def change_password(dn,
old_password,
new_password,
require_cur_passwd=True,
conn=None):
"""Change account password.
If very possible that `old_password` will be set to None/False/<empty>,
to prevent updating password without old password, we use argument
`require_old_password=False` instead of use `old_password=None`.
"""
if not conn:
_wrap = LDAPWrap()
conn = _wrap.conn
try:
# Reference: RFC3062 - LDAP Password Modify Extended Operation
if require_cur_passwd:
conn.passwd_s(dn, old_password, new_password)
else:
# Generate password hash and replace value of 'userPassword' attr.
pw_hash = iredpwd.generate_password_hash(new_password)
mod_attr = ldaputils.mod_replace('userPassword', pw_hash)
conn.modify_s(dn, mod_attr)
return (True, )
except ldap.UNWILLING_TO_PERFORM:
return (False, 'INCORRECT_OLDPW')
except Exception as e:
return (False, repr(e))
def add(form, conn=None):
"""Add new standalone admin account."""
mail = form_utils.get_single_value(form=form,
input_name='mail',
to_lowercase=True,
to_string=True)
if not iredutils.is_auth_email(mail):
return (False, 'INVALID_MAIL')
if not conn:
_wrap = LDAPWrap()
conn = _wrap.conn
# Make sure it's not hosted domain
domain = mail.split('@', 1)[-1]
if ldap_lib_general.is_domain_exists(domain=domain, conn=conn):
return (False, 'CAN_NOT_BE_LOCAL_DOMAIN')
name = form_utils.get_single_value(form=form, input_name='cn')
account_status = form_utils.get_single_value(form=form,
input_name='accountStatus',
default_value='active',
to_string=True)
lang = form_utils.get_single_value(form=form,
input_name='preferredLanguage',
to_string=True)
# Check password.
newpw = web.safestr(form.get('newpw'))
confirmpw = web.safestr(form.get('confirmpw'))
result = iredpwd.verify_new_password(newpw, confirmpw)
if result[0] is True:
passwd = iredpwd.generate_password_hash(result[1])
else:
return result
ldif = iredldif.ldif_mailadmin(mail=mail,
passwd=passwd,
cn=name,
account_status=account_status,
preferred_language=lang)
dn = ldaputils.rdn_value_to_admin_dn(mail)
try:
conn.add_s(dn, ldif)
log_activity(msg="Create admin: %s." % (mail), event='create')
return (True, )
except ldap.ALREADY_EXISTS:
return (False, 'ALREADY_EXISTS')
except Exception as e:
return (False, repr(e))
def update(mail, profile_type, form, conn=None):
mail = str(mail).lower()
# Don't allow to view/update other admins' profile.
if mail != session.get('username') and not session.get('is_global_admin'):
return (False, 'PERMISSION_DENIED')
sql_vars = {'username': mail}
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
params = {}
if profile_type == 'general':
# Name, preferred language
params['name'] = form.get('cn', '')
params['language'] = form_utils.get_language(form)
# Update account status
params['active'] = 0
if 'accountStatus' in form:
params['active'] = 1
elif profile_type == 'password':
newpw = web.safestr(form.get('newpw', ''))
confirmpw = web.safestr(form.get('confirmpw', ''))
