def update_users(apps, schema_editor): """ Re-populate the users to set the `domain` field """ User = apps.get_model("users", "User") backend = LDAPBackend() for user in User.objects.all(): backend.populate_user(user.username)
def import_all_users(self): ldap_backend = LDAPBackend() ldap_user = _LDAPUser(ldap_backend, username="") ldap_search = LDAPSearch(self.search_dn, ldap.SCOPE_SUBTREE, filterstr=self.filter, attrlist=[self.username_attribute]) results = ldap_search.execute(connection=ldap_user.connection) for result in results: if self.simple_search: search_term = result[1][self.username_attribute][0] else: search_term = result[0].split(',')[0].split('=')[1] ldap_backend.populate_user(search_term)
def validate_request(data, expires=600): """ validates a dictionary of request data and returns a User, ApplicationLink and token expiry time """ from swingers.sauth.models import ApplicationLink # sanity check the dictionary for key in ["client_id", "client_secret", "user_id"]: if not key in data: raise Exception("Missing Input") # set default expiry to 10 mins unless specified # 0 means never expires if "expires" in data: expires = int(data["expires"]) # Try and find the user for the user_id ldapbackend = LDAPBackend() user = data["user_id"] if User.objects.filter(username=user): user = User.objects.get(username=user) else: try: ldapbackend.populate_user(user) user = User.objects.get(username=user) except: raise Exception("Invalid user_id") # Try and find the client_id try: link = ApplicationLink.objects.get(client_name=data["client_id"], server_name=settings.SERVICE_NAME) except ApplicationLink.DoesNotExist: raise Exception("Application link does not exist") # Validate the secret if link.auth_method == ApplicationLink.AUTH_METHOD.basic: client_secret = link.secret elif "nonce" in data: if cache.get(link.secret) == data["nonce"]: raise Exception("No you can't reuse nonce's!") cache.set(link.secret, data["nonce"], expires) # client_secret should be hexdigest, hash algorithm selected based on # application link client_secret = link.get_client_secret(data["user_id"], data["nonce"]) else: raise Exception("Missing nonce") if not client_secret == data["client_secret"]: raise Exception("Invalid client_secret") return user, link, expires
def validate_request(data, expires=600): """ validates a dictionary of request data and returns a User, ApplicationLink and token expiry time """ from swingers.sauth.models import ApplicationLink # sanity check the dictionary for key in ["client_id", "client_secret", "user_id"]: if not key in data: raise Exception("Missing Input") # set default expiry to 10 mins unless specified # 0 means never expires if "expires" in data: expires = int(data["expires"]) # Try and find the user for the user_id ldapbackend = LDAPBackend() user = data["user_id"] if User.objects.filter(username=user): user = User.objects.get(username=user) else: try: ldapbackend.populate_user(user) user = User.objects.get(username=user) except: raise Exception("Invalid user_id") # Try and find the client_id try: link = ApplicationLink.objects.get(client_name=data["client_id"], server_name=settings.SERVICE_NAME) except ApplicationLink.DoesNotExist: raise Exception("Application link does not exist") # Validate the secret if link.auth_method == ApplicationLink.AUTH_METHOD.basic: client_secret = link.secret elif "nonce" in data: if cache.get(link.secret) == data["nonce"]: raise Exception("No you can't reuse nonce's!") cache.set(link.secret, data["nonce"], expires) # client_secret should be hexdigest, hash algorithm selected based on # application link client_secret = link.get_client_secret(data["user_id"], data["nonce"]) else: raise Exception("Missing nonce") if not client_secret == data["client_secret"]: raise Exception("Invalid client_secret") return user, link, expires
def get_or_create_local_user(user): """ Create a local user if the username exists in the configured LDAP server. Returns the updated or newly created local django.contrib.auth.models.User """ warnings.warn( 'This is most likely going to be deprecated due to upcoming' 'demerger work', PendingDeprecationWarning) # instantiate the LDAPBackend model class # magically finds the LDAP server from settings.py ldap_backend = LDAPBackend() if user.find('@') != -1: ldap_user = _LDAPUser(ldap_backend, username="") result = ldap_user.connection.search_s( "dc=corporateict,dc=domain", scope=ldap_backend.ldap.SCOPE_SUBTREE, filterstr='(mail=' + user + ')', attrlist=[str("sAMAccountName").encode('ASCII')]) if result: user = result[0][1]["sAMAccountName"][0].lower() else: return None try: user = User.objects.get(username=user) except User.DoesNotExist: user = ldap_backend.populate_user(user) return user
