def update_users(apps, schema_editor):
"""
Re-populate the users to set the `domain` field
"""
User = apps.get_model("users", "User")
backend = LDAPBackend()
for user in User.objects.all():
backend.populate_user(user.username)
def import_all_users(self):
ldap_backend = LDAPBackend()
ldap_user = _LDAPUser(ldap_backend, username="")
ldap_search = LDAPSearch(self.search_dn,
ldap.SCOPE_SUBTREE,
filterstr=self.filter,
attrlist=[self.username_attribute])
results = ldap_search.execute(connection=ldap_user.connection)
for result in results:
if self.simple_search:
search_term = result[1][self.username_attribute][0]
else:
search_term = result[0].split(',')[0].split('=')[1]
ldap_backend.populate_user(search_term)
def validate_request(data, expires=600):
"""
validates a dictionary of request data and returns a User,
ApplicationLink and token expiry time
"""
from swingers.sauth.models import ApplicationLink
# sanity check the dictionary
for key in ["client_id", "client_secret", "user_id"]:
if not key in data:
raise Exception("Missing Input")
# set default expiry to 10 mins unless specified
# 0 means never expires
if "expires" in data:
expires = int(data["expires"])
# Try and find the user for the user_id
ldapbackend = LDAPBackend()
user = data["user_id"]
if User.objects.filter(username=user):
user = User.objects.get(username=user)
else:
try:
ldapbackend.populate_user(user)
user = User.objects.get(username=user)
except:
raise Exception("Invalid user_id")
# Try and find the client_id
try:
link = ApplicationLink.objects.get(client_name=data["client_id"],
server_name=settings.SERVICE_NAME)
except ApplicationLink.DoesNotExist:
raise Exception("Application link does not exist")
# Validate the secret
if link.auth_method == ApplicationLink.AUTH_METHOD.basic:
client_secret = link.secret
elif "nonce" in data:
if cache.get(link.secret) == data["nonce"]:
raise Exception("No you can't reuse nonce's!")
cache.set(link.secret, data["nonce"], expires)
# client_secret should be hexdigest, hash algorithm selected based on
# application link
client_secret = link.get_client_secret(data["user_id"], data["nonce"])
else:
raise Exception("Missing nonce")
if not client_secret == data["client_secret"]:
raise Exception("Invalid client_secret")
return user, link, expires
def validate_request(data, expires=600):
"""
validates a dictionary of request data and returns a User,
ApplicationLink and token expiry time
"""
from swingers.sauth.models import ApplicationLink
# sanity check the dictionary
for key in ["client_id", "client_secret", "user_id"]:
if not key in data:
raise Exception("Missing Input")
# set default expiry to 10 mins unless specified
# 0 means never expires
if "expires" in data:
expires = int(data["expires"])
# Try and find the user for the user_id
ldapbackend = LDAPBackend()
user = data["user_id"]
if User.objects.filter(username=user):
user = User.objects.get(username=user)
else:
try:
ldapbackend.populate_user(user)
user = User.objects.get(username=user)
except:
raise Exception("Invalid user_id")
# Try and find the client_id
try:
link = ApplicationLink.objects.get(client_name=data["client_id"],
server_name=settings.SERVICE_NAME)
except ApplicationLink.DoesNotExist:
raise Exception("Application link does not exist")
# Validate the secret
if link.auth_method == ApplicationLink.AUTH_METHOD.basic:
client_secret = link.secret
elif "nonce" in data:
if cache.get(link.secret) == data["nonce"]:
raise Exception("No you can't reuse nonce's!")
cache.set(link.secret, data["nonce"], expires)
# client_secret should be hexdigest, hash algorithm selected based on
# application link
client_secret = link.get_client_secret(data["user_id"], data["nonce"])
else:
raise Exception("Missing nonce")
if not client_secret == data["client_secret"]:
raise Exception("Invalid client_secret")
return user, link, expires
def get_or_create_local_user(user):
"""
Create a local user if the username exists in the configured LDAP server.