# Verify new passwords.
qr = iredpwd.verify_new_password(newpw=newpw, confirmpw=confirmpw)
if qr[0] is True:
passwd = iredpwd.generate_password_hash(qr[1])
params['password'] = passwd
params['passwordlastchange'] = iredutils.get_gmttime()
else:
return qr
if params:
try:
conn.update('admin',
vars=sql_vars,
where='username=$username',
**params)
except Exception as e:
log_traceback()
if 'password' in params:
raise web.seeother('/profile/admin/password/{}?msg={}'.format(
mail, web.urlquote(e)))
else:
raise web.seeother('/profile/admin/general/{}?msg={}'.format(
mail, web.urlquote(e)))
return (True, )
def get_password(form,
input_name='newpw',
confirm_pw_input_name='confirmpw',
min_passwd_length=None,
max_passwd_length=None):
pw = get_single_value(form, input_name=input_name, to_string=True)
confirm_pw = get_single_value(form,
input_name=confirm_pw_input_name,
to_string=True)
qr = iredpwd.verify_new_password(newpw=pw,
confirmpw=confirm_pw,
min_passwd_length=min_passwd_length,
max_passwd_length=max_passwd_length)
if not qr[0]:
return qr
if 'store_password_in_plain_text' in form and settings.STORE_PASSWORD_IN_PLAIN:
pw_hash = iredpwd.generate_password_hash(pw, pwscheme='PLAIN')
else:
pw_hash = iredpwd.generate_password_hash(pw)
return (True, {'pw_plain': pw, 'pw_hash': pw_hash})
def add_admin_from_form(form, conn=None):
mail = web.safestr(form.get('mail')).strip().lower()
if not iredutils.is_email(mail):
return (False, 'INVALID_MAIL')
# Get new password.
newpw = web.safestr(form.get('newpw'))
confirmpw = web.safestr(form.get('confirmpw'))
qr = iredpwd.verify_new_password(newpw=newpw, confirmpw=confirmpw)
if qr[0] is True:
passwd = qr[1]
else:
return qr
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
# Check local domain
domain = mail.split('@', 1)[-1]
if not iredutils.is_domain(domain):
return (False, 'INVALID_DOMAIN')
if sql_lib_general.is_domain_exists(domain=domain, conn=conn):
return (False, 'CAN_NOT_BE_LOCAL_DOMAIN')
# Check admin exist.
if is_admin_exists(conn=conn, admin=mail):
return (False, 'ALREADY_EXISTS')
# Name, language
cn = form.get('cn', '')
lang = form_utils.get_language(form)
_status = form_utils.get_single_value(form=form,
input_name='accountStatus',
default_value='active')
if _status == 'active':
_status = 1
else:
_status = 0
try:
conn.insert('admin',
username=mail,
name=cn,
password=iredpwd.generate_password_hash(passwd),
language=lang,
created=iredutils.get_gmttime(),
active=_status)
conn.insert('domain_admins',
username=mail,
domain='ALL',
created=iredutils.get_gmttime(),
active='1')
log_activity(msg="Create admin: %s." % (mail), event='create')
return (True, )
except Exception as e:
log_traceback()
return (False, repr(e))
def update(profile_type, mail, form, conn=None):
profile_type = web.safestr(profile_type)
mail = str(mail).lower()
(username, domain) = mail.split('@', 1)
if not conn:
_wrap = LDAPWrap()
conn = _wrap.conn
# Get account dn.
dn_user = ldaputils.rdn_value_to_user_dn(mail)
mod_attrs = []
qr = ldap_lib_general.get_domain_account_setting(domain=domain, conn=conn)
if qr[0]:
domainAccountSetting = qr[1]
else:
return qr
qr = get_profile(mail=mail, conn=conn)
if qr[0]:
user_profile = qr[1]['ldif']
user_account_setting = ldaputils.get_account_setting_from_profile(
user_profile)
else:
return qr
if profile_type == 'general':
# Update domainGlobalAdmin=yes
if session.get('is_global_admin'):
# Update domainGlobalAdmin=yes
if 'domainGlobalAdmin' in form:
mod_attrs = ldaputils.mod_replace('domainGlobalAdmin', 'yes')
if user_profile.get('domainGlobalAdmin') != ['yes']:
log_activity(msg="User %s is marked as global admin." %
mail,
username=mail,
domain=domain,
event='grant')
else:
mod_attrs = ldaputils.mod_replace('domainGlobalAdmin', None)
if user_profile.get('domainGlobalAdmin') == ['yes']:
log_activity(msg="User %s is not a global admin anymore." %
mail,
username=mail,
domain=domain,
event='revoke')
