def get_bound_ldapuser(request, password=None, username=None):
"""
Get LDAPUser with connection bound to the current user.
Uses either provided password or the secondary password saved
in session.
"""
if not username:
username = request.user.username
if not password:
try:
password = b64encode(
cipher.decrypt(request.session['secondary_password'], 48))
except KeyError:
raise OkupyError(
'Secondary password not available (no strong auth?)')
bound_cls = LDAPUser.bind_as(
alias='ldap_%s' % request.session.cache_key,
username=username,
password=password,
)
try:
return bound_cls.objects.get(username=username)
except Exception as e:
bound_cls.restore_alias()
raise e
def get_bound_ldapuser(request, password=None, username=None):
"""
Get LDAPUser with connection bound to the current user.
Uses either provided password or the secondary password saved
in session.
"""
if not username:
username = request.user.username
if not password:
try:
password = b64encode(cipher.decrypt(
request.session['secondary_password'], 48))
except KeyError:
raise OkupyError(
'Secondary password not available (no strong auth?)')
bound_cls = LDAPUser.bind_as(
alias='ldap_%s' % request.session.cache_key,
username=username,
password=password,
)
try:
return bound_cls.objects.get(username=username)
except Exception as e:
bound_cls.restore_alias()
raise e
def activate(request, token):
"""
The page that users get to activate their accounts
It is in the form /activate/$TOKEN
"""
try:
try:
queued = Queue.objects.get(encrypted_id=token)
except (Queue.DoesNotExist, OverflowError, TypeError, ValueError):
raise OkupyError('Invalid URL')
except Exception as error:
logger.critical(error, extra=log_extra_data(request))
logger_mail.exception(error)
raise OkupyError("Can't contact the database")
# get max uidNumber
try:
uidnumber = LDAPUser.objects.latest('uid').uid + 1
except LDAPUser.DoesNotExist:
uidnumber = 1
except Exception as error:
logger.critical(error, extra=log_extra_data(request))
logger_mail.exception(error)
raise OkupyError("Can't contact LDAP server")
# add account to ldap
new_user = LDAPUser(
object_class=settings.AUTH_LDAP_USER_OBJECTCLASS,
last_name=queued.last_name,
full_name='%s %s' % (queued.first_name, queued.last_name),
password=[ldap_md5_crypt.encrypt(queued.password)],
first_name=queued.first_name,
email=[queued.email],
username=queued.username,
uid=uidnumber,
gid=100,
gecos='%s %s' % (queued.first_name, queued.last_name),
home_directory='/home/%s' % queued.username,
ACL=['user.group'],
)
new_user.save()
# remove queued account from DB
queued.delete()
messages.success(request,
"Your account has been activated successfully")
except OkupyError as error:
messages.error(request, str(error))
return redirect(login)
def activate(request, token):
"""
The page that users get to activate their accounts
It is in the form /activate/$TOKEN
"""
try:
try:
queued = Queue.objects.get(encrypted_id=token)
except (Queue.DoesNotExist, OverflowError, TypeError, ValueError):
raise OkupyError('Invalid URL')
except Exception as error:
logger.critical(error, extra=log_extra_data(request))
logger_mail.exception(error)
raise OkupyError("Can't contact the database")
# get max uidNumber
try:
uidnumber = LDAPUser.objects.latest('uid').uid + 1
except LDAPUser.DoesNotExist:
uidnumber = 1
except Exception as error:
logger.critical(error, extra=log_extra_data(request))
logger_mail.exception(error)
raise OkupyError("Can't contact LDAP server")
# add account to ldap
new_user = LDAPUser(
object_class=settings.AUTH_LDAP_USER_OBJECTCLASS,
last_name=queued.last_name,
full_name='%s %s' % (queued.first_name, queued.last_name),
password=[ldap_md5_crypt.encrypt(queued.password)],
first_name=queued.first_name,
email=[queued.email],
username=queued.username,
uid=uidnumber,
gid=100,
gecos='%s %s' % (queued.first_name, queued.last_name),
home_directory='/home/%s' % queued.username,
ACL=['user.group'],
)
new_user.save()
# remove queued account from DB
queued.delete()
messages.success(
request, "Your account has been activated successfully")
except OkupyError as error:
messages.error(request, str(error))
return redirect(login)
