smile/cbmi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added admin password setting function

Browse source
This commit is contained in:
smile 2013-10-26 22:40:47 +02:00
parent 5597676bb5
commit 56c684d355
6 changed files with 109 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

41
account/cbase_members.py
View file

@ -100,11 +100,14 @@ class MemberValues(object):
result[key] = self.get(key) result[key] = self.get(key)
return result return result
def _get_bind_dn(self): def _get_bind_dn(self, username=None):
""" """
Adds the uid=userid, to the base dn and returns that. Adds the uid=userid, to the base dn and returns that.
""" """
if not username:
bind_dn = 'uid=%s,' % self._username bind_dn = 'uid=%s,' % self._username
else:
bind_dn = 'uid=%s,' % username
bind_dn += settings.CBASE_BASE_DN bind_dn += settings.CBASE_BASE_DN
return bind_dn return bind_dn
@ -128,5 +131,39 @@ class MemberValues(object):
# TODO: latin1 # TODO: latin1
print "result is: ", result print "result is: ", result
# TODO: if len(result)==0 # TODO: if len(result)==0
return result[0][1]
session.unbind_s() session.unbind_s()
return result[0][1]
def admin_change_password(self, username, new_password):
"""
Change the password of the member.
You do not need to call save() after calling change_password().
"""
l = ldap.initialize(settings.CBASE_LDAP_URL)
user_dn = self._get_bind_dn()
l.simple_bind_s(user_dn, self._password)
l.passwd_s(self._get_bind_dn(username), None, new_password)
l.unbind_s()
def list_users(self):
l = ldap.initialize(settings.CBASE_LDAP_URL)
user_dn = self._get_bind_dn()
l.simple_bind_s(user_dn, self._password)
try:
ldap_result_id = l.search(settings.CBASE_BASE_DN, ldap.SCOPE_SUBTREE, "memberOf=cn=crew,ou=groups,dc=c-base,dc=org", None)
result_set = []
while 1:
result_type, result_data = l.result(ldap_result_id, 0)
if (result_data == []):
break
else:
## here you don't have to append to a list
## you could do whatever you want with the individual entry
## The appending to list is just for illustration.
if result_type == ldap.RES_SEARCH_ENTRY:
result_set.append(result_data)
userlist = [x[0][1]['uid'][0] for x in result_set]
return sorted(userlist)
except:
return []

9
account/templates/access_denied.html Normal file
View file

@ -0,0 +1,9 @@
{% extends "member_base.html" %}
{% load i18n %}
{% load crispy_forms_tags %}
{% block form_title %}{% trans "Password"%}{% endblock %}
{% block container %}
<div class="alert alert-error">{% blocktrans %}ACCESS DENIED{% endblocktrans %}</div>
{% endblock %}

22
account/templates/admin.html Normal file
View file

@ -0,0 +1,22 @@
{% extends "form_base.html" %}
{% load i18n %}
{% load crispy_forms_tags %}
{% block form_title %}{% trans "Admin Password"%}{% endblock %}
{% block form_description %}
<p>{% blocktrans %}You can change other users passwords here.{% endblocktrans %}</p>
{% endblock %}
{% block form_fields %}
<form action="{% url account.views.admin %}" method="post" class="form-horizontal well">
{% csrf_token %}
{{ form|crispy }}
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">{% trans "Save"%}</button>
</div>
</div>
</form>
{% endblock form_fields %}

8
account/templates/member_base.html
View file

@ -36,6 +36,14 @@
<li class="{% if request.path == sippin_url %}active{% endif %}"> <li class="{% if request.path == sippin_url %}active{% endif %}">
<a href="{{ sippin_url }}">{% trans "SIP-PIN" %}</a> <a href="{{ sippin_url }}">{% trans "SIP-PIN" %}</a>
</li> </li>
{% for group in request.user.groups.all %}
{% if group.name == 'ldap_admins' %}
{% url account.views.admin as admin_url %}
<li class="{% if request.path == admin_url %}active{% endif %}">
<a href="{{ admin_url }}">{% trans "Admin" %}</a>
</li>
{% endif %}
{% endfor %}
</ul> </ul>
{% block container %}{% endblock container %} {% block container %}{% endblock container %}

1
account/urls.py
View file

@ -12,6 +12,7 @@ urlpatterns = patterns(
url(r'^password/$', 'account.views.password', name='password'), url(r'^password/$', 'account.views.password', name='password'),
url(r'^sippin/$', 'account.views.sippin', name='sippin'), url(r'^sippin/$', 'account.views.sippin', name='sippin'),
url(r'^clabpin/$', 'account.views.clabpin', name='clabpin'), url(r'^clabpin/$', 'account.views.clabpin', name='clabpin'),
url(r'^admin/$', 'account.views.admin', name='admin'),
url(r'^$', 'account.views.home', name="home"), url(r'^$', 'account.views.home', name="home"),
url(r'^groups/(?P<group_name>[^/]+)/', 'account.views.groups_list'), url(r'^groups/(?P<group_name>[^/]+)/', 'account.views.groups_list'),
) )

31
account/views.py
View file

@ -18,7 +18,7 @@ from django.shortcuts import render
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \ from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \
RFIDForm, NRF24Form, SIPPinForm, CLabPinForm RFIDForm, NRF24Form, SIPPinForm, CLabPinForm, AdminForm
from cbase_members import retrieve_member from cbase_members import retrieve_member
def landingpage(request): def landingpage(request):
@ -137,6 +137,9 @@ def gastropin(request):
@login_required @login_required
def clabpin(request): def clabpin(request):
if request.user.groups.filter(name='ldap_admins').count() == 0:
return render(request, 'access_denied.html')
def calculate_clab_hash(pin): def calculate_clab_hash(pin):
salt = os.urandom(12) salt = os.urandom(12)
digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest() digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()
@ -215,6 +218,30 @@ def rfid(request):
def nrf24(request): def nrf24(request):
return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html') return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html')
@login_required
def admin(request):
member = retrieve_member(request)
if request.user.groups.filter(name='ldap_admins').count() == 0:
return render(request, 'access_denied.html')
users = member.list_users()
if request.method == 'POST':
form = AdminForm(request.POST, request=request, users=users)
if form.is_valid():
new_password = form.cleaned_data['password1']
member.admin_change_password(form.cleaned_data['username'], new_password)
new_form = AdminForm(request=request, users=users)
return render(request, 'admin.html',
{'message': _('The password for %s was changed. Thank you!' % form.cleaned_data['username']),
'form': new_form})
else:
return render(request, 'admin.html',
{'form': form})
else:
form = AdminForm(request=request, users=users)
return render(request, 'admin.html',
{'form': form})
#username = cleaned_data.get('username')
#admin_username = self._request.user.username
#admin_password = self._request.session['ldap_password']