def add(self):
"""/accounts/new"""
c.form = AddUserForm(request.POST, csrf_context=session)
if c.user.is_domain_admin:
account_types = (('3', 'User'), )
c.form.account_type.choices = account_types
c.form.domains.query = Session.query(Domain).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
else:
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
try:
user = User(username=c.form.username.data,
email=c.form.email.data)
for attr in [
'firstname', 'lastname', 'email', 'active',
'account_type', 'send_report', 'spam_checks',
'low_score', 'high_score', 'timezone'
]:
setattr(user, attr, getattr(c.form, attr).data)
user.local = True
user.set_password(c.form.password1.data)
if int(user.account_type) == 3:
user.domains = c.form.domains.data
Session.add(user)
Session.commit()
update_serial.delay()
info = ADDACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(
_('The account: %(user)s was created successfully') %
{'user': c.form.username.data})
redirect(url('account-detail', userid=user.id))
except IntegrityError:
Session.rollback()
flash_alert(
_('Either the username or email address already exist'))
return render('/accounts/new.html')
def add(self):
"""/accounts/new"""
c.form = AddUserForm(request.POST, csrf_context=session)
if c.user.is_domain_admin:
account_types = (('3', 'User'),)
c.form.account_type.choices = account_types
c.form.domains.query = Session.query(Domain).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
else:
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
try:
user = User(username=c.form.username.data,
email=c.form.email.data)
for attr in ['firstname', 'lastname', 'email', 'active',
'account_type', 'send_report', 'spam_checks',
'low_score', 'high_score', 'timezone']:
setattr(user, attr, getattr(c.form, attr).data)
user.local = True
user.set_password(c.form.password1.data)
if int(user.account_type) == 3:
user.domains = c.form.domains.data
Session.add(user)
Session.commit()
update_serial.delay()
info = ADDACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr, now())
flash(_('The account: %(user)s was created successfully') %
{'user': c.form.username.data})
redirect(url('account-detail', userid=user.id))
except IntegrityError:
Session.rollback()
flash_alert(
_('Either the username or email address already exist'))
return render('/accounts/new.html')
def loggedin(self):
"Landing page"
came_from = (unquote(str(request.params.get('came_from', ''))) or
url('/'))
if not self.identity:
login_counter = request.environ['repoze.who.logins'] + 1
redirect(url('/accounts/login',
came_from=came_from,
__logins=login_counter))
userid = self.identity['repoze.who.userid']
user = self.identity['user']
if user is None:
try:
user = User(username=userid, email=userid)
user.active = True
local_part, domain = userid.split('@')
domains = Session.query(Domain)\
.filter(Domain.name == domain)\
.all()
user.domains = domains
user.timezone = domains[0].timezone
Session.add(user)
Session.commit()
msg = _('First time Login from external auth,'
' your local account was created')
addresses = []
if ('tokens' in self.identity and
'ldap' in self.identity['tokens']):
lsettings = Session.query(AuthServer.address,
AuthServer.port, LDAPSettings.binddn,
LDAPSettings.bindpw,
LDAPSettings.usetls)\
.join(LDAPSettings)\
.join(Domain)\
.filter(AuthServer.enabled == True)\
.filter(Domain.name == domain)\
.all()
lsettings = lsettings[0]
lurl = make_ldap_uri(lsettings.address, lsettings.port)
base_dn = get_user_dn(self.identity['tokens'][1])
attributes = ['sn', 'givenName', 'proxyAddresses', 'mail',
'memberOf']
ldapattributes = LDAPAttributes(
lurl,
base_dn,
attributes=attributes,
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls
)
ldapattributes()