Returns the updated or newly created local django.contrib.auth.models.User
"""
warnings.warn(
'This is most likely going to be deprecated due to upcoming'
'demerger work', PendingDeprecationWarning)
# instantiate the LDAPBackend model class
# magically finds the LDAP server from settings.py
ldap_backend = LDAPBackend()
if user.find('@') != -1:
ldap_user = _LDAPUser(ldap_backend, username="")
result = ldap_user.connection.search_s(
"dc=corporateict,dc=domain",
scope=ldap_backend.ldap.SCOPE_SUBTREE,
filterstr='(mail=' + user + ')',
attrlist=[str("sAMAccountName").encode('ASCII')])
if result:
user = result[0][1]["sAMAccountName"][0].lower()
else:
return None
try:
user = User.objects.get(username=user)
except User.DoesNotExist:
user = ldap_backend.populate_user(user)
return user
def form_valid(self, form):
data = form.cleaned_data
name = data.get('name', None)
#barcode = data.get('barcode', None)
if name is not None:
user = None
try:
user = User.objects.get(username=name)
except:
ldapobj = LDAPBackend()
user = ldapobj.populate_user(name)
if user is not None and not user.is_anonymous():
print("%s -> True" % name)
else:
print("%s -> False" % name)
user.save()
account = None
try:
account = Account.objects.get(user=user)
except:
account = Account(user=user, balance=0)
print("Creating %s" % user)
#account.barcode = barcode
account.save()
messages.success(self.request, "Added %s" % user)
return super(AccountCreateView, self).form_valid(form)
def contactImport(request):
report = []
if request.method == 'POST':
upnlist = request.POST.getlist('upn')
for upn in upnlist:
report.append((upn, LDAPBackend.populate_user(LDAPBackend(), upn)))
else:
upnlist = None
if request.GET.get('filter') == None:
filterform = ImportFilterForm()
else:
filterform = ImportFilterForm(request.GET)
if filterform.is_valid():
ldapcon = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
ldapcon.simple_bind_s(settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD)
search = settings.AUTH_LDAP_USER_FILTER
res = search.execute(ldapcon,
{'filter': filterform.cleaned_data['filter']})
ldapcon.unbind_s()
# sort by last name, then first name
res = sorted(res, key = lambda (dn,attr): attr['sn'][0] + attr['givenName'][0])
else:
res = None
return render(request, 'ldaplink/contactImport.html', {
'filterform': filterform,
'ldapresult': res,
'report': report,
})
def handle_noargs(self, **options):
# Get LDAP backend
ldap = LDAPBackend()
for user in User.objects.all():
# Check if user is an LDAP user
if not user.has_usable_password():
# Populate user details
print "Refreshing '" + user.username + "' ",
if ldap.populate_user(user.username):
print "Success!"
# User found and populated
# Make sure this account is activated
user.is_active = True
user.save()
else:
print "Not found"
# User account not found in LDAP
# This means that the user either no longer exists
# or no longer has privilages to access the CMS
# We must deactivate their account to prevent them
# from recieving notification emails
# Make sure this account is deactivated
user.is_active = False
user.save()
def get_or_create_local_user(user):
"""
Create a local user if the username exists in the configured LDAP server.
