def update_password(self, user_id, new_password, old_password):
        """Change the user password.

        Uses the admin bind or the user bind if the old password is provided.

        Args:
            user_id: user id
            new_password: new password
            old_password: old password of the user (optional)

        Returns:
            True if the change was successful, False otherwise
        """
        user_dn = self._userid2dn(user_id)
        if user_dn is None:
            raise BackendError('Unknown user "%s"' % user_id)

        password_hash = ssha(new_password)

        user = [(ldap.MOD_REPLACE, 'userPassword', [password_hash])]

        try:
            with self._conn(user_dn, old_password) as conn:
                try:
                    res, __ = conn.modify_s(user_dn, user)
                except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                    self.logger.debug('Could not update the password in ldap.')
                    raise BackendError(str(e))
        except ldap.INVALID_CREDENTIALS:
            return False

        self._purge_conn(user_dn, new_password)
        return res == ldap.RES_MODIFY
Ejemplo n.º 2
0
    def _create_user(self, auth, user_name, password, email):
        from services.auth.ldapsql import ssha, random, sha1
        user_name = str(user_name)
        user_id = auth._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {
            'cn': user_name,
            'sn': user_name,
            'uid': user_name,
            'uidNumber': str(user_id),
            'primaryNode': 'weave:',
            'rescueNode': 'weave:',
            'userPassword': password_hash,
            'account-enabled': 'Yes',
            'mail': email,
            'mail-verified': key,
            'objectClass': ['dataStore', 'inetOrgPerson']
        }

        user = user.items()
        dn = "uidNumber=%i,ou=users,dc=mozilla" % (user_id)

        with auth._conn(auth.admin_user, auth.admin_password) as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except ldap.TIMEOUT:
                raise BackendTimeoutError()

        return res == ldap.RES_ADD
Ejemplo n.º 3
0
    def create_user(self, user_name, password, email):
        """Creates a user. Returns True on success."""
        user_name = str(user_name)   # XXX only ASCII
        user_id = self._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {'cn': user_name,
                'sn': user_name,
                'uid': user_name,
                'uidNumber': str(user_id),
                'primaryNode': 'weave:',
                'userPassword': password_hash,
                'account-enabled': 'Yes',
                'mail': email,
                'mail-verified': key,
                'objectClass': ['dataStore', 'inetOrgPerson']}

        user = user.items()
        dn = "uidNumber=%i,%s" % (user_id, self.users_root)

        with self._conn(self.admin_user, self.admin_password) as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                logger.debug('Could not create the user.')
                raise BackendError(str(e))
Ejemplo n.º 4
0
    def update_password(self, user_id, new_password, old_password):
        """Change the user password.

        Uses the admin bind or the user bind if the old password is provided.

        Args:
            user_id: user id
            new_password: new password
            old_password: old password of the user (optional)

        Returns:
            True if the change was successful, False otherwise
        """
        user_dn = self._userid2dn(user_id)
        if user_dn is None:
            raise BackendError('Unknown user "%s"' % user_id)

        password_hash = ssha(new_password)

        user = [(ldap.MOD_REPLACE, 'userPassword', [password_hash])]

        try:
            with self._conn(user_dn, old_password) as conn:
                try:
                    res, __ = conn.modify_s(user_dn, user)
                except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                    self.logger.debug('Could not update the password in ldap.')
                    raise BackendError(str(e))
        except ldap.INVALID_CREDENTIALS:
            return False

        self._purge_conn(user_dn, new_password)
        return res == ldap.RES_MODIFY
    def create_user(self, user_name, password, email):
        """Creates a user. Returns True on success."""
        user_name = str(user_name)  # XXX only ASCII
        user_id = self._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {
            'cn': user_name,
            'sn': user_name,
            'uid': user_name,
            'uidNumber': str(user_id),
            'primaryNode': 'weave:',
            'userPassword': password_hash,
            'account-enabled': 'Yes',
            'mail': email,
            'mail-verified': key,
            'objectClass': ['dataStore', 'inetOrgPerson']
        }