attrmap = {
'sn': 'lastname',
'givenName': 'firstname',
'mail': 'email',
}
update_attrs = False
doms = [domains[0].name]
doms.extend([alias.name for alias in domains[0].aliases])
for attr in attrmap:
if attr == 'mail':
for mailattr in ldapattributes[attr]:
mailattr = mailattr.lower()
if (mailattr != user.email and
'@' in mailattr and
mailattr.split('@')[1] in doms):
address = Address(mailattr)
address.user = user
addresses.append(address)
continue
if attr in ldapattributes:
setattr(user,
attrmap[attr],
ldapattributes[attr][0])
update_attrs = True
if update_attrs:
Session.add(user)
Session.commit()
# accounts aliases
if 'proxyAddresses' in ldapattributes:
for mailaddr in ldapattributes['proxyAddresses']:
try:
if mailaddr.startswith('SMTP:'):
continue
clean_addr = PROXY_ADDR_RE.sub('', mailaddr)
clean_addr = clean_addr.lower()
if (mailaddr.startswith('smtp:') and
clean_addr.split('@')[1] in doms):
# Only add domain if we host it
address = Address(clean_addr)
address.user = user
addresses.append(address)
except IndexError:
pass
# accounts groups
if 'memberOf' in ldapattributes:
for group_dn in ldapattributes['memberOf']:
groupattributes = LDAPAttributes(
lurl,
group_dn,
attributes=['proxyAddresses'],
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls
)
groupattributes()
if 'proxyAddresses' not in groupattributes:
continue
for mailaddr in groupattributes['proxyAddresses']:
try:
mailaddr = mailaddr.lower()
clean_addr = PROXY_ADDR_RE.sub('', mailaddr)
if (mailaddr.startswith('smtp:') and
clean_addr.split('@')[1] in doms):
address = Address(clean_addr)
address.user = user
addresses.append(address)
except IndexError:
pass
else:
for alias in domains[0].aliases:
address = Address('%s@%s' % (local_part, alias.name))
address.user = user
addresses.append(address)
for unsaved in addresses:
try:
Session.add(unsaved)
Session.commit()
except IntegrityError:
Session.rollback()
except IntegrityError:
Session.rollback()
redirect(url('/logout'))
except ldap.LDAPError:
pass
else:
if not user.active:
redirect(url('/logout'))
msg = _('Login successful, Welcome back %(username)s !' %
dict(username=userid))
user.last_login = now()
Session.add(user)
Session.commit()
if user.is_peleb:
for domain in user.domains:
if check_language(domain.language):
session['lang'] = domain.language
session.save()
break
session['taskids'] = []
session.save()
info = ACCOUNTLOGIN_MSG % dict(u=user.username)
audit_log(user.username,
6, unicode(info), request.host,
request.remote_addr, now())
flash(msg)
redirect(url(came_from))
def importaccounts(domid, filename, skipfirst, userid):
"import accounts"
logger = importaccounts.get_logger()
results = dict(rows=[], global_error=[])
keys = tuple(ACCOUNTFIELDS + ADDRESSFIELDS)
try:
with open(filename, 'rU') as handle:
dialect = csv.Sniffer().sniff(handle.read(1024))
handle.seek(0)
rows = csv.DictReader(handle, fieldnames=keys, dialect=dialect)
query = Session.query(Domain).filter(Domain.id == domid)
domain = query.one()
requester = Session.query(User).get(userid)
logger.info("Importing accounts from file: %s for: %s" %
(filename, domain.name))
try:
count = 1
for row in rows:
if skipfirst and (count == 1):
count += 1
continue
result = dict(id=None,
username=row['username'],
imported=False,
error=None)
try:
session_dict = {}
dummy = AddUserForm(dict2mdict({}),
csrf_context=session_dict)
fields = getkeys(row)
post_data = dict2mdict(fields)
post_data.add('password2', row['password1'])
post_data.add('domains', domid)
post_data.add('csrf_token',
dummy.csrf_token.current_token)
form = AddUserForm(post_data,
csrf_context=session_dict)
form.domains.query = query
if form.validate():
#db insert
if domain.name != form.email.data.split('@')[1]:
