def GET(self, profile_type, mail):
i = web.input()
self.mail = str(mail).lower()
self.cur_domain = self.mail.split('@', 1)[-1]
self.profile_type = str(profile_type)
if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain):
# Catchall account.
raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain)
if not iredutils.is_email(self.mail):
raise web.seeother('/domains?msg=INVALID_USER')
if not iredutils.is_domain(self.cur_domain):
raise web.seeother('/domains?msg=INVALID_DOMAIN_NAME')
userLib = userlib.User()
qr = userLib.profile(domain=self.cur_domain, mail=self.mail)
if qr[0] is True:
self.profile = qr[1]
else:
raise web.seeother('/users/%s?msg=%s' % (self.cur_domain, web.urlquote(qr[1])))
return web.render(
'pgsql/user/profile.html',
cur_domain=self.cur_domain,
mail=self.mail,
profile_type=self.profile_type,
profile=self.profile,
languagemaps=get_language_maps(),
msg=i.get('msg'),
)
def GET(self):
i = web.input()
return web.render('ldap/admin/create.html',
languagemaps=languages.get_language_maps(),
default_language=settings.default_language,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg'))
def GET(self, profile_type, mail):
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
# Get admin profile.
adminLib = admin.Admin()
result = adminLib.profile(self.mail)
if result[0] is not True:
raise web.seeother('/admins?msg=' + result[1])
else:
self.admin_profile = result[1]
i = web.input()
if self.profile_type == 'general':
# Get available languages.
if result[0] is True:
###################
# Managed domains
#
# Check permission.
#if session.get('domainGlobalAdmin') is not True:
# raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % self.mail)
# Get all domains.
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ])
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
else:
return resultOfAllDomains
return web.render(
'ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
msg=i.get('msg', None),
)
else:
raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1]))
elif self.profile_type == 'password':
return web.render('ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg', None),
)
def GET(self):
i = web.input()
return web.render('ldap/admin/create.html',
languagemaps=languages.get_language_maps(),
default_language=settings.default_language,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg'),
)
def GET(self):
if session.get('logged') is False:
i = web.input(_unicode=False)
# Show login page.
return web.render('login.html',
languagemaps=languages.get_language_maps(),
webmaster=session.get('webmaster'),
msg=i.get('msg'))
else:
raise web.seeother('/dashboard')
def GET(self, profile_type, mail):
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
# Get admin profile.
adminLib = admin.Admin()
result = adminLib.profile(self.mail)
if result[0] is not True:
raise web.seeother('/admins?msg=' + result[1])
else:
self.admin_profile = result[1]
i = web.input()
if self.profile_type == 'general':
# Get available languages.
if result[0] is True:
###################
# Managed domains
#
# Get all domains.
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ])
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
else:
return resultOfAllDomains
return web.render(
'ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
msg=i.get('msg', None),
)
else:
raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1]))
elif self.profile_type == 'password':
return web.render('ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg', None))
def GET(self, profile_type, mail):
i = web.input(
enabledService=[],
telephoneNumber=[],
)
self.mail = web.safestr(mail)
self.cur_domain = self.mail.split('@', 1)[-1]
self.profile_type = web.safestr(profile_type)
if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain):
# Catchall account.
raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain)
if not iredutils.is_email(self.mail):
raise web.seeother('/domains?msg=INVALID_USER')
domainAccountSetting = {}
userLib = user.User()
result = userLib.profile(domain=self.cur_domain, mail=self.mail)
if result[0] is False:
raise web.seeother('/users/%s?msg=%s' %
(self.cur_domain, web.urlquote(result[1])))
if self.profile_type == 'password':
