def handle(self, *args, **options):
"""Command entry point."""
if not models.User.objects.filter(is_superuser=True).count():
admin = models.User(
username=options["admin_username"], is_superuser=True)
admin.set_password("password")
admin.save()
models.ObjectAccess.objects.create(
user=admin, content_object=admin, is_owner=True)
lc = models.LocalConfig.objects.first()
condition = (
"core" not in lc._parameters or
"secret_key" not in lc._parameters["core"])
if condition:
lc.parameters.set_value("secret_key", random_key())
lc.save()
for service_name in ["relay", "smtp"]:
relay_models.Service.objects.get_or_create(name=service_name)
extensions.exts_pool.load_all()
groups = list(constants.PERMISSIONS.keys())
for groupname in groups:
group, created = Group.objects.get_or_create(name=groupname)
results = signals.extra_role_permissions.send(
sender=self.__class__, role=groupname)
permissions = (
constants.PERMISSIONS.get(groupname, []) +
reduce(lambda a, b: a + b, [result[1] for result in results])
)
if not permissions:
continue
add_permissions_to_group(group, permissions)
for extname in list(extensions.exts_pool.extensions.keys()):
extension = extensions.exts_pool.get_extension(extname)
extension.load_initial_data()
signals.initial_data_loaded.send(
sender=self.__class__, extname=extname)
if options["extra_fixtures"]:
from modoboa.admin import factories
factories.populate_database()
def handle(self, *args, **options):
"""Command entry point."""
if not models.User.objects.filter(is_superuser=True).count():
admin = models.User(
username=options["admin_username"], is_superuser=True)
admin.set_password("password")
admin.save()
models.ObjectAccess.objects.create(
user=admin, content_object=admin, is_owner=True)
lc = models.LocalConfig.objects.first()
secret_key = lc.parameters.get_value("secret_key")
if not secret_key:
lc.parameters.set_value("secret_key", random_key())
lc.save()
for service_name in ["relay", "smtp"]:
relay_models.Service.objects.get_or_create(name=service_name)
exts_pool.load_all()
superadmin = models.User.objects.filter(is_superuser=True).first()
groups = PERMISSIONS.keys() + [
role[0] for role
in events.raiseQueryEvent("GetExtraRoles", superadmin, None)
]
for groupname in groups:
group, created = Group.objects.get_or_create(name=groupname)
permissions = (
PERMISSIONS.get(groupname, []) +
events.raiseQueryEvent("GetExtraRolePermissions", groupname)
)
if not permissions:
continue
add_permissions_to_group(group, permissions)
for extname in exts_pool.extensions.keys():
extension = exts_pool.get_extension(extname)
extension.load_initial_data()
events.raiseEvent("InitialDataLoaded", extname)
if options["extra_fixtures"]:
from modoboa.admin import factories
factories.populate_database()
def handle(self, *args, **options):
"""Command entry point."""
if not models.User.objects.filter(is_superuser=True).count():
admin = models.User(username=options["admin_username"],
is_superuser=True)
admin.set_password("password")
admin.save()
models.ObjectAccess.objects.create(user=admin,
content_object=admin,
is_owner=True)
lc = models.LocalConfig.objects.first()
secret_key = lc.parameters.get_value("secret_key")
if not secret_key:
lc.parameters.set_value("secret_key", random_key())
lc.save()
for service_name in ["relay", "smtp"]:
relay_models.Service.objects.get_or_create(name=service_name)
exts_pool.load_all()
superadmin = models.User.objects.filter(is_superuser=True).first()
groups = PERMISSIONS.keys() + [
role[0] for role in events.raiseQueryEvent("GetExtraRoles",
superadmin, None)
]
for groupname in groups:
group, created = Group.objects.get_or_create(name=groupname)
permissions = (
PERMISSIONS.get(groupname, []) +
events.raiseQueryEvent("GetExtraRolePermissions", groupname))
if not permissions:
continue
add_permissions_to_group(group, permissions)
for extname in exts_pool.extensions.keys():
extension = exts_pool.get_extension(extname)
extension.load_initial_data()
events.raiseEvent("InitialDataLoaded", extname)
if options["extra_fixtures"]:
from modoboa.admin import factories
factories.populate_database()
def handle(self, *args, **options):
"""Command entry point."""
