def clean_ocf_account(self):
data = self.cleaned_data["ocf_account"]
data = utils.clean_user_account(data)
if not utils.user_exists(data):
raise forms.ValidationError("OCF user account does not exist.")
ocf_accounts = utils.users_by_calnet_uid(self.calnet_uid)
if self.calnet_uid in settings.TESTER_CALNET_UIDS:
ocf_accounts.extend(settings.TEST_OCF_ACCOUNTS)
if data not in ocf_accounts:
raise forms.ValidationError("OCF user account and CalNet UID mismatch.")
return data
def change_password(request):
calnet_uid = request.session["calnet_uid"]
# some old group accounts have CalNet UIDs associated with them
accounts = users_by_calnet_uid(calnet_uid)
backend_failures = dict()
if calnet_uid in settings.TESTER_CALNET_UIDS:
# these test accounts don't have to exist in AD or exist in LDAP
accounts.extend(settings.TEST_OCF_ACCOUNTS)
if request.method == "POST":
form = ChpassForm(accounts, calnet_uid, request.POST)
if form.is_valid():
account = form.cleaned_data["ocf_account"]
password = form.cleaned_data["new_password"]
syslog.openlog(str("webchpwd as %s (from %s) for %s" % \
(calnet_uid, request.META["REMOTE_ADDR"], account)))
try:
change_krb_password(account, password)
krb_change_success = True
syslog.syslog("Kerberos password change successful")
except Exception as e:
krb_change_success = False
backend_failures["KRB"] = str(e)
syslog.syslog("Kerberos password change failed: %s" % e)
if krb_change_success:
# deleting this session variable will force
# the next change_password requet to
# reauthenticate with CalNet
del request.session["calnet_uid"]
return render_to_response("successfully_changed_password.html", {
"user_account": account
})
else:
form = ChpassForm(accounts, calnet_uid)
return render_to_response("change_password.html", {
"form": form,
"backend_failures": backend_failures
}, context_instance=RequestContext(request))
def request_account(request):
calnet_uid = request.session["calnet_uid"]
existing_accounts = users_by_calnet_uid(calnet_uid)
real_name = name_by_calnet_uid(calnet_uid)
if calnet_uid not in settings.TESTER_CALNET_UIDS and len(existing_accounts):
return render_to_response("already_requested_account.html", {
"calnet_uid": calnet_uid,
"calnet_url": settings.LOGOUT_URL
})
if request.method == "POST":
form = ApproveForm(request.POST)
if form.is_valid():
account_name = form.cleaned_data["ocf_login_name"]
email_address = form.cleaned_data["contact_email"]
forward_mail = form.cleaned_data["forward_email"]
password = form.cleaned_data["password"]
successfully_approved = False
try:
run_approve(real_name, calnet_uid, account_name,
email_address, forward_mail, password)
successfully_approved = True
except Exception as e:
form._errors[NON_FIELD_ERRORS] = form.error_class([str(e)])
if successfully_approved:
return render_to_response("successfully_requested_account.html",
{})
else:
form = ApproveForm()
return render_to_response("request_account.html",
{
"form": form,
"real_name": real_name
}, context_instance=RequestContext(request))