Returns the updated or newly created local django.contrib.auth.models.User
"""
warnings.warn('This is most likely going to be deprecated due to upcoming'
'demerger work', PendingDeprecationWarning)
# instantiate the LDAPBackend model class
# magically finds the LDAP server from settings.py
ldap_backend = LDAPBackend()
if user.find('@') != -1:
ldap_user = _LDAPUser(ldap_backend, username="")
result = ldap_user.connection.search_s(
"dc=corporateict,dc=domain", scope=ldap_backend.ldap.SCOPE_SUBTREE,
filterstr='(mail=' + user + ')',
attrlist=[str("sAMAccountName").encode('ASCII')]
)
if result:
user = result[0][1]["sAMAccountName"][0].lower()
else:
return None
try:
user = User.objects.get(username=user)
except User.DoesNotExist:
user = ldap_backend.populate_user(user)
return user
def import_from_username(self, username, set_pi=False):
ldap_backend = LDAPBackend()
user = ldap_backend.populate_user(username)
if set_pi:
g = Group.objects.get(name=GroupConstants.VIP.value)
user.groups.add(g)
def create_page(prueba):
#creacion de a pagina para el suaurio
ldap = LDAPBackend()
user = ldap.populate_user('prueba')
user.first_name
#Creamos la configuración para su blog
user_conf = NewsBlogConfig(app_title=user.first_name,
namespace=user.first_name)
user_conf.save_base()
user_conf.save()
#buscar la ubicacion de donde va a colgar su pagina de blog
parent_page = Page.objects.filter(title_set__title='BLOG_ALUMNOS')[1]
#creamos la pagina del blog del usuario
page = cms.api.create_page(user.first_name,
'content.html',
'en',
apphook="NewsBlogApp",
apphook_namespace=user_conf.namespace,
parent=parent_page,
published=True,
in_navigation=True)
#placeholder de su página
placeholder = page.placeholders.get_or_create(slot='feature')
placeholder = page.placeholders.get(slot='feature')
#ahora añadimos los plugins de estilo
plugin1 = cms.api.add_plugin(placeholder, 'StylePlugin', 'en')
plugin2 = cms.api.add_plugin(placeholder, 'StylePlugin', 'en')
plugin2.class_name = "feature-content"
plugin2.save()
plugin1.save()
#le damos todo los permisos al usuario
user_assigned = cms.api.assign_user_to_page(page, user, grant_all=True)
page.publish(language='en')
page_user = cms.api.create_page_user(user,
user,
can_add_page=True,
can_change_page=True,
can_delete_page=True,
can_recover_page=False,
can_add_pageuser=False,
can_change_pageuser=False,
can_delete_pageuser=False,
can_add_pagepermission=False,
can_change_pagepermission=False,
can_delete_pagepermission=False,
grant_all=False)
def clone_and_assign_new_uid(self, pk, new_uid):
'''
if new_uid is not on the DB, populates it from the ldap
'''
if not get_user_model().objects.filter(username=new_uid).exists():
# this new_uid is not on the database
logger.debug("UID %s does not exist. Getting it from LDAP." %
(new_uid))
ldapobj = LDAPBackend()
user = ldapobj.populate_user(new_uid)
if not user:
logger.warning(
"UID %s does not exist in LDAP... Skipping it." % new_uid)
return None
obj = self.get(id=pk)
logger.debug("Cloning %s and assigning to user %s.", obj, new_uid)
obj.pk = None # setting to None, clones the object!
obj.user = get_user_model().objects.get(username=new_uid)
obj.save()
return obj
def handle(self, *args, **kwargs):
if len(args) <= 0:
return
for arg in args:
ldapobj = LDAPBackend()
user = ldapobj.populate_user(arg)
if user is not None and not user.is_anonymous():
self.stdout.write("%s -> True" % arg)
else:
self.stdout.write("%s -> False" % arg)
account = Account.objects.filter(user=user)
if len(account) == 1:
self.stdout.write("Reconciling %s ... " % user, ending='')
#We have an account.
account[0].reconcile()
account[0].save()
self.stdout.write("$ %s / due %s" % (account[0].balance_dollars, account[0].special_due))
else:
self.stdout.write("Creating %s" % user)
account = Account(user=user, balance=0)
account.save()
from django_auth_ldap.backend import LDAPBackend
'''
SNS LDAP Authentication
python manage.py shell
'''
username = "******"
ldapobj = LDAPBackend()
user = ldapobj.populate_user(username)
print(user.email)
# ERROR:
# [12/Jun/2015 14:15:19] WARNING [django_auth_ldap:396] Caught LDAPError while authenticating rhf: SERVER_DOWN({'info': '(unknown error code)', 'desc': "Can't contact LDAP server"},)
if user is None:
print("1st try failed!")
ldapobj.ldap.set_option(ldapobj.ldap.OPT_X_TLS_REQUIRE_CERT, ldapobj.ldap.OPT_X_TLS_NEVER)
user = ldapobj.populate_user(username)
print(user.is_anonymous())
def create_single_user(first_name=None,
last_name=None,
uid=None,
code=None,
teacher_code=None,
write_to_db=False,
out_stream=sys.stdout,
name_encoding='utf-8'):
"""
Add a new user, create a Teacher object.