# Get full name, first name, last name.
# Note: cn, givenName, sn are required by objectClass `inetOrgPerson`.
cn = form_utils.get_name(form=form, input_name="cn")
first_name = form_utils.get_single_value(form=form,
input_name="first_name")
last_name = form_utils.get_single_value(form=form,
input_name="last_name")
mod_attrs += ldaputils.mod_replace(attr="cn",
value=cn,
default=username)
mod_attrs += ldaputils.mod_replace(attr='givenName',
value=first_name,
default=username)
mod_attrs += ldaputils.mod_replace(attr='sn',
value=last_name,
default=username)
# Get preferred language: short lang code. e.g. en_US, de_DE.
preferred_language = form_utils.get_language(form)
# Must be equal to or less than 5 characters.
if not (preferred_language in iredutils.get_language_maps()):
preferred_language = None
mod_attrs += ldaputils.mod_replace('preferredLanguage',
preferred_language)
# Update language immediately.
if session.get('username') == mail and \
session.get('lang', 'en_US') != preferred_language:
session['lang'] = preferred_language
# Update timezone
tz_name = form_utils.get_timezone(form)
if qr[0]:
user_account_setting['timezone'] = tz_name
if session['username'] == mail and tz_name:
session['timezone'] = TIMEZONES[tz_name]
# Update employeeNumber, mobile, title.
mod_attrs += ldaputils.mod_replace('employeeNumber',
form.get('employeeNumber'))
############
# Reset quota
#
# Get new mail quota from web form.
quota = form_utils.get_single_value(form=form,
input_name='mailQuota',
default_value=0,
is_integer=True)
# quota must be stored in bytes.
mod_attrs += ldaputils.mod_replace('mailQuota', quota * 1024 * 1024)
# Get telephoneNumber, mobile.
# - multi values are allowed.
# - non-ascii characters are not allowed.
for k in ['mobile', 'telephoneNumber']:
mod_attrs += ldaputils.form_mod_attrs_from_api(form=form,
input_name=k,
attr=k,
to_string=True)
# Get title, with multiple values.
for _attr in ['title']:
_values = [v for v in form.get(_attr, []) if v]
# Remove duplicate entries
_values = list(set(_values))
mod_attrs += ldaputils.mod_replace(attr=_attr, value=_values)
# check account status.
accountStatus = 'disabled'
if 'accountStatus' in form:
accountStatus = 'active'
mod_attrs += ldaputils.mod_replace('accountStatus', accountStatus)
elif profile_type == 'password':
# Get password length from @domainAccountSetting.
(min_pw_len,
max_pw_len) = ldap_lib_general.get_domain_password_lengths(
domain=domain,
account_settings=domainAccountSetting,
fallback_to_global_settings=False,
conn=conn)
# Get new passwords from user input.
newpw = web.safestr(form.get('newpw', ''))
confirmpw = web.safestr(form.get('confirmpw', ''))
result = iredpwd.verify_new_password(newpw=newpw,
confirmpw=confirmpw,
min_passwd_length=min_pw_len,
max_passwd_length=max_pw_len)
if result[0] is True:
if 'store_password_in_plain_text' in form and settings.STORE_PASSWORD_IN_PLAIN_TEXT:
passwd = iredpwd.generate_password_hash(result[1],
pwscheme='PLAIN')
else:
passwd = iredpwd.generate_password_hash(result[1])
mod_attrs += ldaputils.mod_replace('userPassword', passwd)
mod_attrs += ldaputils.mod_replace(
'shadowLastChange', ldaputils.get_days_of_shadow_last_change())