load_core_settings()
load_admin_settings()
load_limits_settings()
if not User.objects.filter(is_superuser=True).count():
admin = User(username="******", is_superuser=True)
admin.set_password("password")
admin.save()
ObjectAccess.objects.create(
user=admin, content_object=admin, is_owner=True)
param_name = "core.SECRET_KEY"
qset = lib_models.Parameter.objects.filter(name=param_name)
if not qset.exists():
lib_models.Parameter.objects.create(
name=param_name, value=random_key())
for service_name in ['relay', 'smtp']:
relay_models.Service.objects.get_or_create(name=service_name)
exts_pool.load_all()
superadmin = User.objects.filter(is_superuser=True).first()
groups = PERMISSIONS.keys() + [
role[0] for role
in events.raiseQueryEvent("GetExtraRoles", superadmin, None)
]
for groupname in groups:
group, created = Group.objects.get_or_create(name=groupname)
permissions = (
PERMISSIONS.get(groupname, []) +
events.raiseQueryEvent("GetExtraRolePermissions", groupname)
)
if not permissions:
continue
add_permissions_to_group(group, permissions)
for extname in exts_pool.extensions.keys():
extension = exts_pool.get_extension(extname)
extension.load_initial_data()
events.raiseEvent("InitialDataLoaded", extname)
def handle(self, *args, **options):
"""Command entry point."""
load_core_settings()
load_admin_settings()
load_limits_settings()
if not User.objects.filter(is_superuser=True).count():
admin = User(username="******", is_superuser=True)
admin.set_password("password")
admin.save()
ObjectAccess.objects.create(user=admin,
content_object=admin,
is_owner=True)
param_name = "core.SECRET_KEY"
qset = lib_models.Parameter.objects.filter(name=param_name)
if not qset.exists():
lib_models.Parameter.objects.create(name=param_name,
value=random_key())
for service_name in ['relay', 'smtp']:
relay_models.Service.objects.get_or_create(name=service_name)
exts_pool.load_all()
superadmin = User.objects.filter(is_superuser=True).first()
groups = PERMISSIONS.keys() + [
role[0] for role in events.raiseQueryEvent("GetExtraRoles",
superadmin, None)
]
for groupname in groups:
group, created = Group.objects.get_or_create(name=groupname)
permissions = (
PERMISSIONS.get(groupname, []) +
events.raiseQueryEvent("GetExtraRolePermissions", groupname))
if not permissions:
continue
add_permissions_to_group(group, permissions)
for extname in exts_pool.extensions.keys():
extension = exts_pool.get_extension(extname)
extension.load_initial_data()
events.raiseEvent("InitialDataLoaded", extname)
class GeneralParametersForm(param_forms.AdminParametersForm):
"""General parameters."""
app = "core"
sep1 = SeparatorField(label=ugettext_lazy("Authentication"))
authentication_type = forms.ChoiceField(
label=ugettext_lazy("Authentication type"),
choices=[('local', ugettext_lazy("Local")), ('ldap', "LDAP")],
initial="local",
help_text=ugettext_lazy("The backend used for authentication"),
widget=InlineRadioSelect)
password_scheme = forms.ChoiceField(
label=ugettext_lazy("Default password scheme"),
choices=[("sha512crypt", "sha512crypt"),
("sha256crypt", "sha256crypt"), ("blfcrypt", "bcrypt"),
("md5crypt", ugettext_lazy("md5crypt (weak)")),
("sha256", ugettext_lazy("sha256 (weak)")),
("md5", ugettext_lazy("md5 (weak)")),
("crypt", ugettext_lazy("crypt (weak)")),
("plain", ugettext_lazy("plain (weak)"))],
initial="sha512crypt",
help_text=ugettext_lazy("Scheme used to crypt mailbox passwords"),
widget=forms.Select(attrs={"class": "form-control"}))
rounds_number = forms.IntegerField(
label=ugettext_lazy("Rounds"),
initial=70000,
help_text=ugettext_lazy(
"Number of rounds to use (only used by sha256crypt and "
"sha512crypt). Must be between 1000 and 999999999, inclusive."),
widget=forms.TextInput(attrs={"class": "form-control"}))
secret_key = forms.CharField(
label=ugettext_lazy("Secret key"),
initial=random_key(),
help_text=ugettext_lazy("Key used to encrypt/decrypt passwords"),
widget=forms.TextInput(attrs={"class": "form-control"}))
default_password = forms.CharField(
label=ugettext_lazy("Default password"),
initial="password",
help_text=ugettext_lazy(
"Default password for automatically created accounts."))
