def POST(self):
i = web.input(_unicode=False, mail=[])
self.mails = i.get('mail', [])
self.action = i.get('action', None)
adminLib = admin.Admin()
if self.action == 'delete':
result = adminLib.delete(mails=self.mails, )
msg = 'DELETED'
elif self.action == 'disable':
result = adminLib.enableOrDisableAccount(
mails=self.mails,
action='disable',
)
msg = 'DISABLED'
elif self.action == 'enable':
result = adminLib.enableOrDisableAccount(
mails=self.mails,
action='enable',
)
msg = 'ENABLED'
else:
result = (False, 'INVALID_ACTION')
msg = i.get('msg', None)
if result[0] is True:
raise web.seeother('/admins?msg=%s' % msg)
else:
raise web.seeother('/admins?msg=' + result[1])
def GET(self, cur_page=1):
i = web.input()
cur_page = int(cur_page)
if cur_page == 0:
cur_page == 1
adminLib = admin.Admin()
result = adminLib.listAccounts()
connutils = connUtils.Utils()
sl = connutils.getSizelimitFromAccountLists(
result[1],
curPage=cur_page,
sizelimit=session['pageSizeLimit'],
)
if cur_page > sl.get('totalPages', 0):
cur_page = sl.get('totalPages', 0)
return web.render(
'ldap/admin/list.html',
cur_page=cur_page,
total=sl.get('totalAccounts'),
admins=sl.get('accountList'),
msg=i.get('msg', None),
)
def POST(self, profile_type, mail):
self.profile_type = web.safestr(profile_type)
self.mail = web.safestr(mail)
i = web.input(domainName=[], )
if session.get('domainGlobalAdmin'
) is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother(
'/profile/admin/general/%s?msg=PERMISSION_DENIED' %
session.get('username'))
adminLib = admin.Admin()
result = adminLib.update(
profile_type=self.profile_type,
mail=self.mail,
data=i,
)
if result[0] is True:
raise web.seeother('/profile/admin/%s/%s?msg=UPDATED' %
(self.profile_type, self.mail))
else:
raise web.seeother('/profile/admin/%s/%s?msg=%s' %
(self.profile_type, self.mail, result[1]))
def POST(self):
i = web.input()
self.mail = web.safestr(i.get('mail'))
adminLib = admin.Admin()
result = adminLib.add(data=i)
if result[0] is True:
# Redirect to assign domains.
return web.seeother('/profile/admin/general/%s?msg=CREATED_SUCCESS' % self.mail)
else:
return web.seeother('/create/admin?msg=' + result[1])
def GET(self, profile_type, mail):
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
# Get admin profile.
adminLib = admin.Admin()
result = adminLib.profile(self.mail)
if result[0] is not True:
raise web.seeother('/admins?msg=' + result[1])
else:
self.admin_profile = result[1]
i = web.input()
if self.profile_type == 'general':
# Get available languages.
if result[0] is True:
###################
# Managed domains
#
# Get all domains.
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ])
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
else:
return resultOfAllDomains
return web.render(
'ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
msg=i.get('msg', None),
)
else:
raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1]))
elif self.profile_type == 'password':
return web.render('ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg', None))
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username', '').strip())
password = i.get('password', '').strip()
save_pass = web.safestr(i.get('save_pass', 'no').strip())
if not iredutils.isEmail(username):
return web.seeother('/login?msg=INVALID_USERNAME')
if len(password) == 0:
return web.seeother('/login?msg=EMPTY_PASSWORD')
# Convert username to ldap dn.
userdn = ldaputils.convKeywordToDN(username, accountType='admin')
# Return True if auth success, otherwise return error msg.
self.auth_result = auth.Auth(
cfg.ldap.get('uri', 'ldap://127.0.0.1/'),
userdn,
password,
)
if self.auth_result is True:
session['username'] = username
session['logged'] = True
# Read preferred language from db.
adminLib = adminlib.Admin()
#session['lang'] = adminLib.getPreferredLanguage(userdn) or cfg.general.get('lang', 'en_US')
adminProfile = adminLib.profile(username)
if adminProfile[0] is True:
cn = adminProfile[1][0][1].get('cn', [None])[0]
lang = adminProfile[1][0][1].get(
'preferredLanguage', [cfg.general.get('lang', 'en_US')])[0]
session['cn'] = cn
session['lang'] = lang
else:
pass
web.config.session_parameters['cookie_name'] = 'iRedAdmin'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(
msg="Login success",
event='login',
)
return web.seeother('/dashboard/checknew')
else:
session['failedTimes'] += 1
web.logger(
msg="Login failed.",
admin=username,
event='login',
loglevel='error',
)
return web.seeother('/login?msg=%s' % self.auth_result)
def GET(self, profile_type, mail):
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
return web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
adminLib = admin.Admin()
# Get admin profile.
result = adminLib.profile(self.mail)
if result[0] is not True:
return web.seeother('/admins?msg=' + result[1])
else:
self.admin_profile = result[1]
i = web.input()
if self.profile_type == 'general':
# Get available languages.
if result[0] is True:
###################
# Managed domains
#
# Check permission.
#if session.get('domainGlobalAdmin') is not True:
