Example #1
0
    def save_model(self, account):
        super(Edit, self).update_model(account)
        self.set_country(account)
        self.append_groups(account)

        settings = self.request.registry.settings
        ldap = False
        if 'pyvac.use_ldap' in settings:
            ldap = asbool(settings.get('pyvac.use_ldap'))

        if ldap:
            # update in ldap
            r = self.request
            password = None
            if 'user.password' in r.params and r.params['user.password']:
                password = [hashPassword(r.params['user.password'])]

            unit = None
            if 'unit' in r.params and r.params['unit']:
                unit = r.params['unit']

            ldap = LdapCache()
            ldap.update_user(account, password=password, unit=unit)

        if self.user and not self.user.is_admin:
            self.redirect_route = 'list_request'
Example #2
0
    def save_model(self, account):
        super(Edit, self).update_model(account)
        self.set_country(account)
        self.append_groups(account)

        settings = self.request.registry.settings
        ldap = False
        if 'pyvac.use_ldap' in settings:
            ldap = asbool(settings.get('pyvac.use_ldap'))

        if ldap:
            # update in ldap
            r = self.request
            password = None
            if 'user.password' in r.params and r.params['user.password']:
                password = [hashPassword(r.params['user.password'])]

            unit = None
            if 'unit' in r.params and r.params['unit']:
                unit = r.params['unit']

            ldap = LdapCache()
            ldap.update_user(account, password=password, unit=unit)

            # update teams
            uteams = {}
            for team, members in ldap.list_teams().iteritems():
                for member in members:
                    uteams.setdefault(member, []).append(team)
            user_teams = uteams.get(account.dn, [])

            # add to new teams
            for team in r.params.getall('teams'):
                members = ldap.get_team_members(team)
                if account.dn not in members:
                    members.append(account.dn.encode('utf-8'))
                    ldap.update_team(team, members)

            # remove from old teams
            for team in user_teams:
                if team not in r.params.getall('teams'):
                    members = ldap.get_team_members(team)
                    if account.dn in members:
                        members.remove(account.dn)
                    ldap.update_team(team, members)

        if self.user and not self.user.is_admin:
            self.redirect_route = 'list_request'
Example #3
0
    def render(self):

        passhash = self.request.matchdict['passhash']
        entry = PasswordRecovery.by_hash(self.session, passhash)
        if not entry:
            return HTTPFound(location=route_url('login', self.request))

        if entry.expired:
            msg = 'This password recovery request have expired.'
            self.request.session.flash('error;%s' % msg)
            self.session.delete(entry)
        else:
            errors = []
            if 'form.submitted' in self.request.params:
                r = self.request
                settings = self.request.registry.settings
                ldap = False
                if 'pyvac.use_ldap' in settings:
                    ldap = asbool(settings.get('pyvac.use_ldap'))

                if not len(r.params['user.password']):
                    errors.append(_(u'password cannot be empty'))

                if r.params['user.password'] != r.params['confirm_password']:
                    errors.append(_(u'passwords do not match'))

                if errors:
                    self.request.session.flash('error;%s' % ','.join(errors))

                if not errors:
                    # change user password
                    if ldap:
                        # update in ldap
                        password = [hashPassword(r.params['user.password'])]
                        ldap = LdapCache()
                        ldap.update_user(entry.user, password=password)
                    else:
                        # update locally
                        entry.user.password = r.params['user.password']

                    msg = 'Password successfully changed'
                    self.request.session.flash('info;%s' % msg)
                    self.session.delete(entry)
                    return HTTPFound(location=route_url('login', self.request))

        return {'user': entry.user}
Example #4
0
    def render(self):

        passhash = self.request.matchdict['passhash']
        entry = PasswordRecovery.by_hash(self.session, passhash)
        if not entry:
            return HTTPFound(location=route_url('login', self.request))

