def clean_ocf_account(self): data = self.cleaned_data["ocf_account"] data = utils.clean_user_account(data) if not utils.user_exists(data): raise forms.ValidationError("OCF user account does not exist.") ocf_accounts = utils.users_by_calnet_uid(self.calnet_uid) if self.calnet_uid in settings.TESTER_CALNET_UIDS: ocf_accounts.extend(settings.TEST_OCF_ACCOUNTS) if data not in ocf_accounts: raise forms.ValidationError("OCF user account and CalNet UID mismatch.") return data
def change_password(request): calnet_uid = request.session["calnet_uid"] # some old group accounts have CalNet UIDs associated with them accounts = users_by_calnet_uid(calnet_uid) backend_failures = dict() if calnet_uid in settings.TESTER_CALNET_UIDS: # these test accounts don't have to exist in AD or exist in LDAP accounts.extend(settings.TEST_OCF_ACCOUNTS) if request.method == "POST": form = ChpassForm(accounts, calnet_uid, request.POST) if form.is_valid(): account = form.cleaned_data["ocf_account"] password = form.cleaned_data["new_password"] syslog.openlog(str("webchpwd as %s (from %s) for %s" % \ (calnet_uid, request.META["REMOTE_ADDR"], account))) try: change_krb_password(account, password) krb_change_success = True syslog.syslog("Kerberos password change successful") except Exception as e: krb_change_success = False backend_failures["KRB"] = str(e) syslog.syslog("Kerberos password change failed: %s" % e) if krb_change_success: # deleting this session variable will force # the next change_password requet to # reauthenticate with CalNet del request.session["calnet_uid"] return render_to_response("successfully_changed_password.html", { "user_account": account }) else: form = ChpassForm(accounts, calnet_uid) return render_to_response("change_password.html", { "form": form, "backend_failures": backend_failures }, context_instance=RequestContext(request))
def request_account(request): calnet_uid = request.session["calnet_uid"] existing_accounts = users_by_calnet_uid(calnet_uid) real_name = name_by_calnet_uid(calnet_uid) if calnet_uid not in settings.TESTER_CALNET_UIDS and len(existing_accounts): return render_to_response("already_requested_account.html", { "calnet_uid": calnet_uid, "calnet_url": settings.LOGOUT_URL }) if request.method == "POST": form = ApproveForm(request.POST) if form.is_valid(): account_name = form.cleaned_data["ocf_login_name"] email_address = form.cleaned_data["contact_email"] forward_mail = form.cleaned_data["forward_email"] password = form.cleaned_data["password"] successfully_approved = False try: run_approve(real_name, calnet_uid, account_name, email_address, forward_mail, password) successfully_approved = True except Exception as e: form._errors[NON_FIELD_ERRORS] = form.error_class([str(e)]) if successfully_approved: return render_to_response("successfully_requested_account.html", {}) else: form = ApproveForm() return render_to_response("request_account.html", { "form": form, "real_name": real_name }, context_instance=RequestContext(request))