# Get accountSetting of current domain.
domainLib = domainlib.Domain()
result_setting = domainLib.getDomainAccountSetting(
domain=self.cur_domain)
if result_setting[0] is True:
domainAccountSetting = result_setting[1]
minPasswordLength = domainAccountSetting.get('minPasswordLength', '0')
maxPasswordLength = domainAccountSetting.get('maxPasswordLength', '0')
return web.render(
'ldap/user/profile.html',
profile_type=self.profile_type,
mail=self.mail,
user_profile=result[1],
defaultStorageBaseDirectory=settings.storage_base_directory,
minPasswordLength=minPasswordLength,
maxPasswordLength=maxPasswordLength,
domainAccountSetting=domainAccountSetting,
languagemaps=get_language_maps(),
msg=i.get('msg', None),
)
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username').strip()).lower()
password = str(i.get('password').strip())
save_pass = web.safestr(i.get('save_pass', 'no').strip())
auth = core.Auth()
auth_result = auth.auth(username=username, password=password)
if auth_result[0] is True:
# Config session data.
web.config.session_parameters['cookie_name'] = 'iRedAdmin'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(
msg="Login success",
event='login',
)
# Save selected language
selected_language = str(i.get('lang', '')).strip()
if selected_language != web.ctx.lang and \
selected_language in languages.get_language_maps():
session['lang'] = selected_language
raise web.seeother('/dashboard/checknew')
else:
session['failed_times'] += 1
web.logger(
msg="Login failed.",
admin=username,
event='login',
loglevel='error',
)
raise web.seeother('/login?msg=%s' % web.urlquote(auth_result[1]))
def GET(self, profile_type, mail):
i = web.input()
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if not iredutils.is_email(self.mail):
raise web.seeother('/admins?msg=INVALID_MAIL')
if session.get('domainGlobalAdmin'
) is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother(
'/profile/admin/general/%s?msg=PERMISSION_DENIED' %
session.get('username'))
adminLib = adminlib.Admin()
result = adminLib.profile(mail=self.mail)
if result[0] is True:
domainGlobalAdmin, profile = result[1], result[2]
# Get all domains.
self.allDomains = []
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.getAllDomains()
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
# Get managed domains.
self.managedDomains = []
return web.render(
'pgsql/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
domainGlobalAdmin=domainGlobalAdmin,
profile=profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg'),
)
else:
raise web.seeother('/admins?msg=' + web.urlquote(result[1]))
def GET(self, profile_type, mail):
i = web.input()
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if not iredutils.is_email(self.mail):
raise web.seeother('/admins?msg=INVALID_MAIL')
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
adminLib = adminlib.Admin()
result = adminLib.profile(mail=self.mail)
if result[0] is True:
domainGlobalAdmin, profile = result[1], result[2]
# Get all domains.
self.allDomains = []
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.getAllDomains()
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
# Get managed domains.
self.managedDomains = []
return web.render(
'pgsql/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
domainGlobalAdmin=domainGlobalAdmin,
profile=profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg'),
)
else:
raise web.seeother('/admins?msg=' + web.urlquote(result[1]))
def GET(self, profile_type, mail):
i = web.input(enabledService=[], telephoneNumber=[], )
self.mail = web.safestr(mail)
self.cur_domain = self.mail.split('@', 1)[-1]
self.profile_type = web.safestr(profile_type)
if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain):
# Catchall account.
raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain)
if not iredutils.is_email(self.mail):
raise web.seeother('/domains?msg=INVALID_USER')
domainAccountSetting = {}
userLib = user.User()
result = userLib.profile(domain=self.cur_domain, mail=self.mail)
if result[0] is False:
raise web.seeother('/users/%s?msg=%s' % (self.cur_domain, web.urlquote(result[1])))
if self.profile_type == 'password':
# Get accountSetting of current domain.
domainLib = domainlib.Domain()
result_setting = domainLib.getDomainAccountSetting(domain=self.cur_domain)
if result_setting[0] is True:
domainAccountSetting = result_setting[1]
minPasswordLength = domainAccountSetting.get('minPasswordLength', '0')
maxPasswordLength = domainAccountSetting.get('maxPasswordLength', '0')
return web.render(
'ldap/user/profile.html',
profile_type=self.profile_type,
mail=self.mail,
user_profile=result[1],
defaultStorageBaseDirectory=settings.storage_base_directory,
minPasswordLength=minPasswordLength,
maxPasswordLength=maxPasswordLength,
domainAccountSetting=domainAccountSetting,
languagemaps=get_language_maps(),
msg=i.get('msg', None),
)
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username').strip()).lower()
password = str(i.get('password').strip())
save_pass = web.safestr(i.get('save_pass', 'no').strip())
auth = core.Auth()
auth_result = auth.auth(username=username, password=password)
if auth_result[0] is True:
