smile/cbmi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'release/0.2.0'

Browse source
This commit is contained in:
baccenfutter 2013-10-26 23:07:47 +02:00
commit 7fbc951a5a
9 changed files with 151 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

43
account/cbase_members.py
View file

@ -100,11 +100,14 @@ class MemberValues(object):
result[key] = self.get(key) result[key] = self.get(key)
return result return result
def _get_bind_dn(self): def _get_bind_dn(self, username=None):
""" """
Adds the uid=userid, to the base dn and returns that. Adds the uid=userid, to the base dn and returns that.
""" """
bind_dn = 'uid=%s,' % self._username if not username:
bind_dn = 'uid=%s,' % self._username
else:
bind_dn = 'uid=%s,' % username
bind_dn += settings.CBASE_BASE_DN bind_dn += settings.CBASE_BASE_DN
return bind_dn return bind_dn
@ -128,5 +131,39 @@ class MemberValues(object):
# TODO: latin1 # TODO: latin1
print "result is: ", result print "result is: ", result
# TODO: if len(result)==0 # TODO: if len(result)==0
return result[0][1]
session.unbind_s() session.unbind_s()
return result[0][1]
def admin_change_password(self, username, new_password):
"""
Change the password of the member.
You do not need to call save() after calling change_password().
"""
l = ldap.initialize(settings.CBASE_LDAP_URL)
user_dn = self._get_bind_dn()
l.simple_bind_s(user_dn, self._password)
l.passwd_s(self._get_bind_dn(username), None, new_password)
l.unbind_s()
def list_users(self):
l = ldap.initialize(settings.CBASE_LDAP_URL)
user_dn = self._get_bind_dn()
l.simple_bind_s(user_dn, self._password)
try:
ldap_result_id = l.search(settings.CBASE_BASE_DN, ldap.SCOPE_SUBTREE, "memberOf=cn=crew,ou=groups,dc=c-base,dc=org", None)
result_set = []
while 1:
result_type, result_data = l.result(ldap_result_id, 0)
if (result_data == []):
break
else:
## here you don't have to append to a list
## you could do whatever you want with the individual entry
## The appending to list is just for illustration.
if result_type == ldap.RES_SEARCH_ENTRY:
result_set.append(result_data)
userlist = [x[0][1]['uid'][0] for x in result_set]
return sorted(userlist)
except:
return []

32
account/forms.py
View file

@ -122,3 +122,35 @@ class CLabPinForm(forms.Form):
c_lab_pin1 = GastroPinField(label=_('New c-lab PIN')) c_lab_pin1 = GastroPinField(label=_('New c-lab PIN'))
c_lab_pin2 = GastroPinField(label=_('Repeat c-lab PIN'), c_lab_pin2 = GastroPinField(label=_('Repeat c-lab PIN'),
help_text=_('Numerical only, 4 to 6 digits')) help_text=_('Numerical only, 4 to 6 digits'))
class AdminForm(forms.Form):
password1 = forms.CharField(max_length=255, widget=forms.PasswordInput,
label=_('New password'))
password2 = forms.CharField(max_length=255, widget=forms.PasswordInput,
label=_('Repeat password'))
def __init__(self, *args, **kwargs):
self._request = kwargs.pop('request', None)
self._users = kwargs.pop('users', [])
choices = [(x, x) for x in self._users]
choices.insert(0, ('', 'Select username ...'))
super(AdminForm, self).__init__(*args, **kwargs)
self.fields.insert(0, 'username', forms.ChoiceField(choices=choices,
help_text=_('Select the username for whom you want to reset the password.')))
def clean(self):
cleaned_data = super(AdminForm, self).clean()
password1 = cleaned_data.get('password1')
password2 = cleaned_data.get('password2')
if password1 != password2:
raise forms.ValidationError(
_('The new passwords were not identical.'),
code='not_identical')
return cleaned_data
def get_member_choices(self):
return [(x, x) for x in self._users]

9
account/templates/access_denied.html Normal file
View file

@ -0,0 +1,9 @@
{% extends "member_base.html" %}
{% load i18n %}
{% load crispy_forms_tags %}
{% block form_title %}{% trans "Password"%}{% endblock %}
{% block container %}
<div class="alert alert-error">{% blocktrans %}ACCESS DENIED{% endblocktrans %}</div>
{% endblock %}

22
account/templates/admin.html Normal file
View file

@ -0,0 +1,22 @@
{% extends "form_base.html" %}
{% load i18n %}
{% load crispy_forms_tags %}
{% block form_title %}{% trans "Admin Password"%}{% endblock %}
{% block form_description %}
<p>{% blocktrans %}You can change other users passwords here.{% endblocktrans %}</p>
{% endblock %}
{% block form_fields %}
<form action="{% url account.views.admin %}" method="post" class="form-horizontal well">
{% csrf_token %}
{{ form|crispy }}
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">{% trans "Save"%}</button>
</div>
</div>
</form>
{% endblock form_fields %}

9
account/templates/member_base.html
View file

@ -36,6 +36,15 @@
<li class="{% if request.path == sippin_url %}active{% endif %}"> <li class="{% if request.path == sippin_url %}active{% endif %}">
<a href="{{ sippin_url }}">{% trans "SIP-PIN" %}</a> <a href="{{ sippin_url }}">{% trans "SIP-PIN" %}</a>
</li> </li>
{% for group in request.user.groups.all %}
{% if group.name == 'ldap_admins' %}
{% url account.views.admin as admin_url %}
<li class="{% if request.path == admin_url %}active{% endif %}">
<a href="{{ admin_url }}"><i class="icon icon-white icon-star"></i>
{% trans "Admin" %}</a>
</li>
{% endif %}
{% endfor %}
</ul> </ul>
{% block container %}{% endblock container %} {% block container %}{% endblock container %}

1
account/urls.py
View file

@ -12,6 +12,7 @@ urlpatterns = patterns(
url(r'^password/$', 'account.views.password', name='password'), url(r'^password/$', 'account.views.password', name='password'),
url(r'^sippin/$', 'account.views.sippin', name='sippin'), url(r'^sippin/$', 'account.views.sippin', name='sippin'),
url(r'^clabpin/$', 'account.views.clabpin', name='clabpin'), url(r'^clabpin/$', 'account.views.clabpin', name='clabpin'),
url(r'^admin/$', 'account.views.admin', name='admin'),
url(r'^$', 'account.views.home', name="home"), url(r'^$', 'account.views.home', name="home"),
url(r'^groups/(?P<group_name>[^/]+)/', 'account.views.groups_list'), url(r'^groups/(?P<group_name>[^/]+)/', 'account.views.groups_list'),
) )

36
account/views.py
View file

@ -18,7 +18,7 @@ from django.shortcuts import render
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \ from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \
RFIDForm, NRF24Form, SIPPinForm, CLabPinForm RFIDForm, NRF24Form, SIPPinForm, CLabPinForm, AdminForm
from cbase_members import retrieve_member from cbase_members import retrieve_member
def landingpage(request): def landingpage(request):
@ -31,7 +31,10 @@ def landingpage(request):
if 'ldap_admins' in [g.name for g in request.user.groups.all()]: if 'ldap_admins' in [g.name for g in request.user.groups.all()]:
is_admin = True is_admin = True
groups = Group.objects.all() groups = Group.objects.all()
admins = Group.objects.get(name="ldap_admins").user_set.all() try:
admins = Group.objects.get(name="ldap_admins").user_set.all()
except:
admins = []
# values = get_user_values(request.user.username, request.session['ldap_password']) # values = get_user_values(request.user.username, request.session['ldap_password'])
#return render_to_response("dashboard.html", locals()) #return render_to_response("dashboard.html", locals())
@ -137,6 +140,9 @@ def gastropin(request):
@login_required @login_required
def clabpin(request): def clabpin(request):
if request.user.groups.filter(name='cey-c-lab').count() == 0:
return render(request, 'access_denied.html')
def calculate_clab_hash(pin): def calculate_clab_hash(pin):
salt = os.urandom(12) salt = os.urandom(12)
digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest() digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()
@ -215,6 +221,30 @@ def rfid(request):
def nrf24(request): def nrf24(request):
return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html') return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html')
@login_required
def admin(request):
member = retrieve_member(request)
if request.user.groups.filter(name='ldap_admins').count() == 0:
return render(request, 'access_denied.html')
users = member.list_users()
if request.method == 'POST':
form = AdminForm(request.POST, request=request, users=users)
if form.is_valid():
new_password = form.cleaned_data['password1']
member.admin_change_password(form.cleaned_data['username'], new_password)
new_form = AdminForm(request=request, users=users)
return render(request, 'admin.html',
{'message': _('The password for %s was changed. Thank you!' % form.cleaned_data['username']),
'form': new_form})
else:
return render(request, 'admin.html',
{'form': form})
else:
form = AdminForm(request=request, users=users)
return render(request, 'admin.html',
{'form': form})
#username = cleaned_data.get('username')
#admin_username = self._request.user.username
#admin_password = self._request.session['ldap_password']

2
dev_env_setup.sh
View file

@ -7,6 +7,8 @@ cd cbmi
source bin/activate source bin/activate
git clone git@github.com:c-base/cbmi.git src git clone git@github.com:c-base/cbmi.git src
cd src cd src
git submodule init
git submodule update
pip install -r requirements.txt pip install -r requirements.txt
cat <<EOF cat <<EOF

3
requirements.txt
View file

@ -1,4 +1,5 @@
Django==1.4.2 Django==1.4.2
MySQL-python==1.2.4 MySQL-python==1.2.4
django-auth-ldap==1.1.4 django-auth-ldap==1.1.4
django-json-rpc==0.6.1 django-json-rpc==0.6.1
django-crispy-forms==1.4.0