        user = user.items()
        dn = "uidNumber=%i,%s" % (user_id, self.users_root)

        with self._conn(self.admin_user, self.admin_password) as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                logger.debug('Could not create the user.')
                raise BackendError(str(e))
Ejemplo n.º 6
0
    def _create_user(self, auth, user_name, password, email):
        from services.auth.ldapsql import ssha, random, sha1
        user_name = str(user_name)
        user_id = auth._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {'cn': user_name,
                'sn': user_name,
                'uid': user_name,
                'uidNumber': str(user_id),
                'primaryNode': 'weave:',
                'rescueNode': 'weave:',
                'userPassword': password_hash,
                'account-enabled': 'Yes',
                'mail': email,
                'mail-verified': key,
                'objectClass': ['dataStore', 'inetOrgPerson']}

        user = user.items()
        dn = "uidNumber=%i,ou=users,dc=mozilla" % (user_id)

        with auth._conn(auth.admin_user, auth.admin_password) as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except ldap.TIMEOUT:
                raise BackendTimeoutError()

        return res == ldap.RES_ADD
Ejemplo n.º 7
0
    def create_user(self, user_name, password, email):
        """Creates a user. Returns a user object on success."""
        if not self.allow_new_users:
            raise BackendError("Creation of new users is disabled")

        # no unicode
        user_name = user_name.encode('utf8')
        password = password.encode('utf8')
        email = email.encode('utf8')

        #First make sure the username isn't taken. There'll still be a race
        #condition, but it's pretty small
        test_user = User()
        test_user['username'] = user_name
        dn = self._get_dn(test_user)
        if dn is not None:
            return False

        user_id = self._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {
            'cn': user_name,
            'sn': user_name,
            'uid': user_name,
            'uidNumber': str(user_id),
            'userPassword': password_hash,
            'primaryNode': 'weave:',
            'accountStatus': '1',
            'account-enabled': 'Yes',
            'mail': email,
            'mail-verified': key,
            'objectClass': ['dataStore', 'inetOrgPerson']
        }

        dn = "uidNumber=%i,%s" % (user_id, self.users_root)

        #need a copy with some of the info for the return value
        userobj = User()
        userobj['username'] = user['uid']
        userobj['userid'] = user['uidNumber']
        userobj['mail'] = email
        userobj['dn'] = dn

        #need to turn the user hash into tuples
        user = user.items()

        with self._conn() as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                self.logger.debug('Could not create the user.')
                raise BackendError(str(e))
Ejemplo n.º 8
0
    def setUp(self):
        self.appdir, self.config, self.auth = initenv()
        # we don't support other storages for this test
        assert self.auth.sqluri.split(':/')[0] in ('mysql', 'sqlite')

        # lets add a user tarek/tarek
        password = ssha('tarek')
        query = text('insert into users (username, password_hash, status) '
                     'values (:username, :password, 1)')
        self.auth._engine.execute(query, username='******', password=password)
        self.user_id = self.auth._engine.execute('select id from users where'
                                            ' username="******"').fetchone().id
Ejemplo n.º 9
0
    def create_user(self, user_name, password, email):
        """Creates a user. Returns a user object on success."""
        if not self.allow_new_users:
            raise BackendError("Creation of new users is disabled")

        # no unicode
        user_name = user_name.encode('utf8')
        password = password.encode('utf8')
        email = email.encode('utf8')

        #First make sure the username isn't taken. There'll still be a race
        #condition, but it's pretty small
        test_user = User()
        test_user['username'] = user_name
        dn = self._get_dn(test_user)
        if dn is not None:
            return False

        user_id = self._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {'cn': user_name,
                'sn': user_name,
                'uid': user_name,
                'uidNumber': str(user_id),
                'userPassword': password_hash,
                'primaryNode': 'weave:',
                'accountStatus': '1',
                'account-enabled': 'Yes',
                'mail': email,
                'mail-verified': key,
                'objectClass': ['dataStore', 'inetOrgPerson']}

        dn = "uidNumber=%i,%s" % (user_id, self.users_root)