        if entry.expired:
            msg = 'This password recovery request have expired.'
            self.request.session.flash('error;%s' % msg)
            self.session.delete(entry)
        else:
            errors = []
            if 'form.submitted' in self.request.params:
                r = self.request
                settings = self.request.registry.settings
                ldap = False
                if 'pyvac.use_ldap' in settings:
                    ldap = asbool(settings.get('pyvac.use_ldap'))

                if not len(r.params['user.password']):
                    errors.append(_(u'password cannot be empty'))

                if r.params['user.password'] != r.params['confirm_password']:
                    errors.append(_(u'passwords do not match'))

                if errors:
                    self.request.session.flash('error;%s' % ','.join(errors))

                if not errors:
                    # change user password
                    if ldap:
                        # update in ldap
                        password = [hashPassword(r.params['user.password'])]
                        ldap = LdapCache()
                        ldap.update_user(entry.user, password=password)
                    else:
                        # update locally
                        entry.user.password = r.params['user.password']

                    msg = 'Password successfully changed'
                    self.request.session.flash('info;%s' % msg)
                    self.session.delete(entry)
                    return HTTPFound(location=route_url('login', self.request))

        return {'user': entry.user}
Example #5
0
    def render(self):

        passhash = self.request.matchdict["passhash"]
        entry = PasswordRecovery.by_hash(self.session, passhash)
        if not entry:
            return HTTPFound(location=route_url("login", self.request))

        if entry.expired:
            msg = "This password recovery request have expired."
            self.request.session.flash("error;%s" % msg)
            self.session.delete(entry)
        else:
            errors = []
            if "form.submitted" in self.request.params:
                r = self.request
                settings = self.request.registry.settings
                ldap = False
                if "pyvac.use_ldap" in settings:
                    ldap = asbool(settings.get("pyvac.use_ldap"))

                if not len(r.params["user.password"]):
                    errors.append(_(u"password cannot be empty"))

                if r.params["user.password"] != r.params["confirm_password"]:
                    errors.append(_(u"passwords do not match"))

                if errors:
                    self.request.session.flash("error;%s" % ",".join(errors))

                if not errors:
                    # change user password
                    if ldap:
                        # update in ldap
                        password = [hashPassword(r.params["user.password"])]
                        ldap = LdapCache()
                        ldap.update_user(entry.user, password=password)
                    else:
                        # update locally
                        entry.user.password = r.params["user.password"]

                    msg = "Password successfully changed"
                    self.request.session.flash("info;%s" % msg)
                    self.session.delete(entry)
                    return HTTPFound(location=route_url("login", self.request))

        return {"user": entry.user}
Example #6
0
    def save_model(self, account):
        super(Edit, self).update_model(account)
        self.set_country(account)
        self.append_groups(account)

        if 'disable_rtt' in self.request.params:
            account.add_feature('disable_rtt', save=True)
        else:
            account.del_feature('disable_rtt', save=True)

        settings = self.request.registry.settings
        ldap = False
        if 'pyvac.use_ldap' in settings:
            ldap = asbool(settings.get('pyvac.use_ldap'))

        if ldap:
            # update in ldap
            r = self.request
            password = None
            if 'user.password' in r.params and r.params['user.password']:
                password = [hashPassword(r.params['user.password'])]

            unit = None
            if 'unit' in r.params and r.params['unit']:
                unit = r.params['unit']

            arrival_date = None
            if 'arrival_date' in r.params and r.params['arrival_date']:
                # cast to datetime
                arrival_date = datetime.strptime(r.params['arrival_date'],
                                                 '%d/%m/%Y')
            uid = None
            if 'user.uid' in r.params and r.params['user.uid']:
                uid = r.params['user.uid']

            if (r.params.get('remove_photo', 'no') == 'yes'):
                photo = ''
            else:
                try:
                    r.params['photofile'].file.seek(0)
                    photo = r.params['photofile'].file.read()
                except:
                    photo = None

            if photo:
                log.info('uploading photo size: %d' % len(photo))

            mobile = None
            if 'mobile' in r.params:
                mobile = r.params['mobile']

            ldap = LdapCache()
            ldap.update_user(account,
                             password=password,
                             unit=unit,
                             arrival_date=arrival_date,
                             uid=uid,
                             photo=photo,
                             mobile=mobile)