# Always store plain password in another attribute.
if settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR:
mod_attrs += ldaputils.mod_replace(
settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR, newpw)
else:
return result
# accountSetting
list_of_account_setting = ldaputils.account_setting_dict_to_list(
user_account_setting)
mod_attrs += ldaputils.mod_replace('accountSetting',
list_of_account_setting)
try:
conn.modify_s(dn_user, mod_attrs)
log_activity(msg="Update user profile ({}): {}.".format(
profile_type, mail),
admin=session.get('username'),
username=mail,
domain=domain,
event='update')
return (True, {})
except Exception as e:
return (False, repr(e))
usage()
total = len(users)
logger.info('%d users in total.' % total)
count = 1
if backend == 'ldap':
from libs.ldaplib.core import LDAPWrap
from libs.ldaplib.ldaputils import rdn_value_to_user_dn, mod_replace
_wrap = LDAPWrap()
conn = _wrap.conn
for (_email, _pw) in users:
logger.info('(%d/%d) Updating %s' % (count, total, _email))
dn = rdn_value_to_user_dn(_email)
pw_hash = generate_password_hash(_pw)
mod_attrs = mod_replace('userPassword', pw_hash)
try:
conn.modify_s(dn, mod_attrs)
except Exception as e:
print("<<< ERROR >>> {}".format(repr(e)))
elif backend in ['mysql', 'pgsql']:
conn = get_db_conn('vmail')
for (_email, _pw) in users:
logger.info('(%d/%d) Updating %s' % (count, total, _email))
pw_hash = generate_password_hash(_pw)
conn.update('mailbox',
password=pw_hash,
where="username='******'" % _email)
backend = settings.backend
web.config.debug = debug
# Check arguments
if len(sys.argv) == 3:
email = sys.argv[1]
pw = sys.argv[2]
if not is_email(email):
usage()
sys.exit()
else:
usage()
sys.exit()
pw_hash = generate_password_hash(pw)
if backend == 'ldap':
from libs.ldaplib.core import LDAPWrap
from libs.ldaplib.ldaputils import rdn_value_to_user_dn, mod_replace
_wrap = LDAPWrap()
conn = _wrap.conn
dn = rdn_value_to_user_dn(email)
mod_attrs = mod_replace('userPassword', pw_hash)
try:
conn.modify_s(dn, mod_attrs)
print("[{}] Password has been reset.".format(email))
except Exception as e:
print("<<< ERROR >>> {}".format(repr(e)))
elif backend in ['mysql', 'pgsql']:
conn = get_db_conn('vmail')
def update(conn, mail, profile_type, form):
profile_type = web.safestr(profile_type)
mail = str(mail).lower()
domain = mail.split('@', 1)[-1]
qr = sql_lib_domain.simple_profile(conn=conn,
domain=domain,
columns=['maxquota', 'settings'])
if not qr[0]:
return qr
domain_profile = qr[1]
del qr
domain_settings = sqlutils.account_settings_string_to_dict(
domain_profile.get('settings', ''))
disabled_user_profiles = domain_settings.get('disabled_user_profiles', [])
if not session.get('is_global_admin'):
if profile_type in disabled_user_profiles:
return (False, 'PERMISSION_DENIED')
# Pre-defined update key:value pairs
updates = {'modified': iredutils.get_gmttime()}
if profile_type == 'general':
# Get name
updates['name'] = form.get('cn', '')
# Get preferred language: short lang code. e.g. en_US, de_DE.
preferred_language = form_utils.get_language(form)
if preferred_language in iredutils.get_language_maps():
updates['language'] = preferred_language
else:
updates['language'] = ''
tz_name = form_utils.get_timezone(form)
if tz_name:
sql_lib_general.update_user_settings(
conn=conn, mail=mail, new_settings={'timezone': tz_name})
if session['username'] == mail:
session['timezone'] = TIMEZONES[tz_name]
else:
sql_lib_general.update_user_settings(conn=conn,
mail=mail,
removed_settings=['timezone'])
# Update language immediately.
if session.get('username') == mail and \
session.get('lang', 'en_US') != preferred_language:
session['lang'] = preferred_language
# check account status
updates['active'] = 0
if 'accountStatus' in form:
updates['active'] = 1
# Update account status in table `alias` immediately
try:
conn.update('forwardings',
vars={'address': mail},
where='address=$address OR forwarding=$address',
active=updates['active'])
except:
