def GET(self, profile_type, mail): i = web.input() self.mail = str(mail).lower() self.cur_domain = self.mail.split('@', 1)[-1] self.profile_type = str(profile_type) if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain): # Catchall account. raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain) if not iredutils.is_email(self.mail): raise web.seeother('/domains?msg=INVALID_USER') if not iredutils.is_domain(self.cur_domain): raise web.seeother('/domains?msg=INVALID_DOMAIN_NAME') userLib = userlib.User() qr = userLib.profile(domain=self.cur_domain, mail=self.mail) if qr[0] is True: self.profile = qr[1] else: raise web.seeother('/users/%s?msg=%s' % (self.cur_domain, web.urlquote(qr[1]))) return web.render( 'pgsql/user/profile.html', cur_domain=self.cur_domain, mail=self.mail, profile_type=self.profile_type, profile=self.profile, languagemaps=get_language_maps(), msg=i.get('msg'), )
def GET(self): i = web.input() return web.render('ldap/admin/create.html', languagemaps=languages.get_language_maps(), default_language=settings.default_language, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, msg=i.get('msg'))
def GET(self, profile_type, mail): self.mail = web.safestr(mail) self.profile_type = web.safestr(profile_type) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username')) # Get admin profile. adminLib = admin.Admin() result = adminLib.profile(self.mail) if result[0] is not True: raise web.seeother('/admins?msg=' + result[1]) else: self.admin_profile = result[1] i = web.input() if self.profile_type == 'general': # Get available languages. if result[0] is True: ################### # Managed domains # # Check permission. #if session.get('domainGlobalAdmin') is not True: # raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % self.mail) # Get all domains. domainLib = domainlib.Domain() resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ]) if resultOfAllDomains[0] is True: self.allDomains = resultOfAllDomains[1] else: return resultOfAllDomains return web.render( 'ldap/admin/profile.html', mail=self.mail, profile_type=self.profile_type, profile=self.admin_profile, languagemaps=languages.get_language_maps(), allDomains=self.allDomains, msg=i.get('msg', None), ) else: raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1])) elif self.profile_type == 'password': return web.render('ldap/admin/profile.html', mail=self.mail, profile_type=self.profile_type, profile=self.admin_profile, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, msg=i.get('msg', None), )
def GET(self): i = web.input() return web.render('ldap/admin/create.html', languagemaps=languages.get_language_maps(), default_language=settings.default_language, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, msg=i.get('msg'), )
def GET(self): if session.get('logged') is False: i = web.input(_unicode=False) # Show login page. return web.render('login.html', languagemaps=languages.get_language_maps(), webmaster=session.get('webmaster'), msg=i.get('msg')) else: raise web.seeother('/dashboard')
def GET(self, profile_type, mail): self.mail = web.safestr(mail) self.profile_type = web.safestr(profile_type) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username')) # Get admin profile. adminLib = admin.Admin() result = adminLib.profile(self.mail) if result[0] is not True: raise web.seeother('/admins?msg=' + result[1]) else: self.admin_profile = result[1] i = web.input() if self.profile_type == 'general': # Get available languages. if result[0] is True: ################### # Managed domains # # Get all domains. domainLib = domainlib.Domain() resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ]) if resultOfAllDomains[0] is True: self.allDomains = resultOfAllDomains[1] else: return resultOfAllDomains return web.render( 'ldap/admin/profile.html', mail=self.mail, profile_type=self.profile_type, profile=self.admin_profile, languagemaps=languages.get_language_maps(), allDomains=self.allDomains, msg=i.get('msg', None), ) else: raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1])) elif self.profile_type == 'password': return web.render('ldap/admin/profile.html', mail=self.mail, profile_type=self.profile_type, profile=self.admin_profile, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, msg=i.get('msg', None))
def GET(self, profile_type, mail): i = web.input( enabledService=[], telephoneNumber=[], ) self.mail = web.safestr(mail) self.cur_domain = self.mail.split('@', 1)[-1] self.profile_type = web.safestr(profile_type) if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain): # Catchall account. raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain) if not iredutils.is_email(self.mail): raise web.seeother('/domains?msg=INVALID_USER') domainAccountSetting = {} userLib = user.User() result = userLib.profile(domain=self.cur_domain, mail=self.mail) if result[0] is False: raise web.seeother('/users/%s?msg=%s' % (self.cur_domain, web.urlquote(result[1]))) if self.profile_type == 'password': # Get accountSetting of current domain. domainLib = domainlib.Domain() result_setting = domainLib.getDomainAccountSetting( domain=self.cur_domain) if result_setting[0] is True: domainAccountSetting = result_setting[1] minPasswordLength = domainAccountSetting.get('minPasswordLength', '0') maxPasswordLength = domainAccountSetting.get('maxPasswordLength', '0') return web.render( 'ldap/user/profile.html', profile_type=self.profile_type, mail=self.mail, user_profile=result[1], defaultStorageBaseDirectory=settings.storage_base_directory, minPasswordLength=minPasswordLength, maxPasswordLength=maxPasswordLength, domainAccountSetting=domainAccountSetting, languagemaps=get_language_maps(), msg=i.get('msg', None), )
