def add(self): """/accounts/new""" c.form = AddUserForm(request.POST, csrf_context=session) if c.user.is_domain_admin: account_types = (('3', 'User'), ) c.form.account_type.choices = account_types c.form.domains.query = Session.query(Domain).join(dom_owns, (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) else: c.form.domains.query = Session.query(Domain) if request.POST and c.form.validate(): try: user = User(username=c.form.username.data, email=c.form.email.data) for attr in [ 'firstname', 'lastname', 'email', 'active', 'account_type', 'send_report', 'spam_checks', 'low_score', 'high_score', 'timezone' ]: setattr(user, attr, getattr(c.form, attr).data) user.local = True user.set_password(c.form.password1.data) if int(user.account_type) == 3: user.domains = c.form.domains.data Session.add(user) Session.commit() update_serial.delay() info = ADDACCOUNT_MSG % dict(u=user.username) audit_log(c.user.username, 3, info, request.host, request.remote_addr, now()) flash( _('The account: %(user)s was created successfully') % {'user': c.form.username.data}) redirect(url('account-detail', userid=user.id)) except IntegrityError: Session.rollback() flash_alert( _('Either the username or email address already exist')) return render('/accounts/new.html')
def add(self): """/accounts/new""" c.form = AddUserForm(request.POST, csrf_context=session) if c.user.is_domain_admin: account_types = (('3', 'User'),) c.form.account_type.choices = account_types c.form.domains.query = Session.query(Domain).join(dom_owns, (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) else: c.form.domains.query = Session.query(Domain) if request.POST and c.form.validate(): try: user = User(username=c.form.username.data, email=c.form.email.data) for attr in ['firstname', 'lastname', 'email', 'active', 'account_type', 'send_report', 'spam_checks', 'low_score', 'high_score', 'timezone']: setattr(user, attr, getattr(c.form, attr).data) user.local = True user.set_password(c.form.password1.data) if int(user.account_type) == 3: user.domains = c.form.domains.data Session.add(user) Session.commit() update_serial.delay() info = ADDACCOUNT_MSG % dict(u=user.username) audit_log(c.user.username, 3, unicode(info), request.host, request.remote_addr, now()) flash(_('The account: %(user)s was created successfully') % {'user': c.form.username.data}) redirect(url('account-detail', userid=user.id)) except IntegrityError: Session.rollback() flash_alert( _('Either the username or email address already exist')) return render('/accounts/new.html')
def loggedin(self): "Landing page" came_from = (unquote(str(request.params.get('came_from', ''))) or url('/')) if not self.identity: login_counter = request.environ['repoze.who.logins'] + 1 redirect(url('/accounts/login', came_from=came_from, __logins=login_counter)) userid = self.identity['repoze.who.userid'] user = self.identity['user'] if user is None: try: user = User(username=userid, email=userid) user.active = True local_part, domain = userid.split('@') domains = Session.query(Domain)\ .filter(Domain.name == domain)\ .all() user.domains = domains user.timezone = domains[0].timezone Session.add(user) Session.commit() msg = _('First time Login from external auth,' ' your local account was created') addresses = [] if ('tokens' in self.identity and 'ldap' in self.identity['tokens']): lsettings = Session.query(AuthServer.address, AuthServer.port, LDAPSettings.binddn, LDAPSettings.bindpw, LDAPSettings.usetls)\ .join(LDAPSettings)\ .join(Domain)\ .filter(AuthServer.enabled == True)\ .filter(Domain.name == domain)\ .all() lsettings = lsettings[0] lurl = make_ldap_uri(lsettings.address, lsettings.port) base_dn = get_user_dn(self.identity['tokens'][1]) attributes = ['sn', 'givenName', 'proxyAddresses', 'mail', 'memberOf'] ldapattributes = LDAPAttributes( lurl, base_dn, attributes=attributes, bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls ) ldapattributes() attrmap = { 'sn': 'lastname', 'givenName': 'firstname', 'mail': 'email', } update_attrs = False doms = [domains[0].name] doms.extend([alias.name for alias in domains[0].aliases]) for attr in attrmap: if attr == 'mail': for mailattr in ldapattributes[attr]: mailattr = mailattr.lower() if (mailattr != user.email and '@' in mailattr and mailattr.split('@')[1] in doms): address = Address(mailattr) address.user = user addresses.append(address) continue if attr in ldapattributes: setattr(user, attrmap[attr], ldapattributes[attr][0]) update_attrs = True if update_attrs: Session.add(user) Session.commit() # accounts aliases if 'proxyAddresses' in ldapattributes: for mailaddr in ldapattributes['proxyAddresses']: try: if mailaddr.startswith('SMTP:'): continue clean_addr = PROXY_ADDR_RE.sub('', mailaddr) clean_addr = clean_addr.lower() if (mailaddr.startswith('smtp:') and clean_addr.split('@')[1] in doms): # Only add domain if we host it address = Address(clean_addr) address.user = user addresses.append(address) except IndexError: pass # accounts groups if 'memberOf' in