def form_valid(self, form): data = form.cleaned_data name = data.get('name', None) #barcode = data.get('barcode', None) if name is not None: user = None try: user = User.objects.get(username=name) except: ldapobj = LDAPBackend() user = ldapobj.populate_user(name) if user is not None and not user.is_anonymous(): print("%s -> True" % name) else: print("%s -> False" % name) user.save() account = None try: account = Account.objects.get(user=user) except: account = Account(user=user, balance=0) print("Creating %s" % user) #account.barcode = barcode account.save() messages.success(self.request, "Added %s" % user) return super(AccountCreateView, self).form_valid(form)
def contactImport(request): report = [] if request.method == 'POST': upnlist = request.POST.getlist('upn') for upn in upnlist: report.append((upn, LDAPBackend.populate_user(LDAPBackend(), upn))) else: upnlist = None if request.GET.get('filter') == None: filterform = ImportFilterForm() else: filterform = ImportFilterForm(request.GET) if filterform.is_valid(): ldapcon = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) ldapcon.simple_bind_s(settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD) search = settings.AUTH_LDAP_USER_FILTER res = search.execute(ldapcon, {'filter': filterform.cleaned_data['filter']}) ldapcon.unbind_s() # sort by last name, then first name res = sorted(res, key = lambda (dn,attr): attr['sn'][0] + attr['givenName'][0]) else: res = None return render(request, 'ldaplink/contactImport.html', { 'filterform': filterform, 'ldapresult': res, 'report': report, })
def handle_noargs(self, **options): # Get LDAP backend ldap = LDAPBackend() for user in User.objects.all(): # Check if user is an LDAP user if not user.has_usable_password(): # Populate user details print "Refreshing '" + user.username + "' ", if ldap.populate_user(user.username): print "Success!" # User found and populated # Make sure this account is activated user.is_active = True user.save() else: print "Not found" # User account not found in LDAP # This means that the user either no longer exists # or no longer has privilages to access the CMS # We must deactivate their account to prevent them # from recieving notification emails # Make sure this account is deactivated user.is_active = False user.save()
def get_or_create_local_user(user): """ Create a local user if the username exists in the configured LDAP server. Returns the updated or newly created local django.contrib.auth.models.User """ warnings.warn('This is most likely going to be deprecated due to upcoming' 'demerger work', PendingDeprecationWarning) # instantiate the LDAPBackend model class # magically finds the LDAP server from settings.py ldap_backend = LDAPBackend() if user.find('@') != -1: ldap_user = _LDAPUser(ldap_backend, username="") result = ldap_user.connection.search_s( "dc=corporateict,dc=domain", scope=ldap_backend.ldap.SCOPE_SUBTREE, filterstr='(mail=' + user + ')', attrlist=[str("sAMAccountName").encode('ASCII')] ) if result: user = result[0][1]["sAMAccountName"][0].lower() else: return None try: user = User.objects.get(username=user) except User.DoesNotExist: user = ldap_backend.populate_user(user) return user
def import_from_username(self, username, set_pi=False): ldap_backend = LDAPBackend() user = ldap_backend.populate_user(username) if set_pi: g = Group.objects.get(name=GroupConstants.VIP.value) user.groups.add(g)
def create_page(prueba): #creacion de a pagina para el suaurio ldap = LDAPBackend() user = ldap.populate_user('prueba') user.first_name #Creamos la configuración para su blog user_conf = NewsBlogConfig(app_title=user.first_name, namespace=user.first_name) user_conf.save_base() user_conf.save() #buscar la ubicacion de donde va a colgar su pagina de blog parent_page = Page.objects.filter(title_set__title='BLOG_ALUMNOS')[1] #creamos la pagina del blog del usuario page = cms.api.create_page(user.first_name, 'content.html', 'en', apphook="NewsBlogApp", apphook_namespace=user_conf.namespace, parent=parent_page, published=True, in_navigation=True) #placeholder de su página placeholder = page.placeholders.get_or_create(slot='feature') placeholder = page.placeholders.get(slot='feature') #ahora añadimos los plugins de estilo plugin1 = cms.api.add_plugin(placeholder, 'StylePlugin', 'en') plugin2 = cms.api.add_plugin(placeholder, 'StylePlugin', 'en') plugin2.class_name = "feature-content" plugin2.save() plugin1.save() #le damos todo los permisos al usuario user_assigned = cms.api.assign_user_to_page(page, user, grant_all=True) page.publish(language='en') page_user = cms.api.create_page_user(user, user, can_add_page=True, can_change_page=True, can_delete_page=True, can_recover_page=False, can_add_pageuser=False, can_change_pageuser=False, can_delete_pageuser=False, can_add_pagepermission=False, can_change_pagepermission=False, can_delete_pagepermission=False, grant_all=False)