def POST(self): # Get username, password. i = web.input(_unicode=False) username = web.safestr(i.get('username').strip()).lower() password = str(i.get('password').strip()) save_pass = web.safestr(i.get('save_pass', 'no').strip()) auth = core.Auth() auth_result = auth.auth(username=username, password=password) if auth_result[0] is True: # Config session data. web.config.session_parameters['cookie_name'] = 'iRedAdmin' # Session expire when client ip was changed. web.config.session_parameters['ignore_change_ip'] = False # Don't ignore session expiration. web.config.session_parameters['ignore_expiry'] = False if save_pass == 'yes': # Session timeout (in seconds). web.config.session_parameters['timeout'] = 86400 # 24 hours else: # Expire session when browser closed. web.config.session_parameters['timeout'] = 600 # 10 minutes web.logger( msg="Login success", event='login', ) # Save selected language selected_language = str(i.get('lang', '')).strip() if selected_language != web.ctx.lang and \ selected_language in languages.get_language_maps(): session['lang'] = selected_language raise web.seeother('/dashboard/checknew') else: session['failed_times'] += 1 web.logger( msg="Login failed.", admin=username, event='login', loglevel='error', ) raise web.seeother('/login?msg=%s' % web.urlquote(auth_result[1]))
def GET(self, profile_type, mail): i = web.input() self.mail = web.safestr(mail) self.profile_type = web.safestr(profile_type) if not iredutils.is_email(self.mail): raise web.seeother('/admins?msg=INVALID_MAIL') if session.get('domainGlobalAdmin' ) is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. raise web.seeother( '/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username')) adminLib = adminlib.Admin() result = adminLib.profile(mail=self.mail) if result[0] is True: domainGlobalAdmin, profile = result[1], result[2] # Get all domains. self.allDomains = [] domainLib = domainlib.Domain() resultOfAllDomains = domainLib.getAllDomains() if resultOfAllDomains[0] is True: self.allDomains = resultOfAllDomains[1] # Get managed domains. self.managedDomains = [] return web.render( 'pgsql/admin/profile.html', mail=self.mail, profile_type=self.profile_type, domainGlobalAdmin=domainGlobalAdmin, profile=profile, languagemaps=languages.get_language_maps(), allDomains=self.allDomains, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, msg=i.get('msg'), ) else: raise web.seeother('/admins?msg=' + web.urlquote(result[1]))
def GET(self, profile_type, mail): i = web.input() self.mail = web.safestr(mail) self.profile_type = web.safestr(profile_type) if not iredutils.is_email(self.mail): raise web.seeother('/admins?msg=INVALID_MAIL') if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username')) adminLib = adminlib.Admin() result = adminLib.profile(mail=self.mail) if result[0] is True: domainGlobalAdmin, profile = result[1], result[2] # Get all domains. self.allDomains = [] domainLib = domainlib.Domain() resultOfAllDomains = domainLib.getAllDomains() if resultOfAllDomains[0] is True: self.allDomains = resultOfAllDomains[1] # Get managed domains. self.managedDomains = [] return web.render( 'pgsql/admin/profile.html', mail=self.mail, profile_type=self.profile_type, domainGlobalAdmin=domainGlobalAdmin, profile=profile, languagemaps=languages.get_language_maps(), allDomains=self.allDomains, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, msg=i.get('msg'), ) else: raise web.seeother('/admins?msg=' + web.urlquote(result[1]))
def GET(self, profile_type, mail): i = web.input(enabledService=[], telephoneNumber=[], ) self.mail = web.safestr(mail) self.cur_domain = self.mail.split('@', 1)[-1] self.profile_type = web.safestr(profile_type) if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain): # Catchall account. raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain) if not iredutils.is_email(self.mail): raise web.seeother('/domains?msg=INVALID_USER') domainAccountSetting = {} userLib = user.User() result = userLib.profile(domain=self.cur_domain, mail=self.mail) if result[0] is False: raise web.seeother('/users/%s?msg=%s' % (self.cur_domain, web.urlquote(result[1]))) if self.profile_type == 'password': # Get accountSetting of current domain. domainLib = domainlib.Domain() result_setting = domainLib.getDomainAccountSetting(domain=self.cur_domain) if result_setting[0] is True: domainAccountSetting = result_setting[1] minPasswordLength = domainAccountSetting.get('minPasswordLength', '0') maxPasswordLength = domainAccountSetting.get('maxPasswordLength', '0') return web.render( 'ldap/user/profile.html', profile_type=self.profile_type, mail=self.mail, user_profile=result[1], defaultStorageBaseDirectory=settings.storage_base_directory, minPasswordLength=minPasswordLength, maxPasswordLength=maxPasswordLength, domainAccountSetting=domainAccountSetting, languagemaps=get_language_maps(), msg=i.get('msg', None), )