ldapattributes: for group_dn in ldapattributes['memberOf']: groupattributes = LDAPAttributes( lurl, group_dn, attributes=['proxyAddresses'], bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls ) groupattributes() if 'proxyAddresses' not in groupattributes: continue for mailaddr in groupattributes['proxyAddresses']: try: mailaddr = mailaddr.lower() clean_addr = PROXY_ADDR_RE.sub('', mailaddr) if (mailaddr.startswith('smtp:') and clean_addr.split('@')[1] in doms): address = Address(clean_addr) address.user = user addresses.append(address) except IndexError: pass else: for alias in domains[0].aliases: address = Address('%s@%s' % (local_part, alias.name)) address.user = user addresses.append(address) for unsaved in addresses: try: Session.add(unsaved) Session.commit() except IntegrityError: Session.rollback() except IntegrityError: Session.rollback() redirect(url('/logout')) except ldap.LDAPError: pass else: if not user.active: redirect(url('/logout')) msg = _('Login successful, Welcome back %(username)s !' % dict(username=userid)) user.last_login = now() Session.add(user) Session.commit() if user.is_peleb: for domain in user.domains: if check_language(domain.language): session['lang'] = domain.language session.save() break session['taskids'] = [] session.save() info = ACCOUNTLOGIN_MSG % dict(u=user.username) audit_log(user.username, 6, unicode(info), request.host, request.remote_addr, now()) flash(msg) redirect(url(came_from))
def importaccounts(domid, filename, skipfirst, userid): "import accounts" logger = importaccounts.get_logger() results = dict(rows=[], global_error=[]) keys = tuple(ACCOUNTFIELDS + ADDRESSFIELDS) try: with open(filename, 'rU') as handle: dialect = csv.Sniffer().sniff(handle.read(1024)) handle.seek(0) rows = csv.DictReader(handle, fieldnames=keys, dialect=dialect) query = Session.query(Domain).filter(Domain.id == domid) domain = query.one() requester = Session.query(User).get(userid) logger.info("Importing accounts from file: %s for: %s" % (filename, domain.name)) try: count = 1 for row in rows: if skipfirst and (count == 1): count += 1 continue result = dict(id=None, username=row['username'], imported=False, error=None) try: session_dict = {} dummy = AddUserForm(dict2mdict({}), csrf_context=session_dict) fields = getkeys(row) post_data = dict2mdict(fields) post_data.add('password2', row['password1']) post_data.add('domains', domid) post_data.add('csrf_token', dummy.csrf_token.current_token) form = AddUserForm(post_data, csrf_context=session_dict) form.domains.query = query if form.validate(): #db insert if domain.name != form.email.data.split('@')[1]: raise TypeError( 'Cannot import: %s into domain: %s' % (form.email.data, domain.name) ) user = User(form.username.data, form.email.data) for attr in ['firstname', 'lastname', 'email', 'active', 'account_type', 'send_report', 'spam_checks', 'low_score', 'high_score']: setattr(user, attr, getattr(form, attr).data) user.local = True user.set_password(form.password1.data) if user.is_peleb: user.domains = [domain] Session.add(user) Session.commit() result['id'] = user.id result['imported'] = True logger.info("Imported account: %s" % row['username']) #address add add_address(row, user, requester) else: logger.info("Import failed account: %s" % row['username']) if isinstance(form.errors, dict): errors = [] for field in form.errors: errors.append('%s: %s' % (field, form.errors[field][0])) result['error'] = ', '.join(errors) else: result['error'] = form.errors except TypeError, err: logger.info("Import failed account: %s" % row['username']) result['error'] = str(err) except IntegrityError, err: Session.rollback() logger.info("Import failed account: %s" % row['username']) result['error'] = 'Account already exists' finally: count += 1 results['rows'].append(result)
def loggedin(self): "Landing page" came_from = (unquote(str(request.params.get('came_from', ''))) or url('/')) if not self.identity: login_counter = request.environ['repoze.who.logins'] + 1 redirect( url('/accounts/login', came_from=came_from, __logins=login_counter)) userid = self.identity['repoze.who.userid'] user = self.identity['user'] if user is None: try: user = User(username=userid, email=userid) user.active = True local_part, domain = userid.split('@') domains = Session.query(Domain)\ .filter(Domain.name == domain)\ .all() user.domains = domains user.timezone = domains[0].timezone Session.add(user) Session.commit() msg = _('First time Login from external auth,' ' your local account was created') addresses = [] if ('tokens' in self.identity and 'ldap' in self.identity['tokens']): lsettings = Session.query(AuthServer.address, AuthServer.port, LDAPSettings.binddn, LDAPSettings.bindpw, LDAPSettings.usetls)\ .join(Domain)\ .filter(AuthServer.enabled == True)\ .filter(Domain.name == domain)\ .all() lsettings = lsettings[0] lurl = make_ldap_uri(lsettings.address, lsettings.port) base_dn = get_user_dn(self.identity['tokens'][1]) attributes = [ 'sn', 'givenName', 'proxyAddresses', 