pass
# Get mail quota size.
mailQuota = str(form.get('mailQuota'))
if mailQuota.isdigit():
mailQuota = int(mailQuota)
else:
mailQuota = 0
updates['quota'] = mailQuota
updates['employeeid'] = form.get('employeeNumber', '')
elif profile_type == 'password':
newpw = web.safestr(form.get('newpw', ''))
confirmpw = web.safestr(form.get('confirmpw', ''))
# Get password length limit from domain profile or global setting.
min_passwd_length = domain_settings.get('min_passwd_length', 0)
max_passwd_length = domain_settings.get('max_passwd_length', 0)
# Verify new passwords.
qr = iredpwd.verify_new_password(newpw=newpw,
confirmpw=confirmpw,
min_passwd_length=min_passwd_length,
max_passwd_length=max_passwd_length)
if qr[0] is True:
pwscheme = None
if 'store_password_in_plain_text' in form and settings.STORE_PASSWORD_IN_PLAIN_TEXT:
pwscheme = 'PLAIN'
passwd = iredpwd.generate_password_hash(qr[1], pwscheme=pwscheme)
else:
return qr
# Hash/encrypt new password.
updates['password'] = passwd
updates['passwordlastchange'] = iredutils.get_gmttime()
# Store plain password in another attribute.
if settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR:
updates[settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR] = newpw
else:
return (True, )
# Update SQL db
try:
conn.update('mailbox',
vars={'username': mail},
where='username=$username',
**updates)
log_activity(msg="Update user profile ({}): {}.".format(
profile_type, mail),
admin=session.get('username'),
username=mail,
domain=domain,
event='update')
return (True, {})
except Exception as e:
return (False, repr(e))
def add_user_from_form(domain, form, conn=None):
# Get domain name, username, cn.
mail_domain = form_utils.get_domain_name(form)
mail_username = form.get('username')
if mail_username:
mail_username = web.safestr(mail_username).strip().lower()
else:
return (False, 'INVALID_ACCOUNT')
mail = mail_username + '@' + mail_domain
if mail_domain != domain:
return (False, 'PERMISSION_DENIED')
if not iredutils.is_auth_email(mail):
return (False, 'INVALID_MAIL')
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
# Check account existing.
if sql_lib_general.is_email_exists(mail=mail, conn=conn):
return (False, 'ALREADY_EXISTS')
# Get domain profile.
qr_profile = sql_lib_domain.profile(conn=conn, domain=domain)
if qr_profile[0] is True:
domain_profile = qr_profile[1]
domain_settings = sqlutils.account_settings_string_to_dict(
domain_profile['settings'])
else:
return qr_profile
# Check account limit.
num_exist_accounts = sql_lib_admin.num_managed_users(conn=conn,
domains=[domain])
if domain_profile.mailboxes == -1:
return (False, 'NOT_ALLOWED')
elif domain_profile.mailboxes > 0:
if domain_profile.mailboxes <= num_exist_accounts:
return (False, 'EXCEEDED_DOMAIN_ACCOUNT_LIMIT')
# Get quota from <form>
quota = str(form.get('mailQuota', 0)).strip()
try:
quota = int(quota)
except:
quota = 0
#
# Get password from <form>.
#
pw_hash = form.get('password_hash', '')
newpw = web.safestr(form.get('newpw', ''))
confirmpw = web.safestr(form.get('confirmpw', ''))
if pw_hash:
if not iredpwd.is_supported_password_scheme(pw_hash):
return (False, 'INVALID_PASSWORD_SCHEME')
passwd = pw_hash
else:
# Get password length limit from domain profile or global setting.
min_passwd_length = domain_settings.get('min_passwd_length', 0)
max_passwd_length = domain_settings.get('max_passwd_length', 0)
qr_pw = iredpwd.verify_new_password(
newpw,
confirmpw,
min_passwd_length=min_passwd_length,
max_passwd_length=max_passwd_length)
if qr_pw[0] is True:
pwscheme = None
if 'store_password_in_plain_text' in form and settings.STORE_PASSWORD_IN_PLAIN_TEXT:
pwscheme = 'PLAIN'
passwd = iredpwd.generate_password_hash(qr_pw[1],
pwscheme=pwscheme)
else:
return qr_pw
# Get display name from <form>
cn = form_utils.get_single_value(form, input_name='cn', default_value='')
# Get preferred language.
preferred_language = form_utils.get_language(form)
if preferred_language not in iredutils.get_language_maps():
preferred_language = ''
