Beispiel #1
0
    def user_add():
        title = "Add user"

        base = request.args.get('base')
        if not base:
            base = "OU=People,%s" % g.ldap['dn']

        form = UserAdd(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('displayName', form.display_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail),
                         (None, form.password),
                         (None, form.password_confirm),
                         ('userAccountControl', form.uac_flags)]

        form.visible_fields = [field[1] for field in field_mapping]

        form.uac_flags.choices = [(key, value[0]) for key, value in
                                  LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
                                  if value[1]]

        if form.validate_on_submit():
            try:
                # Default attributes
                upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
                attributes = {'objectClass': "user",
                              'UserPrincipalName': upn,
                              'accountExpires': "0",
                              'lockoutTime': "0"}

                for attribute, field in field_mapping:
                    if attribute == 'userAccountControl':
                        current_uac = 512
                        for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES
                                          .items()):
                            if flag[1] and key in field.data:
                                current_uac += key
                        attributes[attribute] = str(current_uac)
                    elif attribute and field.data:
                        attributes[attribute] = field.data

                ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
                                  attributes)
                ldap_change_password(None, form.password.data,
                                     form.user_name.data)

                flash("User successfully created.", "success")
                return redirect(url_for('user_overview',
                                        username=form.user_name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html", form=form, title=title,
                               action="Add user",
                               parent=url_for('user_add'))
Beispiel #2
0
    def user_edit_profile(username):
        title = "Edit user"

        if not ldap_user_exists(username=username):
            abort(404)

        user = ldap_get_user(username=username)
        form = UserProfileEdit(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('displayName', form.display_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail),
                         ('userAccountControl', form.uac_flags)]

        form.uac_flags.choices = [(key, value[0]) for key, value in
                                  LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
                                  if value[1]]

        form.visible_fields = [field[1] for field in field_mapping]

        if form.validate_on_submit():
            try:
                for attribute, field in field_mapping:
                    value = field.data
                    if value != user.get(attribute):
                        if attribute == 'sAMAccountName':
                            # Rename the account
                            ldap_update_attribute(user['distinguishedName'],
                                                  "sAMAccountName", value)
                            ldap_update_attribute(user['distinguishedName'],
                                                  "userPrincipalName",
                                                  "%s@%s" % (value,
                                                             g.ldap['domain']))
                            # Finish by renaming the whole record
                            ldap_update_attribute(user['distinguishedName'],
                                                  "cn", value)
                            user = ldap_get_user(value)
                        elif attribute == 'userAccountControl':
                            current_uac = user['userAccountControl']
                            for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES
                                              .items()):
                                if not flag[1]:
                                    continue

                                if key in value:
                                    if not current_uac & key:
                                        current_uac += key
                                else:
                                    if current_uac & key:
                                        current_uac -= key
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, str(current_uac))
                        else:
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, value)

                flash("Profile successfully updated.", "success")
                return redirect(url_for('user_overview',
                                        username=form.user_name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        if not form.is_submitted():
            form.first_name.data = user.get('givenName')
            form.last_name.data = user.get('sn')
            form.display_name.data = user.get('displayName')
            form.user_name.data = user.get('sAMAccountName')
            form.mail.data = user.get('mail')
            form.uac_flags.data = [key for key, flag in
                                   LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
                                   if (flag[1] and
                                       user['userAccountControl'] & key)]

        return render_template("forms/basicform.html", form=form, title=title,
                               action="Save changes",
                               parent=url_for('user_overview',
                                              username=username))
Beispiel #3
0
    def user_add():
        title = "Add user"

        base = request.args.get('base')
        if not base:
            base = "OU=People,%s" % g.ldap['dn']

        form = UserAdd(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('displayName', form.display_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail), (None, form.password),
                         (None, form.password_confirm),
                         ('userAccountControl', form.uac_flags)]

        form.visible_fields = [field[1] for field in field_mapping]

        form.uac_flags.choices = [
            (key, value[0])
            for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
            if value[1]
        ]

        if form.validate_on_submit():
            try:
                # Default attributes
                upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
                attributes = {
                    'objectClass': "user",
                    'UserPrincipalName': upn,
                    'accountExpires': "0",
                    'lockoutTime': "0"
                }

                for attribute, field in field_mapping:
                    if attribute == 'userAccountControl':
                        current_uac = 512
                        for key, flag in (
                                LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
                            if flag[1] and key in field.data:
                                current_uac += key
                        attributes[attribute] = str(current_uac)
                    elif attribute and field.data:
                        attributes[attribute] = field.data

                ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
                                  attributes)
                ldap_change_password(None, form.password.data,
                                     form.user_name.data)

                flash("User successfully created.", "success")
                return redirect(
                    url_for('user_overview', username=form.user_name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Add user",
                               parent=url_for('user_add'))
Beispiel #4
0
    def user_edit_profile(username):
        title = "Edit user"

        if not ldap_user_exists(username=username):
            abort(404)

        user = ldap_get_user(username=username)
        form = UserProfileEdit(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('displayName', form.display_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail),
                         ('userAccountControl', form.uac_flags)]

        form.uac_flags.choices = [
            (key, value[0])
            for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
            if value[1]
        ]

        form.visible_fields = [field[1] for field in field_mapping]

        if form.validate_on_submit():
            try:
                for attribute, field in field_mapping:
                    value = field.data
                    if value != user.get(attribute):
                        if attribute == 'sAMAccountName':
                            # Rename the account
                            ldap_update_attribute(user['distinguishedName'],
                                                  "sAMAccountName", value)
                            ldap_update_attribute(
                                user['distinguishedName'], "userPrincipalName",
                                "%s@%s" % (value, g.ldap['domain']))
                            # Finish by renaming the whole record
                            ldap_update_attribute(user['distinguishedName'],
                                                  "cn", value)
                            user = ldap_get_user(value)
                        elif attribute == 'userAccountControl':
                            current_uac = user['userAccountControl']
                            for key, flag in (
                                    LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
                                if not flag[1]:
                                    continue

                                if key in value:
                                    if not current_uac & key:
                                        current_uac += key
                                else:
                                    if current_uac & key:
                                        current_uac -= key
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, str(current_uac))
                        else:
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, value)

                flash("Profile successfully updated.", "success")
                return redirect(
                    url_for('user_overview', username=form.user_name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        if not form.is_submitted():
            form.first_name.data = user.get('givenName')
            form.last_name.data = user.get('sn')
            form.display_name.data = user.get('displayName')
            form.user_name.data = user.get('sAMAccountName')
            form.mail.data = user.get('mail')
            form.uac_flags.data = [
                key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
                if (flag[1] and user['userAccountControl'] & key)
            ]

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Save changes",
                               parent=url_for('user_overview',
                                              username=username))
    def user_edit_profile(username):
        title = "Edit user"

        if not ldap_user_exists(username=username):
            abort(404)

        user = ldap_get_user(username=username)
        form = UserProfileEdit(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail),
                         ('userAccountControl', form.uac_flags)]

        form.uac_flags.choices = [
            (key, value[0])
            for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
        ]

        form.visible_fields = [field[1] for field in field_mapping]

        if form.validate_on_submit():
            try:
                for attribute, field in field_mapping:
                    value = field.data
                    given_name = user.get('givenName')
                    last_name = user.get('lastName')
                    if value != user.get(attribute):
                        if attribute == 'sAMAccountName':
                            # Rename the account
                            ldap_update_attribute(user['distinguishedName'],
                                                  "sAMAccountName", value)
                            ldap_update_attribute(
                                user['distinguishedName'], "userPrincipalName",
                                "%s@%s" % (value, g.ldap['domain']))
                            # Finish by renaming the whole record
                            # TODO: refactor this to use rename_s instead of update
                            # ldap_update_attribute(user['distinguishedName'], "cn", value)
                            user = ldap_get_user(value)
                        elif attribute == 'userAccountControl':
                            current_uac = 512
                            for key, flag in (
                                    LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
                                if flag[1] and key in field.data:
                                    current_uac += key
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, str(current_uac))
                        elif attribute == 'givenName':
                            given_name = value
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, value)
                            displayName = given_name + ' ' + last_name
                            ldap_update_attribute(user['distinguishedName'],
                                                  'displayName', displayName)
                        elif attribute == 'sn':
                            last_name = value
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, value)
                            displayName = given_name + ' ' + last_name
                            ldap_update_attribute(user['distinguishedName'],
                                                  'displayName', displayName)
                        else:
                            ldap_update_attribute(user['distinguishedName'],
                                                  attribute, value)