"""
logger = logging.getLogger(__name__)
logger.info("Creating single user")
logger.debug(
"FN: {0}, LN: {1}, UID: {2}, code: {3}, tc: {4}, wdb: {5}, os: {6}".
format(first_name, last_name, uid, code, teacher_code, write_to_db,
out_stream))
try:
logger.debug("Creating LDAP backend")
ldap_backend = LDAPBackend()
except:
logger.exception()
ldap_backend = None
logger.debug("LDAP connecting to {0}".format(
settings.AUTH_LDAP_SERVER_URI))
attributes = ['userprincipalname', 'givenname', 'sn', 'objectclass']
conn = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
conn.simple_bind_s(settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD)
# Connection(server, settings.AUTH_LDAP_BIND_DN,
# settings.AUTH_LDAP_BIND_PASSWORD, auto_bind=True)
logger.debug("LDAP BIND with username {0}".format(
settings.AUTH_LDAP_BIND_DN))
s = settings.AUTH_LDAP_USER_SEARCH
if uid is None and (first_name is not None and last_name is not None):
logger.debug("UID is none, trying name based search")
k = (first_name, last_name)
filterstr = '(&(givenName={0})(sn={1}))'.format(
first_name.encode(name_encoding), last_name.encode(name_encoding))
logger.debug("Filterstring: {0}".format(filterstr))
try:
results = conn.search_s(s.base_dn, filterstr)
except Exception:
logger.debug("Error during LDAP search")
logger.debug("Got results: {0}".format(results))
if len(results) == 0:
logger.debug("No results found")
return False
res1 = results[0]
v = res1.userprincipalname.value
else:
logger.debug("UID is not none, perform UID search")
k = None
v = uid
filterstr = "(userprincipalname={0})".format(v)
logger.debug("Filterstring: {0}".format(filterstr))
try:
results = conn.search_s(s.base_dn, ldap.SCOPE_SUBTREE, filterstr,
attributes)
except Exception:
logger.exception("Error during LDAP search")
logger.debug("Got results: {0}".format(results))
if len(results) == 0:
logger.debug("No results found")
return False
res1 = results[0][1]
k = (res1['givenName'][0], res1['sn'][0])
if first_name is None:
first_name = k[0].decode(name_encoding)
logger.debug("Set first name to {0}".format(first_name))
if last_name is None:
last_name = k[1].decode(name_encoding)
# last_name = k[1].upper()
logger.debug("Set last name to {0}".format(first_name))
logger.debug("Found {} {}: {}".format(first_name, last_name, v))
if ldap_backend is not None:
try:
logger.debug("Populating user")
u = ldap_backend.populate_user(v)
if u is None:
raise Exception("user " + v + " not found in ldap!")
else:
logger.debug("Populated user: {0}".format(u))
u.save()
u = User.objects.get(username__iexact=v)
u.first_name = first_name
u.last_name = last_name
logger.debug("Setting first nad last name: {}; {}".format(
first_name, last_name))
if write_to_db:
logger.debug("Saving user to DB")
u.save()
try:
if teacher_code is not None:
logger.debug("Creating corresponding teacher")
if hasattr(u, "teacher"):
t = u.teacher
t.code = teacher_code
else:
t, created = Teacher.objects.get_or_create(
code=teacher_code, defaults={'user_id': u.id})
logger.debug("{}".format(t))
old_user = t.user
t.user = u
logger.debug("Changing user on teacher to {0}".format(u))
if write_to_db:
if old_user is not None and old_user.id != u.id:
logger.debug(
"Deleting old user {}".format(old_user))
old_user.delete()
logger.debug("Saving teacher")
t.save()
else:
logger.debug("Teacher not saved: {}".format(t))
except Exception as e:
print(e)
logger.exception("Error creating teacher")
return u
except:
logger.exception("Error during teacher creation")
else:
logger.error("No LDAP backend found")
def handle(self, *args, **options):
username = options['username']
ldap_backend = LDAPBackend()
ldap_backend.populate_user(username)
#!/usr/bin/env python
from django_auth_ldap.backend import LDAPBackend
'''
SNS LDAP Authentication
cd /home/rhf/git/reduction_service/src
python manage.py shell
'''
username = "******"
ldapobj = LDAPBackend()
user = ldapobj.populate_user(username)
# ERROR:
# [12/Jun/2015 14:15:19] WARNING [django_auth_ldap:396] Caught LDAPError while authenticating rhf: SERVER_DOWN({'info': '(unknown error code)', 'desc': "Can't contact LDAP server"},)
if user is None:
print "1st try failed!"
ldapobj.ldap.set_option(ldapobj.ldap.OPT_X_TLS_REQUIRE_CERT,
ldapobj.ldap.OPT_X_TLS_NEVER)
user = ldapobj.populate_user(username)
print user.is_anonymous()
def create_single_user(first_name=None,
last_name=None,
uid=None,
code=None,
teacher_code=None,
write_to_db=False,
out_stream=sys.stdout):
"""
Add a new user, create a Teacher object.
"""
logger = logging.getLogger(__name__)
logger.info("Creating single user")
logger.debug(
"FN: {0}, LN: {1}, UID: {2}, code: {3}, tc: {4}, wdb: {5}, os: {6}".
format(first_name, last_name, uid, code, teacher_code, write_to_db,
out_stream))
try:
logger.debug("Creating LDAP backend")
ldap_backend = LDAPBackend()
except:
logger.exception()
ldap_backend = None
logger.debug("LDAP connecting to {0}".format(
settings.AUTH_LDAP_SERVER_URI))
attributes = ['userprincipalname', 'givenname', 'sn', 'objectclass']
server = Server(settings.AUTH_LDAP_SERVER_URI, get_info=ALL)
conn = Connection(server,
settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD,
auto_bind=True)
logger.debug("LDAP BIND with username {0}".format(
settings.AUTH_LDAP_BIND_DN))
time.sleep(1)
s = settings.AUTH_LDAP_USER_SEARCH
if uid is None and (first_name is not None and last_name is not None):
logger.debug("UID is none, trying name based search")
k = (first_name, last_name)
filterstr = '(&(givenName={0})(sn={1}))'.format(
first_name.encode('cp1250'), last_name.encode('cp1250'))
logger.debug("Filterstring: {0}".format(filterstr))
try:
conn.search(s.base_dn, filterstr, attributes=attributes)
except Exception:
logger.debug("Error during LDAP search")
try:
results = conn.entries
except Exception as e:
logger.exception("Error fetching results from LDAP")
logger.debug("Got results: {0}".format(results))
if len(results) == 0:
logger.debug("No results found")
return False
res1 = results[0]
v = res1.userprincipalname.value
else:
logger.debug("UID is not none, perform UID search")
k = None
v = uid
filterstr = "(userprincipalname={0})".format(v)
logger.debug("Filterstring: {0}".format(filterstr))
try:
conn.search(s.base_dn, filterstr, attributes=attributes)
except Exception:
logger.exception("Error during LDAP search")
try:
results = conn.entries
except Exception as e:
logger.exception("Error fetching results from LDAP: {0}".format(e))
logger.debug("Got results: {0}".format(results))
if len(results) == 0:
logger.debug("No results found")
return False
res1 = results[0]
k = (res1.givenname.value, res1.sn.value)
if first_name is None:
# first_name = k[0].decode('cp1250')
first_name = k[0]
logger.debug("Set first name to {0}".format(first_name))
if last_name is None:
# last_name = k[1].decode('cp1250').upper()
last_name = k[1].upper()
logger.debug("Set last name to {0}".format(first_name))
logger.debug("Found {} {}: {}".format(first_name, last_name, v))
if ldap_backend is not None:
try:
logger.debug("Populating user")
u = ldap_backend.populate_user(v)
if u is None:
raise Exception("user " + v + " not found in ldap!")