random_password_length = forms.IntegerField(
label=ugettext_lazy("Random password length"),
min_value=8,
initial=8,
help_text=ugettext_lazy("Length of randomly generated passwords."))
# LDAP specific settings
ldap_sep = SeparatorField(label=ugettext_lazy("LDAP settings"))
ldap_server_address = forms.CharField(
label=ugettext_lazy("Server address"),
initial="localhost",
help_text=ugettext_lazy(
"The IP address or the DNS name of the LDAP server"),
widget=forms.TextInput(attrs={"class": "form-control"}))
ldap_server_port = forms.IntegerField(
label=ugettext_lazy("Server port"),
initial=389,
help_text=ugettext_lazy("The TCP port number used by the LDAP server"),
widget=forms.TextInput(attrs={"class": "form-control"}))
ldap_secured = YesNoField(
label=ugettext_lazy("Use a secured connection"),
initial=False,
help_text=ugettext_lazy(
"Use an SSL/TLS connection to access the LDAP server"))
ldap_auth_method = forms.ChoiceField(
label=ugettext_lazy("Authentication method"),
choices=[('searchbind', ugettext_lazy("Search and bind")),
('directbind', ugettext_lazy("Direct bind"))],
initial='searchbind',
help_text=ugettext_lazy("Choose the authentication method to use"),
widget=forms.Select(attrs={"class": "form-control"}))
ldap_bind_dn = forms.CharField(
label=ugettext_lazy("Bind DN"),
initial='',
help_text=ugettext_lazy(
"The distinguished name to use when binding to the LDAP server. "
"Leave empty for an anonymous bind"),
required=False,
widget=forms.TextInput(attrs={"class": "form-control"}))
ldap_bind_password = forms.CharField(
label=ugettext_lazy("Bind password"),
initial='',
help_text=ugettext_lazy(
"The password to use when binding to the LDAP server "
"(with 'Bind DN')"),
widget=forms.PasswordInput(attrs={"class": "form-control"},
render_value=True),
required=False)
ldap_search_base = forms.CharField(
label=ugettext_lazy("Users search base"),
initial="",
help_text=ugettext_lazy(
"The distinguished name of the search base used to find users"),
required=False,
widget=forms.TextInput(attrs={"class": "form-control"}))
ldap_search_filter = forms.CharField(
label=ugettext_lazy("Search filter"),
initial="(mail=%(user)s)",
help_text=ugettext_lazy(
"An optional filter string (e.g. '(objectClass=person)'). "
"In order to be valid, it must be enclosed in parentheses."),
required=False,
widget=forms.TextInput(attrs={"class": "form-control"}))
ldap_user_dn_template = forms.CharField(
label=ugettext_lazy("User DN template"),
initial="",
help_text=ugettext_lazy(
"The template used to construct a user's DN. It should contain "
"one placeholder (ie. %(user)s)"),
required=False,
widget=forms.TextInput(attrs={"class": "form-control"}))
ldap_password_attribute = forms.CharField(
label=ugettext_lazy("Password attribute"),
initial="userPassword",
help_text=ugettext_lazy("The attribute used to store user passwords"),
widget=forms.TextInput(attrs={"class": "form-control"}))
ldap_is_active_directory = YesNoField(
label=ugettext_lazy("Active Directory"),
initial=False,
help_text=ugettext_lazy(
"Tell if the LDAP server is an Active Directory one"))
ldap_admin_groups = forms.CharField(
label=ugettext_lazy("Administrator groups"),
initial="",
help_text=ugettext_lazy(
"Members of those LDAP Posix groups will be created as domain "
"administrators. Use ';' characters to separate groups."),
required=False)
ldap_group_type = forms.ChoiceField(
label=ugettext_lazy("Group type"),
initial="posixgroup",
choices=constants.LDAP_GROUP_TYPES,
help_text=ugettext_lazy(
"The LDAP group type to use with your directory."))
