diff --git a/account/cbase_members.py b/account/cbase_members.py index 47dcbfa..b3fe08b 100644 --- a/account/cbase_members.py +++ b/account/cbase_members.py @@ -100,11 +100,14 @@ class MemberValues(object): result[key] = self.get(key) return result - def _get_bind_dn(self): + def _get_bind_dn(self, username=None): """ Adds the uid=userid, to the base dn and returns that. """ - bind_dn = 'uid=%s,' % self._username + if not username: + bind_dn = 'uid=%s,' % self._username + else: + bind_dn = 'uid=%s,' % username bind_dn += settings.CBASE_BASE_DN return bind_dn @@ -128,5 +131,39 @@ class MemberValues(object): # TODO: latin1 print "result is: ", result # TODO: if len(result)==0 - return result[0][1] session.unbind_s() + return result[0][1] + + def admin_change_password(self, username, new_password): + """ + Change the password of the member. + You do not need to call save() after calling change_password(). + """ + l = ldap.initialize(settings.CBASE_LDAP_URL) + user_dn = self._get_bind_dn() + l.simple_bind_s(user_dn, self._password) + l.passwd_s(self._get_bind_dn(username), None, new_password) + l.unbind_s() + + def list_users(self): + l = ldap.initialize(settings.CBASE_LDAP_URL) + user_dn = self._get_bind_dn() + l.simple_bind_s(user_dn, self._password) + try: + ldap_result_id = l.search(settings.CBASE_BASE_DN, ldap.SCOPE_SUBTREE, "memberOf=cn=crew,ou=groups,dc=c-base,dc=org", None) + result_set = [] + while 1: + result_type, result_data = l.result(ldap_result_id, 0) + if (result_data == []): + break + else: + ## here you don't have to append to a list + ## you could do whatever you want with the individual entry + ## The appending to list is just for illustration. + if result_type == ldap.RES_SEARCH_ENTRY: + result_set.append(result_data) + + userlist = [x[0][1]['uid'][0] for x in result_set] + return sorted(userlist) + except: + return [] \ No newline at end of file diff --git a/account/templates/access_denied.html b/account/templates/access_denied.html new file mode 100644 index 0000000..dfe4e30 --- /dev/null +++ b/account/templates/access_denied.html @@ -0,0 +1,9 @@ +{% extends "member_base.html" %} +{% load i18n %} +{% load crispy_forms_tags %} + +{% block form_title %}{% trans "Password"%}{% endblock %} + +{% block container %} +
{% blocktrans %}ACCESS DENIED{% endblocktrans %}
+{% endblock %} \ No newline at end of file diff --git a/account/templates/admin.html b/account/templates/admin.html new file mode 100644 index 0000000..e230e92 --- /dev/null +++ b/account/templates/admin.html @@ -0,0 +1,22 @@ +{% extends "form_base.html" %} +{% load i18n %} +{% load crispy_forms_tags %} + +{% block form_title %}{% trans "Admin Password"%}{% endblock %} + +{% block form_description %} +

{% blocktrans %}You can change other users passwords here.{% endblocktrans %}

+{% endblock %} + +{% block form_fields %} +
+ {% csrf_token %} + {{ form|crispy }} + +
+
+ +
+
+
+{% endblock form_fields %} \ No newline at end of file diff --git a/account/templates/member_base.html b/account/templates/member_base.html index 67bfd7d..795300b 100644 --- a/account/templates/member_base.html +++ b/account/templates/member_base.html @@ -36,6 +36,14 @@
  • {% trans "SIP-PIN" %}
    • + {% for group in request.user.groups.all %} + {% if group.name == 'ldap_admins' %} + {% url account.views.admin as admin_url %} +
  • + {% trans "Admin" %} +
    • + {% endif %} + {% endfor %} {% block container %}{% endblock container %} diff --git a/account/urls.py b/account/urls.py index cb721bd..d4ff5f6 100644 --- a/account/urls.py +++ b/account/urls.py @@ -12,6 +12,7 @@ urlpatterns = patterns( url(r'^password/$', 'account.views.password', name='password'), url(r'^sippin/$', 'account.views.sippin', name='sippin'), url(r'^clabpin/$', 'account.views.clabpin', name='clabpin'), + url(r'^admin/$', 'account.views.admin', name='admin'), url(r'^$', 'account.views.home', name="home"), url(r'^groups/(?P[^/]+)/', 'account.views.groups_list'), ) \ No newline at end of file diff --git a/account/views.py b/account/views.py index f8b8f5e..6f6f664 100644 --- a/account/views.py +++ b/account/views.py @@ -18,7 +18,7 @@ from django.shortcuts import render from django.utils.translation import ugettext as _ from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \ - RFIDForm, NRF24Form, SIPPinForm, CLabPinForm + RFIDForm, NRF24Form, SIPPinForm, CLabPinForm, AdminForm from cbase_members import retrieve_member def landingpage(request): @@ -137,6 +137,9 @@ def gastropin(request): @login_required def clabpin(request): + if request.user.groups.filter(name='ldap_admins').count() == 0: + return render(request, 'access_denied.html') + def calculate_clab_hash(pin): salt = os.urandom(12) digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest() @@ -215,6 +218,30 @@ def rfid(request): def nrf24(request): return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html') +@login_required +def admin(request): + member = retrieve_member(request) + if request.user.groups.filter(name='ldap_admins').count() == 0: + return render(request, 'access_denied.html') + users = member.list_users() + if request.method == 'POST': + form = AdminForm(request.POST, request=request, users=users) + if form.is_valid(): + new_password = form.cleaned_data['password1'] + member.admin_change_password(form.cleaned_data['username'], new_password) + new_form = AdminForm(request=request, users=users) + return render(request, 'admin.html', + {'message': _('The password for %s was changed. Thank you!' % form.cleaned_data['username']), + 'form': new_form}) + else: + return render(request, 'admin.html', + {'form': form}) + else: + form = AdminForm(request=request, users=users) + return render(request, 'admin.html', + {'form': form}) - + #username = cleaned_data.get('username') + #admin_username = self._request.user.username + #admin_password = self._request.session['ldap_password']