        #need a copy with some of the info for the return value
        userobj = User()
        userobj['username'] = user['uid']
        userobj['userid'] = user['uidNumber']
        userobj['mail'] = email
        userobj['dn'] = dn

        #need to turn the user hash into tuples
        user = user.items()

        with self._conn() as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                self.logger.debug('Could not create the user.')
                raise BackendError(str(e))
Ejemplo n.º 10
0
    def setUp(self):
        self.appdir, self.config, self.auth = initenv()
        # we don't support other storages for this test
        assert self.auth.sqluri.split(':/')[0] in ('mysql', 'sqlite')

        # lets add a user tarek/tarek
        password = ssha('tarek')
        query = text('insert into users (username, password_hash, status) '
                     'values (:username, :password, 1)')
        self.auth._engine.execute(query, username='******', password=password)
        self.user_id = self.auth._engine.execute('select id from users where'
                                            ' username="******"').fetchone().id
    def update_password(self,
                        user_id,
                        new_password,
                        old_password=None,
                        key=None):
        """Change the user password.

        Uses the admin bind or the user bind if the old password is provided.

        Args:
            user_id: user id
            new_password: new password
            old_password: old password of the user (optional)

        Returns:
            True if the change was successful, False otherwise
        """
        user_name = self._get_username(user_id)
        user_dn = self._get_dn(user_name)

        if old_password is None:
            if key:
                #using a key, therefore we should check it
                if self.verify_reset_code(user_id, key):
                    self.clear_reset_code(user_id)
                else:
                    logger.error("bad key used for update password")
                    return False
            # we will use admin auth
            dn = self.admin_user
            ldap_password = self.admin_password
        else:
            # user auth
            dn = user_dn
            ldap_password = old_password
            # we need a password

        password_hash = ssha(new_password)
        user = [(ldap.MOD_REPLACE, 'userPassword', [password_hash])]

        try:
            with self._conn(dn, ldap_password) as conn:
                try:
                    res, __ = conn.modify_s(user_dn, user)
                except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                    logger.debug('Could not update the password in ldap.')
                    raise BackendError(str(e))
        except ldap.INVALID_CREDENTIALS:
            return False

        self._purge_conn(user_dn, new_password)
        return res == ldap.RES_MODIFY
Ejemplo n.º 12
0
    def admin_update_password(self, user, new_password, code=None):
        """
        Change the user password. Does this as admin. This assumes that a reset
        code or something similar has already been verified by the application.

        Args:
            user: user object
            new_password: new password

        Returns:
            True if the change was successful, False otherwise
        """
        password_hash = ssha(new_password.encode('utf8'))
        return self._modify_record(user, 'userPassword', password_hash)
Ejemplo n.º 13
0
    def admin_update_password(self, user, new_password, code=None):
        """
        Change the user password. Does this as admin. This assumes that a reset
        code or something similar has already been verified by the application.

        Args:
            user: user object
            new_password: new password

        Returns:
            True if the change was successful, False otherwise
        """
        password_hash = ssha(new_password.encode('utf8'))
        return self._modify_record(user, 'userPassword', password_hash)
Ejemplo n.º 14
0
    def update_password(self, user_id, new_password,
                        old_password=None, key=None):
        """Change the user password.

        Uses the admin bind or the user bind if the old password is provided.