ldap_groups_search_base = forms.CharField(
label=ugettext_lazy("Groups search base"),
initial="",
help_text=ugettext_lazy(
"The distinguished name of the search base used to find groups"),
required=False)
dash_sep = SeparatorField(label=ugettext_lazy("Dashboard"))
rss_feed_url = forms.URLField(
label=ugettext_lazy("Custom RSS feed"),
required=False,
help_text=ugettext_lazy(
"Display custom RSS feed to resellers and domain administrators"))
hide_features_widget = YesNoField(
label=ugettext_lazy("Hide features widget"),
initial=False,
help_text=ugettext_lazy(
"Hide features widget for resellers and domain administrators"))
notif_sep = SeparatorField(label=ugettext_lazy("Notifications"))
sender_address = lib_fields.UTF8EmailField(
label=_("Sender address"),
initial="*****@*****.**",
help_text=_("Email address used to send notifications."))
api_sep = SeparatorField(label=ugettext_lazy("Public API"))
enable_api_communication = YesNoField(
label=ugettext_lazy("Enable communication"),
initial=True,
help_text=ugettext_lazy(
"Enable communication with Modoboa public API"))
check_new_versions = YesNoField(
label=ugettext_lazy("Check new versions"),
initial=True,
help_text=ugettext_lazy(
"Automatically checks if a newer version is available"))
send_statistics = YesNoField(label=ugettext_lazy("Send statistics"),
initial=True,
help_text=ugettext_lazy(
"Send statistics to Modoboa public API "
"(counters and used extensions)"))
sep3 = SeparatorField(label=ugettext_lazy("Miscellaneous"))
inactive_account_threshold = forms.IntegerField(
label=_("Inactive account threshold"),
initial=30,
help_text=_(
"An account with a last login date greater than this threshold "
"(in days) will be considered as inactive"),
widget=forms.TextInput(attrs={"class": "form-control"}))
top_notifications_check_interval = forms.IntegerField(
label=_("Top notifications check interval"),
initial=30,
help_text=_(
"Interval between two top notification checks (in seconds)"),
widget=forms.TextInput(attrs={"class": "form-control"}))
log_maximum_age = forms.IntegerField(
label=ugettext_lazy("Maximum log record age"),
initial=365,
help_text=ugettext_lazy("The maximum age in days of a log record"),
widget=forms.TextInput(attrs={"class": "form-control"}))
items_per_page = forms.IntegerField(
label=ugettext_lazy("Items per page"),
initial=30,
help_text=ugettext_lazy("Number of displayed items per page"),
widget=forms.TextInput(attrs={"class": "form-control"}))
default_top_redirection = forms.ChoiceField(
label=ugettext_lazy("Default top redirection"),
choices=[],
initial="user",
help_text=ugettext_lazy(
"The default redirection used when no application is specified"),
widget=forms.Select(attrs={"class": "form-control"}))
# Visibility rules
visibility_rules = {
"ldap_sep": "authentication_type=ldap",
"ldap_server_address": "authentication_type=ldap",
"ldap_server_port": "authentication_type=ldap",
"ldap_secured": "authentication_type=ldap",
"ldap_auth_method": "authentication_type=ldap",
"ldap_bind_dn": "ldap_auth_method=searchbind",
"ldap_bind_password": "******",
"ldap_search_base": "ldap_auth_method=searchbind",
"ldap_search_filter": "ldap_auth_method=searchbind",
"ldap_user_dn_template": "ldap_auth_method=directbind",
"ldap_password_attribute": "authentication_type=ldap",
"ldap_is_active_directory": "authentication_type=ldap",
"ldap_admin_groups": "authentication_type=ldap",
"ldap_group_type": "authentication_type=ldap",
"ldap_groups_search_base": "authentication_type=ldap",
"check_new_versions": "enable_api_communication=True",
"send_statistics": "enable_api_communication=True",
}
def __init__(self, *args, **kwargs):
super(GeneralParametersForm, self).__init__(*args, **kwargs)
self.fields["default_top_redirection"].choices = enabled_applications()
def clean_secret_key(self):
if len(self.cleaned_data["secret_key"]) not in [16, 24, 32]:
raise forms.ValidationError(
_("Key must be either 16, 24, or 32 bytes long"))
return self.cleaned_data["secret_key"]
def clean_ldap_user_dn_template(self):
tpl = self.cleaned_data["ldap_user_dn_template"]
try:
test = tpl % {"user": "******"}
except (KeyError, ValueError):
raise forms.ValidationError(_("Invalid syntax"))
return tpl
def clean_rounds_number(self):
value = self.cleaned_data["rounds_number"]
if value < 1000 or value > 999999999:
raise forms.ValidationError(_("Invalid rounds number"))
return value
def clean_default_password(self):
"""Check password complexity."""