            # only for admins
            if self.user.is_admin:
                # update teams
                uteams = {}
                for team, members in ldap.list_teams().iteritems():
                    for member in members:
                        uteams.setdefault(member, []).append(team)
                user_teams = uteams.get(account.dn, [])

                # add to new teams
                for team in r.params.getall('teams'):
                    members = ldap.get_team_members(team)
                    if account.dn not in members:
                        members.append(account.dn.encode('utf-8'))
                        ldap.update_team(team, members)

                # remove from old teams
                for team in user_teams:
                    if team not in r.params.getall('teams'):
                        members = ldap.get_team_members(team)
                        if account.dn in members:
                            members.remove(account.dn)
                        ldap.update_team(team, members)

                # update role for user in LDAP
                old_role = account.role
                if 'ldap_role' in r.params:
                    new_role = r.params['ldap_role']
                    if old_role != new_role:
                        log.info('LDAP role changed: %s -> %s' %
                                 (old_role, new_role))
                        if new_role == 'manager':
                            ldap.add_manager(account.dn)
                        elif old_role == 'manager':
                            ldap.remove_manager(account.dn)
                        if new_role == 'admin':
                            ldap.add_admin(account.dn)
                        elif old_role == 'admin':
                            ldap.remove_admin(account.dn)

        if self.user and not self.user.is_admin:
            self.redirect_route = 'list_request'
Example #7
0
    def save_model(self, account):
        super(Edit, self).update_model(account)
        self.set_country(account)
        self.append_groups(account)

        if 'disable_rtt' in self.request.params:
            account.add_feature('disable_rtt', save=True)
        else:
            account.del_feature('disable_rtt', save=True)

        settings = self.request.registry.settings
        ldap = False
        if 'pyvac.use_ldap' in settings:
            ldap = asbool(settings.get('pyvac.use_ldap'))

        if ldap:
            # update in ldap
            r = self.request
            password = None
            if 'user.password' in r.params and r.params['user.password']:
                password = [hashPassword(r.params['user.password'])]

            unit = None
            if 'unit' in r.params and r.params['unit']:
                unit = r.params['unit']

            arrival_date = None
            if 'arrival_date' in r.params and r.params['arrival_date']:
                # cast to datetime
                arrival_date = datetime.strptime(r.params['arrival_date'],
                                                 '%d/%m/%Y')
            uid = None
            if 'user.uid' in r.params and r.params['user.uid']:
                uid = r.params['user.uid']

            if (r.params.get('remove_photo', 'no') == 'yes'):
                photo = ''
            else:
                try:
                    photo = r.POST['photofile'].file.read()
                except:
                    photo = None

            ldap = LdapCache()
            ldap.update_user(account,
                             password=password,
                             unit=unit,
                             arrival_date=arrival_date,
                             uid=uid,
                             photo=photo)

            # update teams
            uteams = {}
            for team, members in ldap.list_teams().iteritems():
                for member in members:
                    uteams.setdefault(member, []).append(team)
            user_teams = uteams.get(account.dn, [])

            # add to new teams
            for team in r.params.getall('teams'):
                members = ldap.get_team_members(team)
                if account.dn not in members:
                    members.append(account.dn.encode('utf-8'))
                    ldap.update_team(team, members)

            # remove from old teams
            for team in user_teams:
                if team not in r.params.getall('teams'):
                    members = ldap.get_team_members(team)
                    if account.dn in members:
                        members.remove(account.dn)
                    ldap.update_team(team, members)

        if self.user and not self.user.is_admin:
            self.redirect_route = 'list_request'