def test_machine_down_error(self): assert call(['systemctl', 'stop', 'slapd']) == 0 try: with self.assertRaises(ConnectionError) as cm: UDM.machine() assert str(cm.exception) == 'The LDAP Server is not running' finally: assert call(['systemctl', 'start', 'slapd']) == 0
def test_machine_credentials_error(self):
pw = open('/etc/machine.secret').read()
try:
open('/etc/machine.secret', 'w').write('garbage')
with self.assertRaises(ConnectionError) as cm:
UDM.machine()
assert str(cm.exception) == 'Credentials invalid'
finally:
open('/etc/machine.secret', 'w').write(pw)
def send_verification_token(self, username):
MODULE.info("send_verification_token(): username: {}".format(username))
ucr.load()
if ucr.is_false('umc/self-service/account-verification/backend/enabled', True):
msg = _('The account verification was disabled via the Univention Configuration Registry.')
MODULE.error('send_verification_token(): {}'.format(msg))
raise UMC_Error(msg)
invalid_information = {
'success': False,
'failType': 'INVALID_INFORMATION'
}
users_mod = UDM.machine().version(2).get('users/user')
try:
user = users_mod.get_by_id(username)
except NoObject:
return invalid_information
try:
email = user.props.PasswordRecoveryEmail
except AttributeError:
return invalid_information
else:
if not email:
return invalid_information
self.send_message(username, 'verify_email', email, raise_on_success=False)
return {
'success': True,
'data': {
'username': username,
}
}
def test_caching(self):
assert UDM.admin().version(0).get('users/user') is UDM.admin().version(
0).get('users/user')
assert UDM.admin().version(0).get(
'users/user') is not UDM.admin().version(1).get('users/user')
assert UDM.admin().version(1).get('users/user') is UDM.admin().version(
1).get('users/user')
assert UDM.admin().version(0).get(
'users/user') is not UDM.admin().version(0).get('groups/group')
assert UDM.admin().version(0).get(
'users/user') is not UDM.machine().version(0).get('users/user')
def get_other_servers():
with UCSTestConfigRegistry() as ucr:
role = ucr.get('server/role')
udm = UDM.machine().version(2)
others = []
for mod in [
'computers/domaincontroller_master',
'computers/domaincontroller_backup',
'computers/domaincontroller_slave'
]:
if role not in mod:
others.extend(list(udm.get(mod).search()))
return others
def get_ldap_connections():
# type: () -> List[univention.admin.uldap.access]
udm = UDM.machine().version(2)
connections = []
modules = [
'computers/domaincontroller_master',
'computers/domaincontroller_backup', 'computers/domaincontroller_slave'
]
for module in modules:
for comp in udm.get(module).search():
try:
lo = univention.admin.uldap.access(
host=comp.props.fqdn,
base=udm.connection.base,
binddn=udm.connection.binddn,
bindpw=udm.connection.bindpw)
except ldap.SERVER_DOWN:
warning(
'Server "%s" is not reachable. The "authTimestamp" will not be read from it. Continuing.'
% (comp.props.fqdn, ))
else:
connections.append(lo)
return connections
def test_machine(self):
mod = UDM.machine().version(0).get('users/user')
assert mod.connection.binddn == self.ucr_test['ldap/hostdn']
def readudm():
return UDM.machine().version(2)
def create_self_registered_account(self, attributes):
MODULE.info('create_self_registered_account(): attributes: {}'.format(attributes))
ucr.load()
if ucr.is_false('umc/self-service/account-registration/backend/enabled', True):
msg = _('The account registration was disabled via the Univention Configuration Registry.')