# Get storage base directory.
_storage_base_directory = settings.storage_base_directory
splited_sbd = _storage_base_directory.rstrip('/').split('/')
storage_node = splited_sbd.pop()
storage_base_directory = '/'.join(splited_sbd)
maildir = iredutils.generate_maildir_path(mail)
# Read full maildir path from web form - from RESTful API.
mailbox_maildir = form.get('maildir', '').lower().rstrip('/')
if mailbox_maildir and os.path.isabs(mailbox_maildir):
# Split storageBaseDirectory and storageNode
_splited = mailbox_maildir.rstrip('/').split('/')
storage_base_directory = '/' + _splited[0]
storage_node = _splited[1]
maildir = '/'.join(_splited[2:])
record = {
'domain': domain,
'username': mail,
'password': passwd,
'name': cn,
'quota': quota,
'storagebasedirectory': storage_base_directory,
'storagenode': storage_node,
'maildir': maildir,
'language': preferred_language,
'passwordlastchange': iredutils.get_gmttime(),
'created': iredutils.get_gmttime(),
'active': 1
}
# Get settings from SQL db.
db_settings = iredutils.get_settings_from_db()
# Get mailbox format and folder.
_mailbox_format = form.get('mailboxFormat',
db_settings['mailbox_format']).lower()
_mailbox_folder = form.get('mailboxFolder', db_settings['mailbox_folder'])
if iredutils.is_valid_mailbox_format(_mailbox_format):
record['mailboxformat'] = _mailbox_format
if iredutils.is_valid_mailbox_folder(_mailbox_folder):
record['mailboxfolder'] = _mailbox_folder
# Always store plain password in another attribute.
if settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR:
record[settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR] = newpw
# Set disabled mail services.
disabled_mail_services = domain_settings.get('disabled_mail_services', [])
for srv in disabled_mail_services:
record['enable' + srv] = 0
# globally disabled mail services
for srv in settings.ADDITIONAL_DISABLED_USER_SERVICES:
record['enable' + srv] = 0
# globally enabled mail services
for srv in settings.ADDITIONAL_ENABLED_USER_SERVICES:
record['enable' + srv] = 1
try:
# Store new user in SQL db.
conn.insert('mailbox', **record)
# Create an entry in `vmail.forwardings` with `address=forwarding`
conn.insert('forwardings',
address=mail,
forwarding=mail,
domain=domain,
dest_domain=domain,
is_forwarding=1,
active=1)
log_activity(msg="Create user: %s." % (mail),
domain=domain,
event='create')
return (True, )
except Exception as e:
return (False, repr(e))
def update(mail, profile_type, form, conn=None):
mail = str(mail).lower()
# Don't allow to view/update other admins' profile.
if mail != session.get('username') and not session.get('is_global_admin'):
return (False, 'PERMISSION_DENIED')
sql_vars = {'username': mail}
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
m_doms = []
try:
res = conn.select('domain_admins',
vars={"uname": mail},
what="domain",
where="username=$uname")
for io in res:
m_doms.append(io.domain)
except:
m_doms = []
fm_doms = []
try:
fm_doms = form.managed_domains
except:
fm_doms = []
del_dom = []
add_dom = []
if len(m_doms) > 0 and len(fm_doms) > 0:
for dm in m_doms:
if dm not in fm_doms:
del_dom.append(dm)
for dm in fm_doms:
if dm not in m_doms:
add_dom.append(dm)
params = {}
if profile_type == 'general':
# Name, preferred language
params['name'] = form.get('cn', '')
params['language'] = form_utils.get_language(form)
# Update account status
params['active'] = 0
if 'accountStatus' in form:
params['active'] = 1
elif profile_type == 'password':
newpw = web.safestr(form.get('newpw', ''))
confirmpw = web.safestr(form.get('confirmpw', ''))