value = self.cleaned_data["default_password"]
password_validation.validate_password(value)
return value
def clean(self):
"""Custom validation method
Depending on 'ldap_auth_method' value, we check for different
required parameters.
"""
super(GeneralParametersForm, self).clean()
cleaned_data = self.cleaned_data
if cleaned_data["authentication_type"] != "ldap":
return cleaned_data
if cleaned_data["ldap_auth_method"] == "searchbind":
required_fields = ["ldap_search_base", "ldap_search_filter"]
else:
required_fields = ["ldap_user_dn_template"]
for f in required_fields:
if f not in cleaned_data or cleaned_data[f] == u'':
self.add_error(f, _("This field is required"))
return cleaned_data
def to_django_settings(self):
"""Apply LDAP related parameters to Django settings.
Doing so, we can use the django_auth_ldap module.
"""
try:
import ldap
from django_auth_ldap.config import (LDAPSearch, PosixGroupType,
GroupOfNamesType)
ldap_available = True
except ImportError:
ldap_available = False
values = dict(param_tools.get_global_parameters("core"))
if not ldap_available or values["authentication_type"] != "ldap":
return
if not hasattr(settings, "AUTH_LDAP_USER_ATTR_MAP"):
setattr(settings, "AUTH_LDAP_USER_ATTR_MAP", {
"first_name": "givenName",
"email": "mail",
"last_name": "sn"
})
ldap_uri = "ldaps://" if values["ldap_secured"] else "ldap://"
ldap_uri += "%s:%s" % (values["ldap_server_address"],
values["ldap_server_port"])
setattr(settings, "AUTH_LDAP_SERVER_URI", ldap_uri)
if values["ldap_group_type"] == "groupofnames":
setattr(settings, "AUTH_LDAP_GROUP_TYPE", GroupOfNamesType())
searchfilter = "(objectClass=groupOfNames)"
else:
setattr(settings, "AUTH_LDAP_GROUP_TYPE", PosixGroupType())
searchfilter = "(objectClass=posixGroup)"
setattr(
settings, "AUTH_LDAP_GROUP_SEARCH",
LDAPSearch(values["ldap_groups_search_base"], ldap.SCOPE_SUBTREE,
searchfilter))
if values["ldap_auth_method"] == "searchbind":
setattr(settings, "AUTH_LDAP_BIND_DN", values["ldap_bind_dn"])
setattr(settings, "AUTH_LDAP_BIND_PASSWORD",
values["ldap_bind_password"])
search = LDAPSearch(values["ldap_search_base"], ldap.SCOPE_SUBTREE,
values["ldap_search_filter"])
setattr(settings, "AUTH_LDAP_USER_SEARCH", search)
else:
setattr(settings, "AUTH_LDAP_USER_DN_TEMPLATE",
values["ldap_user_dn_template"])
if values["ldap_is_active_directory"]:
if not hasattr(settings, "AUTH_LDAP_GLOBAL_OPTIONS"):
setattr(settings, "AUTH_LDAP_GLOBAL_OPTIONS",
{ldap.OPT_REFERRALS: False})
else:
settings.AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_REFERRALS] = False
class GeneralParametersForm(parameters.AdminParametersForm):
app = "core"
sep1 = SeparatorField(label=ugettext_lazy("Authentication"))
authentication_type = forms.ChoiceField(
label=ugettext_lazy("Authentication type"),
choices=[('local', ugettext_lazy("Local")),
('ldap', "LDAP")],
initial="local",
help_text=ugettext_lazy("The backend used for authentication"),
widget=InlineRadioSelect
)
password_scheme = forms.ChoiceField(
label=ugettext_lazy("Default password scheme"),
choices=[("crypt", "crypt"),
("md5", "md5"),
("md5crypt", "md5crypt"),
("sha256", "sha256"),
("plain", "plain")],
initial="md5crypt",