def clone_and_assign_new_uid(self, pk, new_uid): ''' if new_uid is not on the DB, populates it from the ldap ''' if not get_user_model().objects.filter(username=new_uid).exists(): # this new_uid is not on the database logger.debug("UID %s does not exist. Getting it from LDAP." % (new_uid)) ldapobj = LDAPBackend() user = ldapobj.populate_user(new_uid) if not user: logger.warning( "UID %s does not exist in LDAP... Skipping it." % new_uid) return None obj = self.get(id=pk) logger.debug("Cloning %s and assigning to user %s.", obj, new_uid) obj.pk = None # setting to None, clones the object! obj.user = get_user_model().objects.get(username=new_uid) obj.save() return obj
def handle(self, *args, **kwargs): if len(args) <= 0: return for arg in args: ldapobj = LDAPBackend() user = ldapobj.populate_user(arg) if user is not None and not user.is_anonymous(): self.stdout.write("%s -> True" % arg) else: self.stdout.write("%s -> False" % arg) account = Account.objects.filter(user=user) if len(account) == 1: self.stdout.write("Reconciling %s ... " % user, ending='') #We have an account. account[0].reconcile() account[0].save() self.stdout.write("$ %s / due %s" % (account[0].balance_dollars, account[0].special_due)) else: self.stdout.write("Creating %s" % user) account = Account(user=user, balance=0) account.save()
from django_auth_ldap.backend import LDAPBackend ''' SNS LDAP Authentication python manage.py shell ''' username = "******" ldapobj = LDAPBackend() user = ldapobj.populate_user(username) print(user.email) # ERROR: # [12/Jun/2015 14:15:19] WARNING [django_auth_ldap:396] Caught LDAPError while authenticating rhf: SERVER_DOWN({'info': '(unknown error code)', 'desc': "Can't contact LDAP server"},) if user is None: print("1st try failed!") ldapobj.ldap.set_option(ldapobj.ldap.OPT_X_TLS_REQUIRE_CERT, ldapobj.ldap.OPT_X_TLS_NEVER) user = ldapobj.populate_user(username) print(user.is_anonymous())
def create_single_user(first_name=None, last_name=None, uid=None, code=None, teacher_code=None, write_to_db=False, out_stream=sys.stdout, name_encoding='utf-8'): """ Add a new user, create a Teacher object. """ logger = logging.getLogger(__name__) logger.info("Creating single user") logger.debug( "FN: {0}, LN: {1}, UID: {2}, code: {3}, tc: {4}, wdb: {5}, os: {6}". format(first_name, last_name, uid, code, teacher_code, write_to_db, out_stream)) try: logger.debug("Creating LDAP backend") ldap_backend = LDAPBackend() except: logger.exception() ldap_backend = None logger.debug("LDAP connecting to {0}".format( settings.AUTH_LDAP_SERVER_URI)) attributes = ['userprincipalname', 'givenname', 'sn', 'objectclass'] conn = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) conn.simple_bind_s(settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD) # Connection(server, settings.AUTH_LDAP_BIND_DN, # settings.AUTH_LDAP_BIND_PASSWORD, auto_bind=True) logger.debug("LDAP BIND with username {0}".format( settings.AUTH_LDAP_BIND_DN)) s = settings.AUTH_LDAP_USER_SEARCH if uid is None and (first_name is not None and last_name is not None): logger.debug("UID is none, trying name based search") k = (first_name, last_name) filterstr = '(&(givenName={0})(sn={1}))'.format( first_name.encode(name_encoding), last_name.encode(name_encoding)) logger.debug("Filterstring: {0}".format(filterstr)) try: results = conn.search_s(s.base_dn, filterstr) except Exception: logger.debug("Error during LDAP search") logger.debug("Got results: {0}".format(results)) if len(results) == 0: logger.debug("No results found") return False res1 = results[0] v = res1.userprincipalname.value else: logger.debug("UID is not none, perform UID search") k = None v = uid filterstr = "(userprincipalname={0})".format(v) logger.debug("Filterstring: {0}".format(filterstr)) try: results = conn.search_s(s.base_dn, ldap.SCOPE_SUBTREE, filterstr, attributes) except Exception: logger.exception("Error during LDAP