# return web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % self.mail)
# Get all domains.
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ])
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
else:
return resultOfAllDomains
# Get domains under control.
resultOfManagedDomains = adminLib.getManagedDomains(mail=self.mail, attrs=['domainName', ])
if resultOfManagedDomains[0] is True:
self.managedDomains = []
for d in resultOfManagedDomains[1]:
if 'domainName' in d[1].keys():
self.managedDomains += d[1].get('domainName')
else:
return resultOfManagedDomains
return web.render(
'ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
languagemaps=languages.getLanguageMaps(),
allDomains=self.allDomains,
managedDomains=self.managedDomains,
msg=i.get('msg', None),
)
else:
return web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1]))
elif self.profile_type == 'password':
return web.render('ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
min_passwd_length=cfg.general.get('min_passwd_length'),
max_passwd_length=cfg.general.get('max_passwd_length'),
msg=i.get('msg', None),
)
class Login:
def GET(self):
if session.get('logged') is False:
i = web.input(_unicode=False)
# Show login page.
return web.render('login.html',
languagemaps=languages.get_language_maps(),
webmaster=session.get('webmaster'),
msg=i.get('msg'))
else:
raise web.seeother('/dashboard')
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username', '').strip()).lower()
password = i.get('password', '').strip()
save_pass = web.safestr(i.get('save_pass', 'no').strip())
if not iredutils.is_email(username):
raise web.seeother('/login?msg=INVALID_USERNAME')
if not password:
raise web.seeother('/login?msg=EMPTY_PASSWORD')
# Get LDAP URI.
uri = settings.ldap_uri
# Verify bind_dn & bind_pw.
try:
# Detect STARTTLS support.
if uri.startswith('ldaps://'):
starttls = True
else:
starttls = False
# Set necessary option for STARTTLS.
if starttls:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
# Initialize connection.
conn = ldap.initialize(uri)
# Set LDAP protocol version: LDAP v3.
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
if starttls:
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
# synchronous bind.
conn.bind_s(settings.ldap_bind_dn, settings.ldap_bind_password)
conn.unbind_s()
except (ldap.INVALID_CREDENTIALS):
raise web.seeother('/login?msg=vmailadmin_INVALID_CREDENTIALS')
except Exception, e:
raise web.seeother('/login?msg=%s' % web.safestr(e))
# Check whether it's a mail user
dn_user = ldaputils.convert_keyword_to_dn(username, accountType='user')
qr_user_auth = auth.Auth(uri=uri, dn=dn_user, password=password)
qr_admin_auth = (False, 'INVALID_CREDENTIALS')
if not qr_user_auth[0]:
# Verify admin account under 'o=domainAdmins'.
dn_admin = ldaputils.convert_keyword_to_dn(username, accountType='admin')
qr_admin_auth = auth.Auth(uri=uri, dn=dn_admin, password=password)
if not qr_admin_auth[0]:
session['failed_times'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error')
raise web.seeother('/login?msg=INVALID_CREDENTIALS')
if qr_admin_auth[0] or qr_user_auth[0]:
session['username'] = username
session['logged'] = True
# Read preferred language from LDAP
if qr_admin_auth[0] is True:
adminLib = adminlib.Admin()
adminProfile = adminLib.profile(username, attributes=['preferredLanguage'])
if adminProfile[0] is True:
dn, entry = adminProfile[1][0]
lang = entry.get('preferredLanguage', [settings.default_language])[0]
session['lang'] = lang
if qr_user_auth[0] is True:
session['isMailUser'] = True
web.config.session_parameters['cookie_name'] = 'iRedAdmin-Pro'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(msg="Login success", event='login',)
# Save selected language
selected_language = str(i.get('lang', '')).strip()
if selected_language != web.ctx.lang and \
selected_language in languages.get_language_maps():
session['lang'] = selected_language
raise web.seeother('/dashboard/checknew')
else:
session['failed_times'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',)
raise web.seeother('/login?msg=%s' % qr_admin_auth[1])
def GET(self):
i = web.input(_unicode=False, )
# Get queries.
self.event = web.safestr(i.get('event', 'all'))
self.domain = web.safestr(i.get('domain', 'all'))
self.admin = web.safestr(i.get('admin', 'all'))
self.cur_page = web.safestr(i.get('page', '1'))
if not self.cur_page.isdigit() or self.cur_page == '0':
self.cur_page = 1
else:
self.cur_page = int(self.cur_page)
logLib = loglib.Log()
total, entries = logLib.listLogs(
event=self.event,
domain=self.domain,
admin=self.admin,
cur_page=self.cur_page,
)
# Pre-defined
allDomains = []
allAdmins = []
if cfg.general.backend == 'ldap':
# Get all managed domains under control.
connutils = connUtils.Utils()
qr = connutils.getManagedDomains(
mail=session.get('username'),
attrs=['domainName'],
)
if qr[0] is True:
allDomains = [
str(v[1]['domainName'][0]).lower() for v in qr[1]
]
# Get all admins.
if session.get('domainGlobalAdmin') is True:
adminLib = adminlib.Admin()
result = adminLib.listAccounts(attrs=['mail'])
if result[0] is not False:
allAdmins = [v[1]['mail'][0] for v in result[1]]
else:
allAdmins = [self.admin]
elif cfg.general.backend in [
'mysql',
'dbmail_mysql',
]:
# Get all managed domains under control.
connutils = connUtils.Utils()
qr = connutils.getManagedDomains(
admin=session.get('username'),
domainNameOnly=True,
)
if qr[0] is True:
allDomains = qr[1]
# Get all admins.
if session.get('domainGlobalAdmin') is True:
adminLib = adminlib.Admin()
qr = adminLib.getAllAdmins(columns=['username'])
if qr[0] is True:
for r in qr[1]:
allAdmins += [r.username]
else:
allAdmins = [self.admin]
return web.render(
'panel/log.html',
event=self.event,
domain=self.domain,
admin=self.admin,
allEvents=LOG_EVENTS,
cur_page=self.cur_page,
total=total,
entries=entries,
allDomains=allDomains,
allAdmins=allAdmins,
msg=i.get('msg'),
)