help_text=ugettext_lazy("Scheme used to crypt mailbox passwords")
)
secret_key = forms.CharField(
label=ugettext_lazy("Secret key"),
initial=random_key(),
help_text=ugettext_lazy("Key used to encrypt/decrypt passwords")
)
# LDAP specific settings
ldap_sep = SeparatorField(label=ugettext_lazy("LDAP settings"))
ldap_server_address = forms.CharField(
label=ugettext_lazy("Server address"),
initial="localhost",
help_text=ugettext_lazy("The IP address of the DNS name of the LDAP server")
)
ldap_server_port = forms.IntegerField(
label=ugettext_lazy("Server port"),
initial=389,
help_text=ugettext_lazy("The TCP port number used by the LDAP server")
)
ldap_secured = YesNoField(
label=ugettext_lazy("Use a secured connection"),
initial="no",
help_text=ugettext_lazy("Use an SSL/TLS connection to access the LDAP server")
)
ldap_auth_method = forms.ChoiceField(
label=ugettext_lazy("Authentication method"),
choices=[('searchbind', ugettext_lazy("Search and bind")),
('directbind', ugettext_lazy("Direct bind"))],
initial='searchbind',
help_text=ugettext_lazy("Choose the authentication method to use"),
widget=InlineRadioSelect
)
ldap_bind_dn = forms.CharField(
label=ugettext_lazy("Bind DN"),
initial='',
help_text=ugettext_lazy("The distinguished name to use when binding to the LDAP server. Leave empty for an anonymous bind"),
required=False
)
ldap_bind_password = forms.CharField(
label=ugettext_lazy("Bind password"),
initial='',
help_text=ugettext_lazy("The password to use when binding to the LDAP server (with 'Bind DN')"),
widget=forms.PasswordInput,
required=False
)
ldap_search_base = forms.CharField(
label=ugettext_lazy("Search base"),
initial="",
help_text=ugettext_lazy("The distinguished name of the search base"),
required=False
)
ldap_search_filter = forms.CharField(
label=ugettext_lazy("Search filter"),
initial="(mail=%(user)s)",
help_text=ugettext_lazy("An optional filter string (e.g. '(objectClass=person)'). In order to be valid, it must be enclosed in parentheses."),
required=False
)
ldap_user_dn_template = forms.CharField(
label=ugettext_lazy("User DN template"),
initial="",
help_text=ugettext_lazy("The template used to construct a user's DN. It should contain one placeholder (ie. %(user)s)"),
required=False
)
ldap_password_attribute = forms.CharField(
label=ugettext_lazy("Password attribute"),
initial="userPassword",
help_text=ugettext_lazy("The attribute used to store user passwords")
)
ldap_is_active_directory = YesNoField(
label=ugettext_lazy("Active Directory"),
initial="no",
help_text=ugettext_lazy("Tell if the LDAP server is an Active Directory one")
)
sep3 = SeparatorField(label=ugettext_lazy("Miscellaneous"))
log_maximum_age = forms.IntegerField(
label=ugettext_lazy("Maximum log record age"),
initial=365,
help_text=ugettext_lazy("The maximum age in days of a log record")
)
items_per_page = forms.IntegerField(
label=ugettext_lazy("Items per page"),
initial=30,
help_text=ugettext_lazy("Number of displayed items per page")
)
default_top_redirection = forms.ChoiceField(
label=ugettext_lazy("Default top redirection"),
choices=[],
initial="core",
help_text=ugettext_lazy("The default redirection used when no application is specified")
)
# Visibility rules
visibility_rules = {