search") logger.debug("Got results: {0}".format(results)) if len(results) == 0: logger.debug("No results found") return False res1 = results[0][1] k = (res1['givenName'][0], res1['sn'][0]) if first_name is None: first_name = k[0].decode(name_encoding) logger.debug("Set first name to {0}".format(first_name)) if last_name is None: last_name = k[1].decode(name_encoding) # last_name = k[1].upper() logger.debug("Set last name to {0}".format(first_name)) logger.debug("Found {} {}: {}".format(first_name, last_name, v)) if ldap_backend is not None: try: logger.debug("Populating user") u = ldap_backend.populate_user(v) if u is None: raise Exception("user " + v + " not found in ldap!") else: logger.debug("Populated user: {0}".format(u)) u.save() u = User.objects.get(username__iexact=v) u.first_name = first_name u.last_name = last_name logger.debug("Setting first nad last name: {}; {}".format( first_name, last_name)) if write_to_db: logger.debug("Saving user to DB") u.save() try: if teacher_code is not None: logger.debug("Creating corresponding teacher") if hasattr(u, "teacher"): t = u.teacher t.code = teacher_code else: t, created = Teacher.objects.get_or_create( code=teacher_code, defaults={'user_id': u.id}) logger.debug("{}".format(t)) old_user = t.user t.user = u logger.debug("Changing user on teacher to {0}".format(u)) if write_to_db: if old_user is not None and old_user.id != u.id: logger.debug( "Deleting old user {}".format(old_user)) old_user.delete() logger.debug("Saving teacher") t.save() else: logger.debug("Teacher not saved: {}".format(t)) except Exception as e: print(e) logger.exception("Error creating teacher") return u except: logger.exception("Error during teacher creation") else: logger.error("No LDAP backend found")
def handle(self, *args, **options): username = options['username'] ldap_backend = LDAPBackend() ldap_backend.populate_user(username)
#!/usr/bin/env python from django_auth_ldap.backend import LDAPBackend ''' SNS LDAP Authentication cd /home/rhf/git/reduction_service/src python manage.py shell ''' username = "******" ldapobj = LDAPBackend() user = ldapobj.populate_user(username) # ERROR: # [12/Jun/2015 14:15:19] WARNING [django_auth_ldap:396] Caught LDAPError while authenticating rhf: SERVER_DOWN({'info': '(unknown error code)', 'desc': "Can't contact LDAP server"},) if user is None: print "1st try failed!" ldapobj.ldap.set_option(ldapobj.ldap.OPT_X_TLS_REQUIRE_CERT, ldapobj.ldap.OPT_X_TLS_NEVER) user = ldapobj.populate_user(username) print user.is_anonymous()
def create_single_user(first_name=None, last_name=None, uid=None, code=None, teacher_code=None, write_to_db=False, out_stream=sys.stdout): """ Add a new user, create a Teacher object. """ logger = logging.getLogger(__name__) logger.info("Creating single user") logger.debug( "FN: {0}, LN: {1}, UID: {2}, code: {3}, tc: {4}, wdb: {5}, os: {6}". format(first_name, last_name, uid, code, teacher_code, write_to_db, out_stream)) try: logger.debug("Creating LDAP backend") ldap_backend = LDAPBackend() except: logger.exception() ldap_backend = None logger.debug("LDAP connecting to {0}".format( settings.AUTH_LDAP_SERVER_URI)) attributes = ['userprincipalname', 'givenname', 'sn', 'objectclass'] server = Server(settings.AUTH_LDAP_SERVER_URI, get_info=ALL) conn = Connection(server, settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD, auto_bind=True) logger.debug("LDAP BIND with username {0}".format( settings.AUTH_LDAP_BIND_DN)) time.sleep(1) s = settings.AUTH_LDAP_USER_SEARCH if uid is None and (first_name is not None and last_name is not None): logger.debug("UID is none, trying name based search") k = (first_name, last_name) filterstr = '(&(givenName={0})(sn={1}))'.format( first_name.encode('cp1250'), last_name.encode('cp1250')) logger.debug("Filterstring: {0}".format(filterstr)) try: conn.search(s.base_dn, filterstr, attributes=attributes) except Exception: logger.debug("Error during LDAP search") try: results = conn.entries except Exception as e: logger.exception("Error fetching results from LDAP") logger.debug("Got results: {0}".format(results)) if len(results) == 0: logger.debug("No results found") return False res1 = results[0] v = res1.userprincipalname.value else: logger.debug("UID is not none, perform UID search") k = None v = uid filterstr = "(userprincipalname={0})".format(v) logger.debug("Filterstring: {0}".format(filterstr)) try: conn.search(s.base_dn, filterstr, attributes=attributes) except Exception: logger.exception("Error during LDAP