        Args:
            user_id: user id
            new_password: new password
            old_password: old password of the user (optional)

        Returns:
            True if the change was successful, False otherwise
        """
        user_name = self._get_username(user_id)
        user_dn = self._get_dn(user_name)

        if old_password is None:
            if key:
                #using a key, therefore we should check it
                if self.verify_reset_code(user_id, key):
                    self.clear_reset_code(user_id)
                else:
                    logger.error("bad key used for update password")
                    return False
            # we will use admin auth
            dn = self.admin_user
            ldap_password = self.admin_password
        else:
            # user auth
            dn = user_dn
            ldap_password = old_password
            # we need a password

        password_hash = ssha(new_password)
        user = [(ldap.MOD_REPLACE, 'userPassword', [password_hash])]

        try:
            with self._conn(dn, ldap_password) as conn:
                try:
                    res, __ = conn.modify_s(user_dn, user)
                except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                    logger.debug('Could not update the password in ldap.')
                    raise BackendError(str(e))
        except ldap.INVALID_CREDENTIALS:
            return False

        self._purge_conn(user_dn, new_password)
        return res == ldap.RES_MODIFY
Ejemplo n.º 15
0
    def admin_update_password(self, user_id, new_password, key):
        """Change the user password.

        Uses the admin bind or the user bind if the old password is provided.

        Args:
            user_id: user id
            new_password: new password
            key: password reset key

        Returns:
            True if the change was successful, False otherwise
        """
        user_dn = self._userid2dn(user_id)
        if user_dn is None:
            raise BackendError('Unknown user "%s"' % user_id)

        # using a key, therefore we should check it
        if self.verify_reset_code(user_id, key):
            self.clear_reset_code(user_id)
        else:
            self.logger.error("bad key used for update password")
            return False

        password_hash = ssha(new_password)
        user = [(ldap.MOD_REPLACE, 'userPassword', [password_hash])]

        try:
            with self._conn(self.admin_user, self.admin_password) as conn:
                try:
                    res, __ = conn.modify_s(user_dn, user)
                except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                    self.logger.debug('Could not update the password in ldap.')
                    raise BackendError(str(e))
        except ldap.INVALID_CREDENTIALS:
            return False

        self._purge_conn(user_dn, new_password)
        return res == ldap.RES_MODIFY
    def admin_update_password(self, user_id, new_password, key):
        """Change the user password.

        Uses the admin bind or the user bind if the old password is provided.

        Args:
            user_id: user id
            new_password: new password
            key: password reset key

        Returns:
            True if the change was successful, False otherwise
        """
        user_dn = self._userid2dn(user_id)
        if user_dn is None:
            raise BackendError('Unknown user "%s"' % user_id)

        # using a key, therefore we should check it
        if self.verify_reset_code(user_id, key):
            self.clear_reset_code(user_id)
        else:
            self.logger.error("bad key used for update password")
            return False

        password_hash = ssha(new_password)
        user = [(ldap.MOD_REPLACE, 'userPassword', [password_hash])]

        try:
            with self._conn(self.admin_user, self.admin_password) as conn:
                try:
                    res, __ = conn.modify_s(user_dn, user)
                except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                    self.logger.debug('Could not update the password in ldap.')
                    raise BackendError(str(e))
        except ldap.INVALID_CREDENTIALS:
            return False

        self._purge_conn(user_dn, new_password)
        return res == ldap.RES_MODIFY
Ejemplo n.º 17
0
    def update_password(self, user, credentials, new_password):
        """
        Change the user password. Uses the user bind.

        Args:
            user: user object
            credentials: a dict with the user's auth credentials
            new_password: new password of the user

        Returns:
            True if the change was successful, False otherwise
        """
        if not credentials:
            return False
        old_password = credentials.get("password")
        if not old_password:
            return False

        dn = self._get_dn(user)
        password_hash = ssha(new_password.encode('utf8'))
        if not self._modify_record(user, 'userPassword', password_hash, dn,
                                   old_password):
            return False
        return True
Ejemplo n.º 18
0
    def update_password(self, user, credentials, new_password):
        """
        Change the user password. Uses the user bind.