MODULE.error('create_self_registered_account(): {}'.format(msg))
raise UMC_Error(msg)
# filter out attributes that are not valid to set
allowed_to_set = set(['PasswordRecoveryEmail', 'password'] + [attr.strip() for attr in ucr.get('umc/self-service/account-registration/udm_attributes', '').split(',') if attr.strip()])
attributes = {k: v for (k, v) in attributes.items() if k in allowed_to_set}
# validate attributes
res = self._validate_user_attributes(attributes, self._update_required_attr_of_props_for_registration)
# check username taken
if 'username' in attributes:
try:
UDM.machine().version(2).get('users/user').get_by_id(attributes['username'])
except NoObject:
pass
else:
res['username'] = {
'isValid': False,
'message': _('The username is already taken'),
}
invalid = {k: v for (k, v) in res.items() if not (all(v['isValid']) if isinstance(v['isValid'], list) else v['isValid'])}
if len(invalid):
return {
'success': False,
'failType': 'INVALID_ATTRIBUTES',
'data': invalid,
}
# check for missing required attributes from umc/self-service/account-registration/udm_attributes/required
required_attrs = [attr.strip() for attr in ucr.get('umc/self-service/account-registration/udm_attributes/required', '').split(',') if attr.strip()]
not_found = [attr for attr in required_attrs if attr not in attributes]
if not_found:
msg = _('The account could not be created:\nInformation provided is not sufficient. The following properties are missing:\n%s') % ('\n'.join(not_found),)
MODULE.error('create_self_registered_account(): {}'.format(msg))
raise UMC_Error(msg)
univention.admin.modules.update()
lo, po = get_admin_connection()
# get usertemplate
template_dn = ucr.get('umc/self-service/account-registration/usertemplate', '')
usertemplate = None
if template_dn:
usertemplate_mod = univention.admin.modules.get('settings/usertemplate')
univention.admin.modules.init(lo, po, usertemplate_mod, None, True)
try:
usertemplate = usertemplate_mod.object(None, lo, None, template_dn)
except udm_errors.noObject:
msg = _('The user template "{}" set by the "umc/self-service/account-registration/usertemplate" UCR variable does not exist. A user account can not be created. Please contact your system administrator.'.format(template_dn))
MODULE.error('create_self_registered_account(): {}'.format(msg))
raise UMC_Error(msg)
# init user module with template
usersmod = univention.admin.modules.get('users/user')
univention.admin.modules.init(lo, po, usersmod, usertemplate, True)
# get user container
udm = UDM.machine().version(2)
user_position = univention.admin.uldap.position(po.getBase())
container_dn = ucr.get('umc/self-service/account-registration/usercontainer', None)
if container_dn:
try:
container = udm.obj_by_dn(container_dn)
except NoObject:
msg = _('The container "{}" set by the "umc/self-service/account-registration/usercontainer" UCR variable does not exist. A user account can not be created. Please contact your system administrator.'.format(container_dn))
MODULE.error('create_self_registered_account(): {}'.format(msg))
raise UMC_Error(msg)
else:
user_position.setDn(container.dn)
else:
for dn in usersmod.object.get_default_containers(lo):
try:
container = udm.obj_by_dn(dn)
except NoObject:
pass
else:
user_position.setDn(container.dn)
break
# create user
attributes['PasswordRecoveryEmailVerified'] = 'FALSE'
attributes['RegisteredThroughSelfService'] = 'TRUE'
new_user = usersmod.object(None, lo, user_position)
new_user.open()
for key, value in attributes.items():
if key in new_user and value:
new_user[key] = value
try:
new_user.create()
except univention.admin.uexceptions.base as exc:
MODULE.error('create_self_registered_account(): could not create user: %s' % (traceback.format_exc(),))
return {
'success': False,
'failType': 'CREATION_FAILED',
'data': _('The account could not be created:\n%s') % UDM_Error(exc),
}
finally:
# TODO cleanup
# reinit user module without template.
# This has to be done since the modules are singletons?
univention.admin.modules.update()
self._usersmod = None
# univention.admin.modules.init(lo, po, usersmod, None, True)
try:
self.send_message(new_user['username'], 'verify_email', new_user['PasswordRecoveryEmail'], raise_on_success=False)
except Exception:
verify_token_successfully_send = False
else:
verify_token_successfully_send = True
return {
'success': True,
'verifyTokenSuccessfullySend': verify_token_successfully_send,
'data': {
'username': new_user['username'],
'email': new_user['PasswordRecoveryEmail'],
}
}