search") try: results = conn.entries except Exception as e: logger.exception("Error fetching results from LDAP: {0}".format(e)) logger.debug("Got results: {0}".format(results)) if len(results) == 0: logger.debug("No results found") return False res1 = results[0] k = (res1.givenname.value, res1.sn.value) if first_name is None: # first_name = k[0].decode('cp1250') first_name = k[0] logger.debug("Set first name to {0}".format(first_name)) if last_name is None: # last_name = k[1].decode('cp1250').upper() last_name = k[1].upper() logger.debug("Set last name to {0}".format(first_name)) logger.debug("Found {} {}: {}".format(first_name, last_name, v)) if ldap_backend is not None: try: logger.debug("Populating user") u = ldap_backend.populate_user(v) if u is None: raise Exception("user " + v + " not found in ldap!") else: logger.debug("Populated user: {0}".format(u)) u.save() u = User.objects.get(username__iexact=v) u.first_name = first_name u.last_name = last_name logger.debug("Setting first nad last name: {}; {}".format( first_name, last_name)) if write_to_db: logger.debug("Saving user to DB") u.save() try: if teacher_code is not None: logger.debug("Creating corresponding teacher") t = Teacher.objects.get_or_create(code=teacher_code) logger.debug("{}".format(t)) t = t[0] old_user = t.user t.user = u logger.debug("Changing user on teacher to {0}".format(u)) if write_to_db: if old_user is not None: logger.debug( "Deleting old user {}".format(old_user)) old_user.delete() logger.debug("Saving teacher") t.save() else: logger.debug("Teacher not saved: {}".format(t)) except Exception as e: logger.exception("Error creating teacher") return u except: logger.exception("Error during teacher creation") else: logger.error("No LDAP backend found")
def loginfromdrupal(request, email, signature, time): from django.contrib.auth import login import getpass import datetime """ Email function """ def decrypted(text): from Crypto.Cipher import AES from Crypto.Cipher import DES import base64 AES.key_size = 128 key = "5E712B225B5148E9" iv = "55FE52A86C3ABWED" crypt_object = AES.new(key=key, mode=AES.MODE_CBC, IV=iv) original = text plain = original.replace('-', "/") decoded = base64.b64decode( plain) # your ecrypted and encoded text goes here decrypted = crypt_object.decrypt(decoded) decrypted = decrypted.decode("utf-8") return decrypted """" return mail""" mail = decrypted(email) """ return ip """ ip = 1 ip = decrypted(signature) """ return time """ time = decrypted(time) now = datetime.datetime.now() now_plus_10 = now + datetime.timedelta(minutes=1) time_now = now.strftime('%H:%M') date_after_minute = now_plus_10.strftime('%H:%M') """ Current ip """ current_ip = request.META.get('REMOTE_ADDR') """" Get url from""" URL = request.META.get('HTTP_REFERER') referer = None if URL: referer = URL.split("/")[-3] if referer == 'portal.stats.gov.sa': if ip == "192..168.2.84": if time == time_now or time == date_after_minute: username = mail try: user = User.objects.get(username=username) #manually set the backend attribute user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) except User.DoesNotExist: from django_auth_ldap.backend import LDAPBackend ldap_backend = LDAPBackend() ldap_backend.populate_user(username) # return HttpResponseRedirect(reverse('login')) try: user = User.objects.get(username=username) #manually set the backend attribute user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) except User.DoesNotExist: return HttpResponseRedirect(reverse('login')) if request.user.is_authenticated(): email = request.user.email emp = Employee.objects.filter(email=email) # Get all data filtered by user email and set in session for data in emp: request.session['EmpID'] = data.empid request.session['EmpName'] = data.empname request.session['DeptName'] = data.deptname request.session['Mobile'] = data.mobile request.session['DeptCode'] = data.deptcode request.session['JobTitle'] = data.jobtitle request.session['IsManager'] = data.ismanager if emp: if data.ismanager == 1: g = Group.objects.get(name='ismanager') g.user_set.add(request.user.id) else: g = Group.objects.get(name='employee') g.user_set.add(request.user.id) else: return HttpResponseRedirect(reverse('login')) else: return HttpResponseRedirect(reverse('login')) logged = request.COOKIES.get('logged_in_status') context = { 'logged': logged, "mail": mail, "ip": ip, "time1": time, "URL": referer } template = loader.get_template('project/index.html') return HttpResponseRedirect(reverse('ns-project:index'))