# Config session data.
web.config.session_parameters['cookie_name'] = 'iRedAdmin-Pro'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(msg="Login success", event='login',)
# Save selected language
selected_language = str(i.get('lang', '')).strip()
if selected_language != web.ctx.lang and \
selected_language in languages.get_language_maps():
session['lang'] = selected_language
raise web.seeother('/dashboard/checknew')
else:
session['failed_times'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',)
raise web.seeother('/login?msg=%s' % web.urlquote(auth_result[1]))
class Login:
def GET(self):
if session.get('logged') is False:
i = web.input(_unicode=False)
# Show login page.
return web.render('login.html',
languagemaps=languages.get_language_maps(),
webmaster=session.get('webmaster'),
msg=i.get('msg'))
else:
raise web.seeother('/dashboard')
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username', '').strip()).lower()
password = i.get('password', '').strip()
save_pass = web.safestr(i.get('save_pass', 'no').strip())
if not iredutils.is_email(username):
raise web.seeother('/login?msg=INVALID_USERNAME')
if not password:
raise web.seeother('/login?msg=EMPTY_PASSWORD')
# Get LDAP URI.
uri = settings.ldap_uri
# Verify bind_dn & bind_pw.
try:
# Detect STARTTLS support.
if uri.startswith('ldaps://'):
starttls = True
else:
starttls = False
# Set necessary option for STARTTLS.
if starttls:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
# Initialize connection.
conn = ldap.initialize(uri)
# Set LDAP protocol version: LDAP v3.
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
if starttls:
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
# synchronous bind.
conn.bind_s(settings.ldap_bind_dn, settings.ldap_bind_password)
conn.unbind_s()
except (ldap.INVALID_CREDENTIALS):
raise web.seeother('/login?msg=vmailadmin_INVALID_CREDENTIALS')
except Exception, e:
raise web.seeother('/login?msg=%s' % web.safestr(e))
# Check whether it's a mail user
dn_user = ldaputils.convert_keyword_to_dn(username, accountType='user')
qr_user_auth = auth.Auth(uri=uri, dn=dn_user, password=password)
qr_admin_auth = (False, 'INVALID_CREDENTIALS')
if not qr_user_auth[0]:
# Verify admin account under 'o=domainAdmins'.
dn_admin = ldaputils.convert_keyword_to_dn(username, accountType='admin')
qr_admin_auth = auth.Auth(uri=uri, dn=dn_admin, password=password)
if not qr_admin_auth[0]:
session['failed_times'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error')
raise web.seeother('/login?msg=INVALID_CREDENTIALS')
if qr_admin_auth[0] or qr_user_auth[0]:
session['username'] = username
session['logged'] = True
# Read preferred language from LDAP
if qr_admin_auth[0] is True:
adminLib = adminlib.Admin()
adminProfile = adminLib.profile(username, attributes=['preferredLanguage'])
if adminProfile[0] is True:
dn, entry = adminProfile[1][0]
lang = entry.get('preferredLanguage', [settings.default_language])[0]
session['lang'] = lang
if qr_user_auth[0] is True:
session['isMailUser'] = True
web.config.session_parameters['cookie_name'] = 'iRedAdmin-Pro'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(msg="Login success", event='login',)
# Save selected language
selected_language = str(i.get('lang', '')).strip()
if selected_language != web.ctx.lang and \
selected_language in languages.get_language_maps():
session['lang'] = selected_language
raise web.seeother('/dashboard/checknew')
else:
session['failed_times'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',)
raise web.seeother('/login?msg=%s' % qr_admin_auth[1])
def get_language(form, input_name='preferredLanguage'):
lang = get_single_value(form, input_name=input_name, to_string=True)
if lang not in get_language_maps():
lang = ''
return lang