                flash(u"Profile updated successfully.", "success")
                return redirect(
                    url_for('user_overview', username=form.user_name.data))
            except ldap.LDAPError as e:
                e = dict(e.args[0])
                flash(e['info'], "error")
        elif form.errors:
            flash(u"Data validation failed.", "error")

        if not form.is_submitted():
            form.first_name.data = user.get('givenName')
            form.last_name.data = user.get('sn')
            form.user_name.data = user.get('sAMAccountName')
            form.mail.data = user.get('mail')
            form.uac_flags.data = [
                key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
                if (flag[1] and user['userAccountControl'] & key)
            ]

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Save changes",
                               parent=url_for('user_overview',
                                              username=username))
    def user_add():
        title = "Add User"

        if g.extra_fields:
            form = UserAddExtraFields(request.form)
        else:
            form = UserAdd(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail), (None, form.password),
                         (None, form.password_confirm),
                         ('userAccountControl', form.uac_flags)]
        if g.extra_fields:
            extra_field_mapping = [('cUJAEPersonExternal', form.manual),
                                   ('cUJAEPersonType', form.person_type),
                                   ('cUJAEPersonDNI', form.dni)]
            field_mapping += extra_field_mapping

        form.visible_fields = [field[1] for field in field_mapping]
        form.uac_flags.choices = [
            (key, value[0])
            for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
        ]

        if form.validate_on_submit():
            try:
                base = request.args.get("b'base")
                base = base.rstrip("'")
                # Default attributes
                upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
                attributes = {
                    'objectClass': [
                        b'top', b'person', b'organizationalPerson', b'user',
                        b'inetOrgPerson'
                    ],
                    'UserPrincipalName': [upn.encode('utf-8')],
                    'accountExpires': [b"0"],
                    'lockoutTime': [b"0"],
                }

                for attribute, field in field_mapping:
                    if attribute == 'userAccountControl':
                        current_uac = 512
                        for key, flag in (
                                LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
                            if flag[1] and key in field.data:
                                current_uac += key
                        attributes[attribute] = [
                            str(current_uac).encode('utf-8')
                        ]
                    elif attribute and field.data:
                        if isinstance(field, BooleanField):
                            if field.data:
                                attributes[attribute] = 'TRUE'.encode('utf-8')
                            else:
                                attributes[attribute] = 'FALSE'.encode('utf-8')
                        else:
                            attributes[attribute] = [
                                field.data.encode('utf-8')
                            ]
                if 'sn' in attributes:
                    attributes['displayName'] = attributes['givenName'][
                        0].decode('utf-8') + " " + attributes['sn'][0].decode(
                            'utf-8')
                    attributes['displayName'] = [
                        attributes['displayName'].encode('utf-8')
                    ]
                else:
                    attributes['displayName'] = attributes['givenName']

                ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
                                  attributes)
                ldap_change_password(None, form.password.data,
                                     form.user_name.data)
                flash(u"User created successfully.", "success")
                return redirect(
                    url_for('user_overview', username=form.user_name.data))
            except ldap.LDAPError as e:
                e = dict(e.args[0])
                flash(e['info'], "error")
        elif form.errors:
            print(form.errors)
            flash("Some fields failed validation.", "error")
        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Adicionar Usuario",
                               parent=url_for('tree_base'))