):
if request.user.is_authenticated(): if request.user.is_authenticated():
@ -69,9 +71,8 @@ def auth_login(request):
@login_required @login_required
def home(request): def home(request):
member = retrieve_member(request) member = retrieve_member(request)
context = {'member': member.to_dict()} context = {'member': member.to_dict(), 'groups': request.user.groups.all()}
print context return render(request, 'home.html', context)
return render(request, 'start.html', context)
@login_required @login_required
def auth_logout(request): def auth_logout(request):
@ -91,23 +92,16 @@ def groups_list(request, group_name):
is_admin = True is_admin = True
return render_to_response("group_list.html", locals()) return render_to_response("group_list.html", locals())
@login_required @login_required
def sippin(request): def sippin(request):
return set_ldap_field(request, SIPPinForm, [('sippin', 'sippin')], return set_ldap_field(request, SIPPinForm, [('sippin', 'sippin')],
'sippin.html') 'sippin.html')
def calculate_gastro_hash(pin):
key = settings.CBASE_GASTRO_KEY
bla = '%s%s' % (key, pin)
return hashlib.sha256(bla).hexdigest()
def set_hash_field(request, form_type, in_field, out_field, hash_func, def set_hash_field(request, form_type, in_field, out_field, hash_func,
template_name): template_name):
""" """
Abstract view for each of the different forms. Abstract view for changing LDAP attributes that need to be hashed.
Takes a function that converts the value into the hashed_value.
""" """
member = retrieve_member(request) member = retrieve_member(request)
initial = {} initial = {}
@ -116,6 +110,7 @@ def set_hash_field(request, form_type, in_field, out_field, hash_func,
form = form_type(request.POST) form = form_type(request.POST)
if form.is_valid(): if form.is_valid():
hashed_value = hash_func(form.cleaned_data[in_field]) hashed_value = hash_func(form.cleaned_data[in_field])
print 'hashed value: ', hashed_value
member.set(out_field, hashed_value) member.set(out_field, hashed_value)
member.save() member.save()
new_form = form_type(initial=initial) new_form = form_type(initial=initial)
@ -132,20 +127,55 @@ def set_hash_field(request, form_type, in_field, out_field, hash_func,
@login_required @login_required
def gastropin(request): def gastropin(request):
def calculate_gastro_hash(pin):
key = settings.CBASE_GASTRO_KEY
bla = '%s%s' % (key, pin)
return hashlib.sha256(bla).hexdigest()
return set_hash_field(request, GastroPinForm, return set_hash_field(request, GastroPinForm,
'gastropin1', 'gastroPIN', calculate_gastro_hash, 'gastropin.html') 'gastropin1', 'gastroPIN', calculate_gastro_hash, 'gastropin.html')
@login_required @login_required
def password(request): def clabpin(request):
def hash_password(password): def calculate_clab_hash(pin):
return password salt = os.urandom(12)
digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()
return '{SSHA}' + base64.b64encode(digest + salt)
return set_ldap_field(request, PasswordForm, 'password1', 'password', return set_hash_field(request, CLabPinForm, 'c_lab_pin1', 'c-labPIN',
hash_password, 'password.html') calculate_clab_hash, 'clabpin.html')
@login_required
def password(request):
"""
"""
member = retrieve_member(request)
if request.method == 'POST':
form = PasswordForm(request.POST, request=request)
if form.is_valid():
new_password = form.cleaned_data['password1']
member.change_password(new_password)
request.session['ldap_password'] = new_password
request.session.save()
new_form = PasswordForm()
return render(request, 'password.html',
{'message': _('Your password was changed. Thank you!'),
'form': new_form, 'member': member.to_dict()})
else:
return render(request, 'password.html',
{'form': form, 'member': member.to_dict()})
else:
form = PasswordForm()
return render(request, 'password.html',
{'form': form, 'member': member.to_dict()})
def set_ldap_field(request, form_type, field_names, template_name): def set_ldap_field(request, form_type, field_names, template_name):
""" """
Abstract view for each of the different forms. Abstract view for each of the different forms.
field_names contains the mapping of the field name in the form to
""" """
member = retrieve_member(request) member = retrieve_member(request)
initial = {} initial = {}
@ -187,8 +217,4 @@ def nrf24(request):
@login_required
def clabpin(request):
return set_ldap_field(request, CLabPinForm, [('c_lab_pin1', 'c-labPIN')],
'clabpin.html')

3
cbmi/settings.py
View file

@ -217,6 +217,9 @@ CRISPY_TEMPLATE_PACK = 'bootstrap'
CBASE_LDAP_URL = 'ldap://lea.cbrp3.c-base.org:389/' CBASE_LDAP_URL = 'ldap://lea.cbrp3.c-base.org:389/'
CBASE_BASE_DN = 'ou=crew,dc=c-base,dc=org' CBASE_BASE_DN = 'ou=crew,dc=c-base,dc=org'
# Set session cookie timeout to 10 minutes
SESSION_COOKIE_AGE = 600
LOGIN_URL = '/account/login/'
#LOCALE_PATHS = #LOCALE_PATHS =
try: try: