def add_address(row, user, requester):
"Add address"
session_dict = {}
dummy = AddressForm(dict2mdict({}), csrf_context=session_dict)
fields = getkeys(row, 'af')
post_data = dict2mdict(fields)
post_data.add('csrf_token', dummy.csrf_token.current_token)
form = AddressForm(post_data, csrf_context=session_dict)
if form.validate():
try:
if requester.is_domain_admin:
# check if they own the domain
domainname = form.address.data.split('@')[1]
Session.query(Domain).options(
joinedload('organizations')).join(
domain_owners,
(oa, domain_owners.c.organization_id == \
oa.c.organization_id))\
.filter(oa.c.user_id == user.id)\
.filter(Domain.name == domainname).one()
addr = Address(address=form.address.data)
addr.enabled = form.enabled.data
addr.user = user
Session.add(addr)
Session.commit()
except (IntegrityError, NoResultFound):
pass
def add_address(row, user, requester):
"Add address"
session_dict = {}
dummy = AddressForm(dict2mdict({}), csrf_context=session_dict)
fields = getkeys(row, 'af')
post_data = dict2mdict(fields)
post_data.add('csrf_token', dummy.csrf_token.current_token)
form = AddressForm(post_data, csrf_context=session_dict)
if form.validate():
try:
if requester.is_domain_admin:
# check if they own the domain
domainname = form.address.data.split('@')[1]
Session.query(Domain).options(
joinedload('organizations')).join(
domain_owners,
(oa, domain_owners.c.organization_id == \
oa.c.organization_id))\
.filter(oa.c.user_id == user.id)\
.filter(Domain.name == domainname).one()
addr = Address(address=form.address.data)
addr.enabled = form.enabled.data
addr.user = user
Session.add(addr)
Session.commit()
except (IntegrityError, NoResultFound):
pass
def addaddress(self, userid):
"Add address"
user = self._get_user(userid)
if not user:
abort(404)
c.form = AddressForm(request.POST, csrf_context=session)
if request.POST and c.form.validate():
try:
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
addr = Address(address=c.form.address.data)
addr.enabled = c.form.enabled.data
addr.user = user
Session.add(addr)
Session.commit()
update_serial.delay()
info = ADDRADD_MSG % dict(a=addr.address, ac=user.username)
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr, now())
flash(
_('The alias address %(address)s was successfully created.' %
dict(address=addr.address)))
except IntegrityError:
Session.rollback()
flash_alert(_('The address %(addr)s already exists') %
dict(addr=addr.address))
except NoResultFound:
flash(_('Domain: %(d)s does not belong to you') %
dict(d=domain))
redirect(url(controller='accounts', action='detail',
userid=userid))
c.id = userid
return render('/accounts/addaddress.html')
def addaddress(self, userid):
"Add address"
user = self._get_user(userid)
if not user:
abort(404)
c.form = AddressForm(request.POST, csrf_context=session)
if request.POST and c.form.validate():
try:
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
addr = Address(address=c.form.address.data)
addr.enabled = c.form.enabled.data
addr.user = user
Session.add(addr)
Session.commit()
update_serial.delay()
info = ADDRADD_MSG % dict(a=addr.address, ac=user.username)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(
_('The alias address %(address)s was successfully created.'