raise TypeError(
'Cannot import: %s into domain: %s' %
(form.email.data, domain.name)
)
user = User(form.username.data, form.email.data)
for attr in ['firstname', 'lastname', 'email',
'active', 'account_type', 'send_report',
'spam_checks', 'low_score', 'high_score']:
setattr(user, attr, getattr(form, attr).data)
user.local = True
user.set_password(form.password1.data)
if user.is_peleb:
user.domains = [domain]
Session.add(user)
Session.commit()
result['id'] = user.id
result['imported'] = True
logger.info("Imported account: %s" %
row['username'])
#address add
add_address(row, user, requester)
else:
logger.info("Import failed account: %s" %
row['username'])
if isinstance(form.errors, dict):
errors = []
for field in form.errors:
errors.append('%s: %s' % (field,
form.errors[field][0]))
result['error'] = ', '.join(errors)
else:
result['error'] = form.errors
except TypeError, err:
logger.info("Import failed account: %s" %
row['username'])
result['error'] = str(err)
except IntegrityError, err:
Session.rollback()
logger.info("Import failed account: %s" %
row['username'])
result['error'] = 'Account already exists'
finally:
count += 1
results['rows'].append(result)
def loggedin(self):
"Landing page"
came_from = (unquote(str(request.params.get('came_from', '')))
or url('/'))
if not self.identity:
login_counter = request.environ['repoze.who.logins'] + 1
redirect(
url('/accounts/login',
came_from=came_from,
__logins=login_counter))
userid = self.identity['repoze.who.userid']
user = self.identity['user']
if user is None:
try:
user = User(username=userid, email=userid)
user.active = True
local_part, domain = userid.split('@')
domains = Session.query(Domain)\
.filter(Domain.name == domain)\
.all()
user.domains = domains
user.timezone = domains[0].timezone
Session.add(user)
Session.commit()
msg = _('First time Login from external auth,'
' your local account was created')
addresses = []
if ('tokens' in self.identity
and 'ldap' in self.identity['tokens']):
lsettings = Session.query(AuthServer.address,
AuthServer.port, LDAPSettings.binddn,
LDAPSettings.bindpw,
LDAPSettings.usetls)\
.join(Domain)\
.filter(AuthServer.enabled == True)\
.filter(Domain.name == domain)\
.all()
lsettings = lsettings[0]
lurl = make_ldap_uri(lsettings.address, lsettings.port)
base_dn = get_user_dn(self.identity['tokens'][1])
attributes = [
'sn', 'givenName', 'proxyAddresses', 'mail', 'memberOf'
]
ldapattributes = LDAPAttributes(lurl,
base_dn,
attributes=attributes,
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls)
ldapattributes()
attrmap = {
'sn': 'lastname',
'givenName': 'firstname',
'mail': 'email',
}
update_attrs = False
doms = [domains[0].name]
doms.extend([alias.name for alias in domains[0].aliases])
for attr in attrmap:
if (attr == 'mail' and attr in ldapattributes
and ldapattributes[attr][0] == user.email):
# Dont update if user.email = directory.email
continue
if (attr == 'mail' and attr in ldapattributes
and '@' in ldapattributes[attr][0]):
# Update if email is hosted by us
if ldapattributes[attr][0].split('@')[1] in doms:
setattr(user, attrmap[attr],
ldapattributes[attr][0])
update_attrs = True
continue
if attr in ldapattributes:
setattr(user, attrmap[attr],
ldapattributes[attr][0])
update_attrs = True
if update_attrs:
Session.add(user)
Session.commit()
# accounts aliases
if 'proxyAddresses' in ldapattributes:
for mailaddr in ldapattributes['proxyAddresses']:
try:
if mailaddr.startswith('SMTP:'):
continue
if (mailaddr.startswith('smtp:') and
mailaddr.strip('smtp:').lsplit('@')[1]
in doms):
# Only add domain if we host it
address = Address(
PROXY_ADDR_RE.sub('', mailaddr))
address.user = user
addresses.append(address)
except IndexError:
pass