"ldap_sep": "authentication_type=ldap",
"ldap_server_address": "authentication_type=ldap",
"ldap_server_port": "authentication_type=ldap",
"ldap_secured": "authentication_type=ldap",
"ldap_auth_method": "authentication_type=ldap",
"ldap_bind_dn": "ldap_auth_method=searchbind",
"ldap_bind_password": "******",
"ldap_search_base": "ldap_auth_method=searchbind",
"ldap_search_filter": "ldap_auth_method=searchbind",
"ldap_user_dn_template": "ldap_auth_method=directbind",
"ldap_password_attribute": "authentication_type=ldap",
"ldap_is_active_directory": "authentication_type=ldap"
}
def __init__(self, *args, **kwargs):
super(GeneralParametersForm, self).__init__(*args, **kwargs)
self.fields["default_top_redirection"].choices = enabled_applications()
def clean_ldap_user_dn_template(self):
tpl = self.cleaned_data["ldap_user_dn_template"]
try:
test = tpl % {"user": "******"}
except ValueError:
raise forms.ValidationError(_("Invalid syntax"))
return tpl
def clean(self):
"""Custom validation method
Depending on 'ldap_auth_method' value, we check for different
required parameters.
"""
super(GeneralParametersForm, self).clean()
if len(self._errors):
raise forms.ValidationError(self._errors)
cleaned_data = self.cleaned_data
if cleaned_data["authentication_type"] != "ldap":
return cleaned_data
if cleaned_data["ldap_auth_method"] == "searchbind":
required_fields = ["ldap_search_base", "ldap_search_filter"]
else:
required_fields = ["ldap_user_dn_template"]
for f in required_fields:
if not f in cleaned_data or cleaned_data[f] == u'':
self._errors[f] = self.error_class([_("This field is required")])
return cleaned_data
def to_django_settings(self):
"""Apply LDAP related parameters to Django settings
Doing so, we can use the django_auth_ldap module.
"""
try:
import ldap
from django_auth_ldap.config import LDAPSearch
ldap_available = True
except ImportError:
ldap_available = False
values = self.get_current_values()
if not ldap_available or values["authentication_type"] != "ldap":
return
if not hasattr(settings, "AUTH_LDAP_USER_ATTR_MAP"):
setattr(settings, "AUTH_LDAP_USER_ATTR_MAP", {
"first_name": "givenName",
"email": "mail",
"last_name": "sn"
})
ldap_uri = 'ldaps://' if values["ldap_secured"] == "yes" else "ldap://"
ldap_uri += "%s:%s" % (values["ldap_server_address"], values["ldap_server_port"])
setattr(settings, "AUTH_LDAP_SERVER_URI", ldap_uri)
if values["ldap_auth_method"] == "searchbind":
setattr(settings, "AUTH_LDAP_BIND_DN", values["ldap_bind_dn"])
setattr(settings, "AUTH_LDAP_BIND_PASSWORD", values["ldap_bind_password"])
search = LDAPSearch(
values["ldap_search_base"], ldap.SCOPE_SUBTREE,
values["ldap_search_filter"]
)
setattr(settings, "AUTH_LDAP_USER_SEARCH", search)
else:
setattr(settings, "AUTH_LDAP_USER_DN_TEMPLATE", values["ldap_user_dn_template"])
if values["ldap_is_active_directory"] == "yes":
if not hasattr(settings, "AUTH_LDAP_GLOBAL_OPTIONS"):
setattr(settings, "AUTH_LDAP_GLOBAL_OPTIONS", {
ldap.OPT_REFERRALS: False
})
else:
settings.AUTH_LDAP_GLOBAL_OPTIONS[ldap.OPT_REFERRALS] = False
def test_valid_secret_key_generated(self):
"""Generate a 32 byte key"""
secret_key = cryptutils.random_key(32)
self.assertEqual(len(secret_key), 32)