else:
logger.debug("Populated user: {0}".format(u))
u.save()
u = User.objects.get(username__iexact=v)
u.first_name = first_name
u.last_name = last_name
logger.debug("Setting first nad last name: {}; {}".format(
first_name, last_name))
if write_to_db:
logger.debug("Saving user to DB")
u.save()
try:
if teacher_code is not None:
logger.debug("Creating corresponding teacher")
t = Teacher.objects.get_or_create(code=teacher_code)
logger.debug("{}".format(t))
t = t[0]
old_user = t.user
t.user = u
logger.debug("Changing user on teacher to {0}".format(u))
if write_to_db:
if old_user is not None:
logger.debug(
"Deleting old user {}".format(old_user))
old_user.delete()
logger.debug("Saving teacher")
t.save()
else:
logger.debug("Teacher not saved: {}".format(t))
except Exception as e:
logger.exception("Error creating teacher")
return u
except:
logger.exception("Error during teacher creation")
else:
logger.error("No LDAP backend found")
def loginfromdrupal(request, email, signature, time):
from django.contrib.auth import login
import getpass
import datetime
""" Email function """
def decrypted(text):
from Crypto.Cipher import AES
from Crypto.Cipher import DES
import base64
AES.key_size = 128
key = "5E712B225B5148E9"
iv = "55FE52A86C3ABWED"
crypt_object = AES.new(key=key, mode=AES.MODE_CBC, IV=iv)
original = text
plain = original.replace('-', "/")
decoded = base64.b64decode(
plain) # your ecrypted and encoded text goes here
decrypted = crypt_object.decrypt(decoded)
decrypted = decrypted.decode("utf-8")
return decrypted
"""" return mail"""
mail = decrypted(email)
""" return ip """
ip = 1
ip = decrypted(signature)
""" return time """
time = decrypted(time)
now = datetime.datetime.now()
now_plus_10 = now + datetime.timedelta(minutes=1)
time_now = now.strftime('%H:%M')
date_after_minute = now_plus_10.strftime('%H:%M')
""" Current ip """
current_ip = request.META.get('REMOTE_ADDR')
"""" Get url from"""
URL = request.META.get('HTTP_REFERER')
referer = None
if URL:
referer = URL.split("/")[-3]
if referer == 'portal.stats.gov.sa':
if ip == "192..168.2.84":
if time == time_now or time == date_after_minute:
username = mail
try:
user = User.objects.get(username=username)
#manually set the backend attribute
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
except User.DoesNotExist:
from django_auth_ldap.backend import LDAPBackend
ldap_backend = LDAPBackend()
ldap_backend.populate_user(username)
# return HttpResponseRedirect(reverse('login'))
try:
user = User.objects.get(username=username)
#manually set the backend attribute
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
except User.DoesNotExist:
return HttpResponseRedirect(reverse('login'))
if request.user.is_authenticated():
email = request.user.email
emp = Employee.objects.filter(email=email)
# Get all data filtered by user email and set in session
for data in emp:
request.session['EmpID'] = data.empid
request.session['EmpName'] = data.empname
request.session['DeptName'] = data.deptname
request.session['Mobile'] = data.mobile
request.session['DeptCode'] = data.deptcode
request.session['JobTitle'] = data.jobtitle
request.session['IsManager'] = data.ismanager
if emp:
if data.ismanager == 1:
g = Group.objects.get(name='ismanager')
g.user_set.add(request.user.id)
else:
g = Group.objects.get(name='employee')
g.user_set.add(request.user.id)
else:
return HttpResponseRedirect(reverse('login'))
else:
return HttpResponseRedirect(reverse('login'))
logged = request.COOKIES.get('logged_in_status')
context = {
'logged': logged,
"mail": mail,
"ip": ip,
"time1": time,
"URL": referer
}
template = loader.get_template('project/index.html')
return HttpResponseRedirect(reverse('ns-project:index'))