# accounts groups
if 'memberOf' in ldapattributes:
for group_dn in ldapattributes['memberOf']:
groupattributes = LDAPAttributes(
lurl,
group_dn,
attributes=['proxyAddresses'],
bind_dn=lsettings.binddn,
bind_pass=lsettings.bindpw,
start_tls=lsettings.usetls)
groupattributes()
for mailaddr in groupattributes['proxyAddresses']:
try:
mailaddr = mailaddr.lower()
if (mailaddr.startswith('smtp:')
and mailaddr.lstrip('smtp:').split(
'@')[1] in doms):
address = Address(
PROXY_ADDR_RE.sub('', mailaddr))
address.user = user
addresses.append(address)
except IndexError:
pass
else:
for alias in domains[0].aliases:
address = Address('%s@%s' % (local_part, alias.name))
address.user = user
addresses.append(address)
for unsaved in addresses:
try:
Session.add(unsaved)
Session.commit()
except IntegrityError:
Session.rollback()
except IntegrityError:
Session.rollback()
redirect(url('/logout'))
else:
msg = _('Login successful, Welcome back %(username)s !' %
dict(username=userid))
user.last_login = now()
Session.add(user)
Session.commit()
if user.is_peleb:
for domain in user.domains:
if check_language(domain.language):
session['lang'] = domain.language
session.save()
break
session['taskids'] = []
session.save()
info = ACCOUNTLOGIN_MSG % dict(u=user.username)
audit_log(user.username, 6, info, request.host, request.remote_addr,
now())
flash(msg)
redirect(url(came_from))
def importaccounts(domid, filename, skipfirst, userid):
"import accounts"
logger = importaccounts.get_logger()
results = dict(rows=[], global_error=[])
keys = tuple(ACCOUNTFIELDS + ADDRESSFIELDS)
try:
with open(filename, 'rU') as handle:
dialect = csv.Sniffer().sniff(handle.read(1024))
handle.seek(0)
rows = csv.DictReader(handle, fieldnames=keys, dialect=dialect)
query = Session.query(Domain).filter(Domain.id == domid)
domain = query.one()
requester = Session.query(User).get(userid)
logger.info("Importing accounts from file: %s for: %s" %
(filename, domain.name))
try:
count = 1
for row in rows:
if skipfirst and (count == 1):
count += 1
continue
result = dict(id=None,
username=row['username'],
imported=False,
error=None)
try:
session_dict = {}
dummy = AddUserForm(dict2mdict({}),
csrf_context=session_dict)
fields = getkeys(row)
post_data = dict2mdict(fields)
post_data.add('password2', row['password1'])
post_data.add('domains', domid)
post_data.add('csrf_token',
dummy.csrf_token.current_token)
form = AddUserForm(post_data,
csrf_context=session_dict)
form.domains.query = query
if form.validate():
#db insert
if domain.name != form.email.data.split('@')[1]:
raise TypeError(
'Cannot import: %s into domain: %s' %
(form.email.data, domain.name))
user = User(form.username.data, form.email.data)
for attr in [
'firstname', 'lastname', 'email', 'active',
'account_type', 'send_report',
'spam_checks', 'low_score', 'high_score'
]:
setattr(user, attr, getattr(form, attr).data)
user.local = True
user.set_password(form.password1.data)
if user.is_peleb:
user.domains = [domain]
Session.add(user)
Session.commit()
result['id'] = user.id
result['imported'] = True
logger.info("Imported account: %s" %
row['username'])
#address add
add_address(row, user, requester)
else:
logger.info("Import failed account: %s" %
row['username'])
if isinstance(form.errors, dict):
errors = []
for field in form.errors:
errors.append(
'%s: %s' %
(field, form.errors[field][0]))
result['error'] = ', '.join(errors)
else:
result['error'] = form.errors
except TypeError, err:
logger.info("Import failed account: %s" %
row['username'])
result['error'] = str(err)
except IntegrityError, err:
Session.rollback()
logger.info("Import failed account: %s" %
row['username'])
result['error'] = 'Account already exists'
finally:
count += 1
results['rows'].append(result)
