Esempio n. 1
0
    def user_changepw(username):
        title = "Change password"

        if not ldap_user_exists(username=username):
            abort(404)

        admin = ldap_in_group("Domain Admins")
        if username != g.ldap['username'] and admin:
            form = PasswordChange(request.form)
            form.visible_fields = []
        else:
            form = PasswordChangeUser(request.form)
            form.visible_fields = [form.oldpassword]

        form.visible_fields += [form.password, form.password_confirm]

        if form.validate_on_submit():
            try:
                if username != g.ldap['username'] and admin:
                    ldap_change_password(None,
                                         form.password.data,
                                         username=username)
                else:
                    ldap_change_password(form.oldpassword.data,
                                         form.password.data,
                                         username=username)
                flash("Password changed successfuly.", "success")
                return redirect(url_for('user_overview', username=username))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Change password",
                               parent=url_for('user_overview',
                                              username=username))
    def user_changepw(username):
        title = u"Change Password"

        if not ldap_user_exists(username=username):
            abort(404)

        admin = ldap_in_group(Settings.ADMIN_GROUP)

        if username != g.ldap['username'] and admin:
            form = PasswordChange(request.form)
            form.visible_fields = []
        else:
            form = PasswordChangeUser(request.form)
            form.visible_fields = [form.oldpassword]

        form.visible_fields += [form.password, form.password_confirm]

        if form.validate_on_submit():
            try:
                if username != g.ldap['username'] and admin:
                    ldap_change_password(None,
                                         form.password.data,
                                         username=username)
                else:
                    ldap_change_password(form.oldpassword.data,
                                         form.password.data,
                                         username=username)
                flash(u"The password was changed successfully.", "success")
                return redirect(url_for('user_overview', username=username))
            except ldap.LDAPError as e:
                e = dict(e.args[0])
                flash(e['info'], "error")
        elif form.errors:
            flash(u"Data validation failed.", "error")

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action=u"Change Password",
                               parent=url_for('user_overview',
                                              username=username))
Esempio n. 3
0
    def user_changepw(username):
        title = "Change password"

        if not ldap_user_exists(username=username):
            abort(404)

        admin = ldap_in_group("Domain Admins")
        if username != g.ldap['username'] and admin:
            form = PasswordChange(request.form)
            form.visible_fields = []
        else:
            form = PasswordChangeUser(request.form)
            form.visible_fields = [form.oldpassword]

        form.visible_fields += [form.password, form.password_confirm]

        if form.validate_on_submit():
            try:
                if username != g.ldap['username'] and admin:
                    ldap_change_password(None,
                                         form.password.data,
                                         username=username)
                else:
                    ldap_change_password(form.oldpassword.data,
                                         form.password.data,
                                         username=username)
                flash("Password changed successfuly.", "success")
                return redirect(url_for('user_overview', username=username))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
                flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html", form=form, title=title,
                               action="Change password",
                               parent=url_for('user_overview',
                                              username=username))
Esempio n. 4
0
    def user_add():
        title = "Add user"

        base = request.args.get('base')
        if not base:
            base = "OU=People,%s" % g.ldap['dn']

        form = UserAdd(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('displayName', form.display_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail),
                         (None, form.password),
                         (None, form.password_confirm),
                         ('userAccountControl', form.uac_flags)]

        form.visible_fields = [field[1] for field in field_mapping]

        form.uac_flags.choices = [(key, value[0]) for key, value in
                                  LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
                                  if value[1]]

        if form.validate_on_submit():
            try:
                # Default attributes
                upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
                attributes = {'objectClass': "user",
                              'UserPrincipalName': upn,
                              'accountExpires': "0",
                              'lockoutTime': "0"}

                for attribute, field in field_mapping:
                    if attribute == 'userAccountControl':
                        current_uac = 512
                        for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES
                                          .items()):
                            if flag[1] and key in field.data:
                                current_uac += key
                        attributes[attribute] = str(current_uac)
                    elif attribute and field.data:
                        attributes[attribute] = field.data

                ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
                                  attributes)
                ldap_change_password(None, form.password.data,
                                     form.user_name.data)

                flash("User successfully created.", "success")
                return redirect(url_for('user_overview',
                                        username=form.user_name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html", form=form, title=title,
                               action="Add user",
                               parent=url_for('user_add'))
Esempio n. 5
0
    def user_add():
        title = "Add user"

        base = request.args.get('base')
        if not base:
            base = "OU=People,%s" % g.ldap['dn']

        form = UserAdd(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('displayName', form.display_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail), (None, form.password),
                         (None, form.password_confirm),
                         ('userAccountControl', form.uac_flags)]

        form.visible_fields = [field[1] for field in field_mapping]

        form.uac_flags.choices = [
            (key, value[0])
            for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
            if value[1]
        ]

        if form.validate_on_submit():
            try:
                # Default attributes
                upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
                attributes = {
                    'objectClass': "user",
                    'UserPrincipalName': upn,
                    'accountExpires': "0",
                    'lockoutTime': "0"
                }

                for attribute, field in field_mapping:
                    if attribute == 'userAccountControl':
                        current_uac = 512
                        for key, flag in (
                                LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
                            if flag[1] and key in field.data:
                                current_uac += key
                        attributes[attribute] = str(current_uac)
                    elif attribute and field.data:
                        attributes[attribute] = field.data

                ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
                                  attributes)
                ldap_change_password(None, form.password.data,
                                     form.user_name.data)

                flash("User successfully created.", "success")
                return redirect(
                    url_for('user_overview', username=form.user_name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Add user",
                               parent=url_for('user_add'))
    def user_add():
        title = "Add User"

        if g.extra_fields:
            form = UserAddExtraFields(request.form)
        else:
            form = UserAdd(request.form)
        field_mapping = [('givenName', form.first_name),
                         ('sn', form.last_name),
                         ('sAMAccountName', form.user_name),
                         ('mail', form.mail), (None, form.password),
                         (None, form.password_confirm),
                         ('userAccountControl', form.uac_flags)]
        if g.extra_fields:
            extra_field_mapping = [('cUJAEPersonExternal', form.manual),
                                   ('cUJAEPersonType', form.person_type),
                                   ('cUJAEPersonDNI', form.dni)]
            field_mapping += extra_field_mapping

        form.visible_fields = [field[1] for field in field_mapping]
        form.uac_flags.choices = [
            (key, value[0])
            for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
        ]

        if form.validate_on_submit():
            try:
                base = request.args.get("b'base")
                base = base.rstrip("'")
                # Default attributes
                upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
                attributes = {
                    'objectClass': [
                        b'top', b'person', b'organizationalPerson', b'user',
                        b'inetOrgPerson'
                    ],
                    'UserPrincipalName': [upn.encode('utf-8')],
                    'accountExpires': [b"0"],
                    'lockoutTime': [b"0"],
                }

                for attribute, field in field_mapping:
                    if attribute == 'userAccountControl':
                        current_uac = 512
                        for key, flag in (
                                LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
                            if flag[1] and key in field.data:
                                current_uac += key
                        attributes[attribute] = [
                            str(current_uac).encode('utf-8')
                        ]
                    elif attribute and field.data:
                        if isinstance(field, BooleanField):
                            if field.data:
                                attributes[attribute] = 'TRUE'.encode('utf-8')
                            else:
                                attributes[attribute] = 'FALSE'.encode('utf-8')
                        else:
                            attributes[attribute] = [
                                field.data.encode('utf-8')
                            ]
                if 'sn' in attributes:
                    attributes['displayName'] = attributes['givenName'][
                        0].decode('utf-8') + " " + attributes['sn'][0].decode(
                            'utf-8')
                    attributes['displayName'] = [
                        attributes['displayName'].encode('utf-8')
                    ]
                else:
                    attributes['displayName'] = attributes['givenName']

                ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
                                  attributes)
                ldap_change_password(None, form.password.data,
                                     form.user_name.data)
                flash(u"User created successfully.", "success")
                return redirect(
                    url_for('user_overview', username=form.user_name.data))
            except ldap.LDAPError as e:
                e = dict(e.args[0])
                flash(e['info'], "error")
        elif form.errors:
            print(form.errors)
            flash("Some fields failed validation.", "error")
        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Adicionar Usuario",
                               parent=url_for('tree_base'))