added admin password setting function

2013-10-26 22:40:47 +02:00 · 2013-10-26 22:40:47 +02:00 · 56c684d355
commit 56c684d355
parent 5597676bb5
6 changed files with 109 additions and 5 deletions
--- a/account/cbase_members.py
+++ b/account/cbase_members.py
@ -100,11 +100,14 @@ class MemberValues(object):
            result[key] = self.get(key)
        return result

-    def _get_bind_dn(self):
+    def _get_bind_dn(self, username=None):
        """
        Adds the uid=userid, to the base dn and returns that.
        """
+        if not username:
            bind_dn = 'uid=%s,' % self._username
+        else:
+            bind_dn = 'uid=%s,' % username
        bind_dn += settings.CBASE_BASE_DN
        return bind_dn

@ -128,5 +131,39 @@ class MemberValues(object):
        # TODO: latin1
        print "result is: ", result
        # TODO: if len(result)==0
-        return result[0][1]
        session.unbind_s()
+        return result[0][1]
+
+    def admin_change_password(self, username, new_password):
+        """
+        Change the password of the member.
+        You do not need to call save() after calling change_password().
+        """
+        l = ldap.initialize(settings.CBASE_LDAP_URL)
+        user_dn = self._get_bind_dn()
+        l.simple_bind_s(user_dn, self._password)
+        l.passwd_s(self._get_bind_dn(username), None, new_password)
+        l.unbind_s()
+
+    def list_users(self):
+        l = ldap.initialize(settings.CBASE_LDAP_URL)
+        user_dn = self._get_bind_dn()
+        l.simple_bind_s(user_dn, self._password)
+        try:
+            ldap_result_id = l.search(settings.CBASE_BASE_DN, ldap.SCOPE_SUBTREE, "memberOf=cn=crew,ou=groups,dc=c-base,dc=org", None)
+            result_set = []
+            while 1:
+                result_type, result_data = l.result(ldap_result_id, 0)
+                if (result_data == []):
+                    break
+                else:
+                    ## here you don't have to append to a list
+                    ## you could do whatever you want with the individual entry
+                    ## The appending to list is just for illustration.
+                    if result_type == ldap.RES_SEARCH_ENTRY:
+                        result_set.append(result_data)
+
+            userlist = [x[0][1]['uid'][0] for x in result_set]
+            return sorted(userlist)
+        except:
+            return []
--- a/account/templates/access_denied.html
+++ b/account/templates/access_denied.html
@ -0,0 +1,9 @@
+{% extends "member_base.html" %}
+{% load i18n %}
+{% load crispy_forms_tags %}
+
+{% block form_title %}{% trans "Password"%}{% endblock %}
+
+{% block container %}
+    <div class="alert alert-error">{% blocktrans %}ACCESS DENIED{% endblocktrans %}</div>
+{% endblock %}
--- a/account/templates/admin.html
+++ b/account/templates/admin.html
@ -0,0 +1,22 @@
+{% extends "form_base.html" %}
+{% load i18n %}
+{% load crispy_forms_tags %}
+
+{% block form_title %}{% trans "Admin Password"%}{% endblock %}
+
+{% block form_description %}
+    <p>{% blocktrans %}You can change other users passwords here.{% endblocktrans %}</p>
+{% endblock %}
+
+{% block form_fields %}
+    <form action="{% url account.views.admin %}" method="post" class="form-horizontal well">
+        {% csrf_token %}
+        {{ form|crispy }}
+
+        <div class="control-group">
+            <div class="controls">
+                <button type="submit" class="btn btn-primary">{% trans "Save"%}</button>
+            </div>
+        </div>
+    </form>
+{% endblock form_fields %}
--- a/account/templates/member_base.html
+++ b/account/templates/member_base.html
@ -36,6 +36,14 @@
            <li class="{% if request.path == sippin_url %}active{% endif %}">
                <a href="{{ sippin_url }}">{% trans "SIP-PIN" %}</a>
            </li>
+            {%  for group in request.user.groups.all %}
+                {%  if group.name == 'ldap_admins' %}
+                    {% url account.views.admin as admin_url %}
+                    <li class="{% if request.path == admin_url %}active{% endif %}">
+                        <a href="{{ admin_url }}">{% trans "Admin" %}</a>
+                    </li>
+                {% endif %}
+            {%  endfor %}
        </ul>
    {% block container %}{% endblock container %}

--- a/account/urls.py
+++ b/account/urls.py
@ -12,6 +12,7 @@ urlpatterns = patterns(
    url(r'^password/$', 'account.views.password', name='password'),
    url(r'^sippin/$', 'account.views.sippin', name='sippin'),
    url(r'^clabpin/$', 'account.views.clabpin', name='clabpin'),
+    url(r'^admin/$', 'account.views.admin', name='admin'),
    url(r'^$', 'account.views.home', name="home"),
    url(r'^groups/(?P<group_name>[^/]+)/', 'account.views.groups_list'),
 )
--- a/account/views.py
+++ b/account/views.py
@ -18,7 +18,7 @@ from django.shortcuts import render
 from django.utils.translation import ugettext as _

 from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \
-    RFIDForm, NRF24Form, SIPPinForm, CLabPinForm
+    RFIDForm, NRF24Form, SIPPinForm, CLabPinForm, AdminForm
 from cbase_members import retrieve_member

 def landingpage(request):
@ -137,6 +137,9 @@ def gastropin(request):

@login_required
 def clabpin(request):
+    if request.user.groups.filter(name='ldap_admins').count() == 0:
+        return render(request, 'access_denied.html')
+
    def calculate_clab_hash(pin):
        salt = os.urandom(12)
        digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()
@ -215,6 +218,30 @@ def rfid(request):
 def nrf24(request):
    return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html')

+@login_required
+def admin(request):
+    member = retrieve_member(request)
+    if request.user.groups.filter(name='ldap_admins').count() == 0:
+        return render(request, 'access_denied.html')
+    users = member.list_users()
+    if request.method == 'POST':
+        form = AdminForm(request.POST, request=request, users=users)

+        if form.is_valid():
+            new_password = form.cleaned_data['password1']
+            member.admin_change_password(form.cleaned_data['username'], new_password)
+            new_form = AdminForm(request=request, users=users)
+            return render(request, 'admin.html',
+                {'message': _('The password for %s was changed. Thank you!' % form.cleaned_data['username']),
+                 'form': new_form})
+        else:
+            return render(request, 'admin.html',
+                {'form': form})
+    else:
+        form = AdminForm(request=request, users=users)
+        return render(request, 'admin.html',
+            {'form': form})

-
+    #username = cleaned_data.get('username')
+    #admin_username = self._request.user.username
+    #admin_password = self._request.session['ldap_password']