'mail', 'memberOf' ] ldapattributes = LDAPAttributes(lurl, base_dn, attributes=attributes, bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls) ldapattributes() attrmap = { 'sn': 'lastname', 'givenName': 'firstname', 'mail': 'email', } update_attrs = False doms = [domains[0].name] doms.extend([alias.name for alias in domains[0].aliases]) for attr in attrmap: if (attr == 'mail' and attr in ldapattributes and ldapattributes[attr][0] == user.email): # Dont update if user.email = directory.email continue if (attr == 'mail' and attr in ldapattributes and '@' in ldapattributes[attr][0]): # Update if email is hosted by us if ldapattributes[attr][0].split('@')[1] in doms: setattr(user, attrmap[attr], ldapattributes[attr][0]) update_attrs = True continue if attr in ldapattributes: setattr(user, attrmap[attr], ldapattributes[attr][0]) update_attrs = True if update_attrs: Session.add(user) Session.commit() # accounts aliases if 'proxyAddresses' in ldapattributes: for mailaddr in ldapattributes['proxyAddresses']: try: if mailaddr.startswith('SMTP:'): continue if (mailaddr.startswith('smtp:') and mailaddr.strip('smtp:').lsplit('@')[1] in doms): # Only add domain if we host it address = Address( PROXY_ADDR_RE.sub('', mailaddr)) address.user = user addresses.append(address) except IndexError: pass # accounts groups if 'memberOf' in ldapattributes: for group_dn in ldapattributes['memberOf']: groupattributes = LDAPAttributes( lurl, group_dn, attributes=['proxyAddresses'], bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls) groupattributes() for mailaddr in groupattributes['proxyAddresses']: try: mailaddr = mailaddr.lower() if (mailaddr.startswith('smtp:') and mailaddr.lstrip('smtp:').split( '@')[1] in doms): address = Address( PROXY_ADDR_RE.sub('', mailaddr)) address.user = user addresses.append(address) except IndexError: pass else: for alias in domains[0].aliases: address = Address('%s@%s' % (local_part, alias.name)) address.user = user addresses.append(address) for unsaved in addresses: try: Session.add(unsaved) Session.commit() except IntegrityError: Session.rollback() except IntegrityError: Session.rollback() redirect(url('/logout')) else: msg = _('Login successful, Welcome back %(username)s !' % dict(username=userid)) user.last_login = now() Session.add(user) Session.commit() if user.is_peleb: for domain in user.domains: if check_language(domain.language): session['lang'] = domain.language session.save() break session['taskids'] = [] session.save() info = ACCOUNTLOGIN_MSG % dict(u=user.username) audit_log(user.username, 6, info, request.host, request.remote_addr, now()) flash(msg) redirect(url(came_from))
def importaccounts(domid, filename, skipfirst, userid): "import accounts" logger = importaccounts.get_logger() results = dict(rows=[], global_error=[]) keys = tuple(ACCOUNTFIELDS + ADDRESSFIELDS) try: with open(filename, 'rU') as handle: dialect = csv.Sniffer().sniff(handle.read(1024)) handle.seek(0) rows = csv.DictReader(handle, fieldnames=keys, dialect=dialect) query = Session.query(Domain).filter(Domain.id == domid) domain = query.one() requester = Session.query(User).get(userid) logger.info("Importing accounts from file: %s for: %s" % (filename, domain.name)) try: count = 1 for row in rows: if skipfirst and (count == 1): count += 1 continue result = dict(id=None, username=row['username'], imported=False, error=None) try: session_dict = {} dummy = AddUserForm(dict2mdict({}), csrf_context=session_dict) fields = getkeys(row) post_data = dict2mdict(fields) post_data.add('password2', row['password1']) post_data.add('domains', domid) post_data.add('csrf_token', dummy.csrf_token.current_token) form = AddUserForm(post_data, csrf_context=session_dict) form.domains.query = query if form.validate(): #db insert if domain.name != form.email.data.split('@')[1]: raise TypeError( 'Cannot import: %s into domain: %s' % (form.email.data, domain.name)) user = User(form.username.data, form.email.data) for attr in [ 'firstname', 'lastname', 'email', 'active', 'account_type', 'send_report', 'spam_checks', 'low_score', 'high_score' ]: setattr(user, attr, getattr(form, attr).data) user.local = True user.set_password(form.password1.data) if user.is_peleb: user.domains = [domain] Session.add(user) Session.commit() result['id'] = user.id result['imported'] = True logger.info("Imported account: %s" % row['username']) #address add add_address(row, user, requester) else: logger.info("Import failed account: %s" % row['username']) if isinstance(form.errors, dict): errors = [] for field in form.errors: errors.append( '%s: %s' % (field, form.errors[field][0])) result['error'] = ', '.join(errors) else: result['error'] = form.errors except TypeError, err: logger.info("Import failed account: %s" % row['username']) result['error'] = str(err) except IntegrityError, err: Session.rollback() logger.info("Import failed account: %s" % row['username']) result['error'] = 'Account already exists' finally: count += 1 results['rows'].append(result)