        Args:
            user: user object
            credentials: a dict with the user's auth credentials
            new_password: new password of the user

        Returns:
            True if the change was successful, False otherwise
        """
        if not credentials:
            return False
        old_password = credentials.get("password")
        if not old_password:
            return False

        dn = self._get_dn(user)
        password_hash = ssha(new_password.encode('utf8'))
        if not self._modify_record(user, 'userPassword', password_hash,
                                   dn, old_password):
            return False
        return True
Ejemplo n.º 19
0
    from services.auth.ldapconnection import StateConnector
    from services.auth.ldapsql import LDAPAuth
    LDAP = True
except ImportError:
    LDAP = False

from services.util import validate_password, ssha


if LDAP:
    # memory ldap connector for the tests
    users = {
            'uidNumber=1,ou=users,dc=mozilla':

            {'uidNumber': ['1'],
                'userPassword': [ssha('bind')],
                'uid': ['testuser'],
                'account-enabled': ['Yes'],
                'mail': ['*****@*****.**'],
                'cn': ['tarek'],
                'primaryNode': ['weave:'],
                'rescueNode': ['weave:'],
                },

            'uid=adminuser,ou=users,dc=mozilla':

            {'uidNumber': ['-1'],
                'userPassword': [ssha('admin')],
                'uid': ['adminuser'],
                'account-enabled': ['Yes'],
                'mail': ['*****@*****.**'],
 def test_validate_password(self):
     one = ssha('one')
     two = ssha256('two')
     self.assertTrue(validate_password('one', one))
     self.assertTrue(validate_password('two', two))
Ejemplo n.º 21
0
    elif _CPT == 1:
        r = Response()
        r.status = '400 Bad Request'
        r.body = str(ERROR_INVALID_RESET_CODE)

    _CPT += 1
    return r


# returns a body that has all the responses we need
def bad_reset_code_resp():
    return Response("")


_USER = {'uidNumber': ['1234'],
         'userPassword': [ssha('tarek')],
         'uid': ['tarek'],
         'account-enabled': ['Yes'],
         'mail': ['*****@*****.**'],
         'cn': ['tarek'],
         'primaryNode': ['weave:'],
         'rescueNode': ['weave:']}


class TestMozillaSRegAuth(unittest.TestCase):

    def setUp(self):
        global _CPT
        _CPT = 0
        if DO_TESTS:
            install_opener()
Ejemplo n.º 22
0
try:
    import ldap
    from services.auth.ldapconnection import StateConnector
    from services.auth.ldapsql import LDAPAuth
    LDAP = True
except ImportError:
    LDAP = False

from services.util import validate_password, ssha

if LDAP:
    # memory ldap connector for the tests
    users = {
        'uidNumber=1,ou=users,dc=mozilla': {
            'uidNumber': ['1'],
            'userPassword': [ssha('bind')],
            'uid': ['testuser'],
            'account-enabled': ['Yes'],
            'mail': ['*****@*****.**'],
            'cn': ['tarek'],
            'primaryNode': ['weave:'],
            'rescueNode': ['weave:'],
        },
        'uid=adminuser,ou=users,dc=mozilla': {
            'uidNumber': ['-1'],
            'userPassword': [ssha('admin')],
            'uid': ['adminuser'],
            'account-enabled': ['Yes'],
            'mail': ['*****@*****.**'],
            'cn': ['tarek'],
            'primaryNode': ['weave:'],
Ejemplo n.º 23
0
        r = Response()
        r.status = '400 Bad Request'
        r.body = str(WEAVE_INVALID_RESET_CODE)

    _CPT += 1
    return r


# returns a body that has all the responses we need
def bad_reset_code_resp():
    return Response("")


_USER = {
    'uidNumber': ['1234'],
    'userPassword': [ssha('tarek')],
    'uid': ['tarek'],
    'account-enabled': ['Yes'],
    'mail': ['*****@*****.**'],
    'cn': ['tarek'],
    'primaryNode': ['weave:'],
    'rescueNode': ['weave:']
}


class TestMozillaSRegAuth(unittest.TestCase):
    def setUp(self):
        global _CPT
        _CPT = 0

    def test_mozilla_auth(self):