def POST(self): # Get username, password. i = web.input(_unicode=False) username = web.safestr(i.get('username').strip()).lower() password = str(i.get('password').strip()) save_pass = web.safestr(i.get('save_pass', 'no').strip()) auth = core.Auth() auth_result = auth.auth(username=username, password=password) if auth_result[0] is True: # Config session data. web.config.session_parameters['cookie_name'] = 'iRedAdmin-Pro' # Session expire when client ip was changed. web.config.session_parameters['ignore_change_ip'] = False # Don't ignore session expiration. web.config.session_parameters['ignore_expiry'] = False if save_pass == 'yes': # Session timeout (in seconds). web.config.session_parameters['timeout'] = 86400 # 24 hours else: # Expire session when browser closed. web.config.session_parameters['timeout'] = 600 # 10 minutes web.logger(msg="Login success", event='login',) # Save selected language selected_language = str(i.get('lang', '')).strip() if selected_language != web.ctx.lang and \ selected_language in languages.get_language_maps(): session['lang'] = selected_language raise web.seeother('/dashboard/checknew') else: session['failed_times'] += 1 web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',) raise web.seeother('/login?msg=%s' % web.urlquote(auth_result[1]))
class Login: def GET(self): if session.get('logged') is False: i = web.input(_unicode=False) # Show login page. return web.render('login.html', languagemaps=languages.get_language_maps(), webmaster=session.get('webmaster'), msg=i.get('msg')) else: raise web.seeother('/dashboard') def POST(self): # Get username, password. i = web.input(_unicode=False) username = web.safestr(i.get('username', '').strip()).lower() password = i.get('password', '').strip() save_pass = web.safestr(i.get('save_pass', 'no').strip()) if not iredutils.is_email(username): raise web.seeother('/login?msg=INVALID_USERNAME') if not password: raise web.seeother('/login?msg=EMPTY_PASSWORD') # Get LDAP URI. uri = settings.ldap_uri # Verify bind_dn & bind_pw. try: # Detect STARTTLS support. if uri.startswith('ldaps://'): starttls = True else: starttls = False # Set necessary option for STARTTLS. if starttls: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) # Initialize connection. conn = ldap.initialize(uri) # Set LDAP protocol version: LDAP v3. conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) if starttls: conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND) # synchronous bind. conn.bind_s(settings.ldap_bind_dn, settings.ldap_bind_password) conn.unbind_s() except (ldap.INVALID_CREDENTIALS): raise web.seeother('/login?msg=vmailadmin_INVALID_CREDENTIALS') except Exception, e: raise web.seeother('/login?msg=%s' % web.safestr(e)) # Check whether it's a mail user dn_user = ldaputils.convert_keyword_to_dn(username, accountType='user') qr_user_auth = auth.Auth(uri=uri, dn=dn_user, password=password) qr_admin_auth = (False, 'INVALID_CREDENTIALS') if not qr_user_auth[0]: # Verify admin account under 'o=domainAdmins'. dn_admin = ldaputils.convert_keyword_to_dn(username, accountType='admin') qr_admin_auth = auth.Auth(uri=uri, dn=dn_admin, password=password) if not qr_admin_auth[0]: session['failed_times'] += 1 web.logger(msg="Login failed.", admin=username, event='login', loglevel='error') raise web.seeother('/login?msg=INVALID_CREDENTIALS') if qr_admin_auth[0] or qr_user_auth[0]: session['username'] = username session['logged'] = True # Read preferred language from LDAP if qr_admin_auth[0] is True: adminLib = adminlib.Admin() adminProfile = adminLib.profile(username, attributes=['preferredLanguage']) if adminProfile[0] is True: dn, entry = adminProfile[1][0] lang = entry.get('preferredLanguage', [settings.default_language])[0] session['lang'] = lang if qr_user_auth[0] is True: session['isMailUser'] = True web.config.session_parameters['cookie_name'] = 'iRedAdmin-Pro' # Session expire when client ip was changed. web.config.session_parameters['ignore_change_ip'] = False # Don't ignore session expiration. web.config.session_parameters['ignore_expiry'] = False if save_pass == 'yes': # Session timeout (in seconds). web.config.session_parameters['timeout'] = 86400 # 24 hours else: # Expire session when browser closed. web.config.session_parameters['timeout'] = 600 # 10 minutes web.logger(msg="Login success", event='login',) # Save selected language selected_language = str(i.get('lang', '')).strip() if selected_language != web.ctx.lang and \ selected_language in languages.get_language_maps(): session['lang'] = selected_language raise web.seeother('/dashboard/checknew') else: session['failed_times'] += 1 web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',) raise web.seeother('/login?msg=%s' % qr_admin_auth[1])
def get_language(form, input_name='preferredLanguage'): lang = get_single_value(form, input_name=input_name, to_string=True) if lang not in get_language_maps(): lang = '' return lang