# Verify new passwords.
qr = iredpwd.verify_new_password(newpw=newpw, confirmpw=confirmpw)
if qr[0] is True:
passwd = iredpwd.generate_password_hash(qr[1])
params['password'] = passwd
params['passwordlastchange'] = iredutils.get_gmttime()
else:
return qr
if params:
try:
conn.update('admin',
vars=sql_vars,
where='username=$username',
**params)
except Exception as e:
log_traceback()
if 'password' in params:
raise web.seeother('/profile/admin/password/{}?msg={}'.format(
mail, web.urlquote(e)))
else:
raise web.seeother('/profile/admin/general/{}?msg={}'.format(
mail, web.urlquote(e)))
if len(add_dom) > 0:
tm = False
err = ""
for i in add_dom:
try:
conn.insert('domain_admins',
username=mail,
domain=i,
created=iredutils.get_gmttime(),
active='1')
except Exception as e:
err += ", " + repr(e)
tm = True
if tm:
raise web.seeother('/profile/admin/general/{}?msg={}'.format(
mail, web.urlquote(err)))
if len(del_dom) > 0:
tm = False
err = ""
for i in del_dom:
try:
conn.delete('domain_admins',
vars={
"umail": mail,
"dm": i
},
where="username=$umail and domain=$dm")
except Exception as e:
err += ", " + repr(e)
tm = True
if tm:
raise web.seeother('/profile/admin/general/{}?msg={}'.format(
mail, web.urlquote(err)))
return (True, )
def add_admin_from_form(form, conn=None):
mail = web.safestr(form.get('mail')).strip().lower()
if not iredutils.is_email(mail):
return (False, 'INVALID_MAIL')
# Get new password.
newpw = web.safestr(form.get('newpw'))
confirmpw = web.safestr(form.get('confirmpw'))
qr = iredpwd.verify_new_password(newpw=newpw, confirmpw=confirmpw)
if qr[0] is True:
passwd = qr[1]
else:
return qr
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
# Check local domain
domain = mail.split('@', 1)[-1]
if not iredutils.is_domain(domain):
return (False, 'INVALID_DOMAIN')
if sql_lib_general.is_domain_exists(domain=domain, conn=conn):
return (False, 'CAN_NOT_BE_LOCAL_DOMAIN')
# Check admin exist.
if is_admin_exists(conn=conn, admin=mail):
return (False, 'ALREADY_EXISTS')
# Name, language
cn = form.get('cn', '')
managed_domains = form.get('managed_domains', [])
lang = form_utils.get_language(form)
_status = form_utils.get_single_value(form=form,
input_name='accountStatus',
default_value='active')
if _status == 'active':
_status = 1
else:
_status = 0
# GET ALL valid DOMAINS
all_domains = sql_lib_domain.get_all_domains(conn=conn, name_only=True)
if all_domains[0]:
all_domains = all_domains[1]
else:
all_domains = []
#Check form submitted DOMAINS for validity
for i in managed_domains:
if i not in all_domains:
if i != "ALL":
managed_domains = list(filter((i).__ne__, managed_domains))
managed_domains = list(set(managed_domains))
try:
if len(managed_domains) > 0:
conn.insert('admin',
username=mail,
name=cn,
password=iredpwd.generate_password_hash(passwd),
language=lang,
created=iredutils.get_gmttime(),
active=_status)
for i in managed_domains:
conn.insert('domain_admins',
username=mail,
domain=i,
created=iredutils.get_gmttime(),
active='1')
log_activity(msg="Create admin: %s." % (mail), event='create')
return (True, )
else:
return (False, "No Valid Domain Selected!")
except Exception as e:
log_traceback()
return (False, repr(e))