% dict(address=addr.address)))
except IntegrityError:
flash_alert(
_('The address %(addr)s already exists') %
dict(addr=addr.address))
except NoResultFound:
flash(
_('Domain: %(d)s does not belong to you') % dict(d=domain))
redirect(url(controller='accounts', action='detail',
userid=userid))
c.id = userid
return render('/accounts/addaddress.html')
def loggedin(self):
"Landing page"
came_from = (unquote(str(request.params.get('came_from', ''))) or
url('/'))
if not self.identity:
login_counter = request.environ['repoze.who.logins'] + 1
redirect(url('/accounts/login',
came_from=came_from,
__logins=login_counter))
userid = self.identity['repoze.who.userid']
user = self.identity['user']
if user is None:
try:
user = User(username=userid, email=userid)
user.active = True
local_part, domain = userid.split('@')
domains = Session.query(Domain)\
.filter(Domain.name == domain)\
.all()
user.domains = domains
user.timezone = domains[0].timezone
Session.add(user)
Session.commit()
msg = _('First time Login from external auth,'
' your local account was created')
addresses = []
if ('tokens' in self.identity and
'ldap' in self.identity['tokens']):
lsettings = Session.query(AuthServer.address,
AuthServer.port, LDAPSettings.binddn,
LDAPSettings.bindpw,
LDAPSettings.usetls)\
.join(LDAPSettings)\
.join(Domain)\
.filter(AuthServer.enabled == True)\
.filter(Domain.name == domain)\
.all()
lsettings = lsettings[0]
lurl = make_ldap_uri(lsettings.address, lsettings.port)
base_dn = get_user_dn(self.identity['tokens'][1])
attributes = ['sn', 'givenName', 'proxyAddresses', 'mail',
'memberOf']
ldapattributes = LDAPAttributes(
lurl,
base_dn,
attributes=attributes,
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls
)
ldapattributes()
attrmap = {
'sn': 'lastname',
'givenName': 'firstname',
'mail': 'email',
}
update_attrs = False
doms = [domains[0].name]
doms.extend([alias.name for alias in domains[0].aliases])
for attr in attrmap:
if attr == 'mail':
for mailattr in ldapattributes[attr]:
mailattr = mailattr.lower()
if (mailattr != user.email and
'@' in mailattr and
mailattr.split('@')[1] in doms):
address = Address(mailattr)
address.user = user
addresses.append(address)
continue
if attr in ldapattributes:
setattr(user,
attrmap[attr],
ldapattributes[attr][0])
update_attrs = True
if update_attrs:
Session.add(user)
Session.commit()
# accounts aliases
if 'proxyAddresses' in ldapattributes:
for mailaddr in ldapattributes['proxyAddresses']:
try:
if mailaddr.startswith('SMTP:'):
continue
clean_addr = PROXY_ADDR_RE.sub('', mailaddr)
clean_addr = clean_addr.lower()
if (mailaddr.startswith('smtp:') and
clean_addr.split('@')[1] in doms):
# Only add domain if we host it
address = Address(clean_addr)
address.user = user
addresses.append(address)
except IndexError:
pass
# accounts groups
if 'memberOf' in ldapattributes:
for group_dn in ldapattributes['memberOf']:
groupattributes = LDAPAttributes(
lurl,
group_dn,
attributes=['proxyAddresses'],
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls
)
groupattributes()
if 'proxyAddresses' not in groupattributes:
continue
for mailaddr in groupattributes['proxyAddresses']:
try:
mailaddr = mailaddr.lower()
clean_addr = PROXY_ADDR_RE.sub('', mailaddr)
if (mailaddr.startswith('smtp:') and
clean_addr.split('@')[1] in doms):
address = Address(clean_addr)
address.user = user
addresses.append(address)
except IndexError:
pass
else:
for alias in domains[0].aliases:
address = Address('%s@%s' % (local_part, alias.name))
address.user = user
addresses.append(address)
for unsaved in addresses:
try:
Session.add(unsaved)
Session.commit()
except IntegrityError:
Session.rollback()
except IntegrityError:
Session.rollback()
redirect(url('/logout'))
except ldap.LDAPError:
pass
else:
if not user.active:
redirect(url('/logout'))
msg = _('Login successful, Welcome back %(username)s !' %
dict(username=userid))
user.last_login = now()
Session.add(user)
Session.commit()
if user.is_peleb:
for domain in user.domains:
if check_language(domain.language):
session['lang'] = domain.language
session.save()
break
session['taskids'] = []
session.save()
info = ACCOUNTLOGIN_MSG % dict(u=user.username)
audit_log(user.username,
6, unicode(info), request.host,
request.remote_addr, now())
flash(msg)
redirect(url(came_from))
def loggedin(self):
"Landing page"
came_from = (unquote(str(request.params.get('came_from', '')))
or url('/'))
if not self.identity:
login_counter = request.environ['repoze.who.logins'] + 1
redirect(
url('/accounts/login',
came_from=came_from,
__logins=login_counter))
userid = self.identity['repoze.who.userid']
user = self.identity['user']
if user is None:
try:
user = User(username=userid, email=userid)
user.active = True
local_part, domain = userid.split('@')
domains = Session.query(Domain)\
.filter(Domain.name == domain)\
.all()
user.domains = domains
user.timezone = domains[0].timezone
Session.add(user)
Session.commit()
msg = _('First time Login from external auth,'
' your local account was created')
addresses = []
if ('tokens' in self.identity
and 'ldap' in self.identity['tokens']):
lsettings = Session.query(AuthServer.address,
AuthServer.port, LDAPSettings.binddn,
LDAPSettings.bindpw,
LDAPSettings.usetls)\
.join(Domain)\
.filter(AuthServer.enabled == True)\
.filter(Domain.name == domain)\
.all()
lsettings = lsettings[0]
lurl = make_ldap_uri(lsettings.address, lsettings.port)
base_dn = get_user_dn(self.identity['tokens'][1])
attributes = [
'sn', 'givenName', 'proxyAddresses', 'mail', 'memberOf'
]
ldapattributes = LDAPAttributes(lurl,
base_dn,
attributes=attributes,
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls)
ldapattributes()
attrmap = {
'sn': 'lastname',
'givenName': 'firstname',
'mail': 'email',
}
update_attrs = False
doms = [domains[0].name]
doms.extend([alias.name for alias in domains[0].aliases])
for attr in attrmap:
if (attr == 'mail' and attr in ldapattributes
and ldapattributes[attr][0] == user.email):
# Dont update if user.email = directory.email
continue
if (attr == 'mail' and attr in ldapattributes
and '@' in ldapattributes[attr][0]):
# Update if email is hosted by us
if ldapattributes[attr][0].split('@')[1] in doms:
setattr(user, attrmap[attr],
ldapattributes[attr][0])
update_attrs = True
continue
if attr in ldapattributes:
setattr(user, attrmap[attr],
ldapattributes[attr][0])
update_attrs = True
if update_attrs:
Session.add(user)
Session.commit()
# accounts aliases
if 'proxyAddresses' in ldapattributes:
for mailaddr in ldapattributes['proxyAddresses']:
try:
if mailaddr.startswith('SMTP:'):
continue
if (mailaddr.startswith('smtp:') and
mailaddr.strip('smtp:').lsplit('@')[1]
in doms):
# Only add domain if we host it
address = Address(
PROXY_ADDR_RE.sub('', mailaddr))
address.user = user
addresses.append(address)
except IndexError:
pass
# accounts groups
if 'memberOf' in ldapattributes:
for group_dn in ldapattributes['memberOf']:
groupattributes = LDAPAttributes(
lurl,
group_dn,
attributes=['proxyAddresses'],
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls)
groupattributes()
for mailaddr in groupattributes['proxyAddresses']:
try:
mailaddr = mailaddr.lower()
if (mailaddr.startswith('smtp:')
and mailaddr.lstrip('smtp:').split(
'@')[1] in doms):
address = Address(
PROXY_ADDR_RE.sub('', mailaddr))
address.user = user
addresses.append(address)
except IndexError:
pass
else:
for alias in domains[0].aliases:
address = Address('%s@%s' % (local_part, alias.name))
address.user = user
addresses.append(address)
for unsaved in addresses:
try:
Session.add(unsaved)
Session.commit()
except IntegrityError:
Session.rollback()
except IntegrityError:
Session.rollback()
redirect(url('/logout'))
else:
msg = _('Login successful, Welcome back %(username)s !' %
dict(username=userid))
user.last_login = now()
Session.add(user)
Session.commit()
if user.is_peleb:
for domain in user.domains:
if check_language(domain.language):
session['lang'] = domain.language
session.save()
break
session['taskids'] = []
session.save()
info = ACCOUNTLOGIN_MSG % dict(u=user.username)
audit_log(user.username, 6, info, request.host, request.remote_addr,
now())
flash(msg)
redirect(url(came_from))
