Esempio n. 1
0
def createResetSession():
    isResetEnabled = os.environ.get("EMAIL_RESET_ENABLED")
    if not isResetEnabled.lower() == "true":
        return "ERR_SERVICE_DISABLED", 500
    dbconn = database()
    dbconn.execute(
        "SELECT COUNT(*) AS num, id, email, firstname FROM people WHERE username = %s",
        (request.form.get("username"), ))
    result = dbconn.fetchone()
    if not result["num"] == 1:
        return "ERR_USER_NOT_FOUND", 500
    pCheck = permissionCheck()
    permissions = pCheck.get(request.form.get("username"))
    if "emailrst" not in permissions:
        return "ERR_NOT_ALLOWED", 500
    if not request.form.get("password1") == request.form.get("password2"):
        return "ERR_PASSWORDS_DIFFERENT", 500
    if result["email"] == "" or result["email"] is None:
        return "ERR_NO_EMAIL", 500
    dbconn.execute(
        "SELECT COUNT(*) AS num, time FROM mailreset WHERE people_id = %s",
        (result["id"], ))
    oldTokens = dbconn.fetchone()
    if oldTokens["num"] > 0:
        earliestCreation = datetime.datetime.now() - datetime.timedelta(days=1)
        if oldTokens["time"] >= earliestCreation:
            return "ERR_OPEN_RESET_REQUEST", 500
        else:
            dbconn.execute("DELETE FROM mailreset WHERE people_id = %s",
                           (result["id"], ))
            if not dbconn.commit():
                return "ERR_DATABASE_ERROR", 500
    token = es.randomString(128)
    dbconn.execute(
        "INSERT INTO mailreset (time, token, people_id, unix_hash, smb_hash) VALUES (NOW(), %s, %s, %s, %s)",
        (token, result["id"], hash.unix(request.form.get("password1")),
         hash.samba(request.form.get("password1"))))
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    mailstatus = email.sendResetEmail(result["email"], token,
                                      result["firstname"])
    if mailstatus == -1:
        return "ERR_SMTP_CONNECTION_REFUSED", 500
    elif mailstatus == -2:
        return "ERR_SMTP_CREDENTIALS_ERROR", 500
    elif mailstatus <= -3:
        return "ERR_OTHER_SMTP_ERROR", 500
    return "SUCCESS", 200
Esempio n. 2
0
def newPassword(id):
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dbconn = db.database()
    lu = ldap.users()
    dbconn.execute(
        "SELECT unix_hash FROM userpassword UP INNER JOIN people P ON UP.people_id = P.id WHERE P.id = %s",
        (id, ))
    result = dbconn.fetchone()
    if not passlib.hash.ldap_salted_sha1.verify(request.form.get("old"),
                                                result["unix_hash"]):
        return "ERR_AUTH_PASSWORD", 500
    if not request.form.get("new1") == request.form.get("new2"):
        return "ERR_PASSWORDS_DIFFERENT", 500
    dbconn.execute(
        "UPDATE userpassword SET unix_hash = %s, smb_hash = %s, hint = %s, autogen = 0, cleartext = NULL WHERE people_id = %s",
        (hash.unix(request.form.get("new1")),
         hash.samba(request.form.get("new1")), request.form.get("pwhint"), id))
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    if not lu.update(id) == 0:
        return "ERR_LDAP_ERROR", 500
    return "SUCCESS", 200
Esempio n. 3
0
def resetPassword(id):
    gMember = groupMembership()
    if not gMember.checkGroupMembership(current_user.username, "teachers"):
        return "ERR_NOT_ALLOWED", 403
    dbconn = database()
    pCheck = permissionCheck()
    permissions = pCheck.getForId(id)
    if "pwalwrst" not in permissions:
        return "ERR_NOT_ALLOWED", 403
    dbconn.execute("SELECT id FROM people WHERE username = %s", (current_user.username,))
    teacherResult = dbconn.fetchone()
    dbconn.execute("SELECT unix_hash FROM userpassword WHERE people_id = %s", (teacherResult["id"],))
    teacherPasswordResult = dbconn.fetchone()
    if not passlib.hash.ldap_salted_sha1.verify(request.form.get("passwd"), teacherPasswordResult["unix_hash"]):
        return "ERR_ACCESS_DENIED", 401
    if not request.form.get("password1") == request.form.get("password2"):
        return "ERR_PASSWORDS_DIFFERENT", 500
    dbconn.execute("UPDATE userpassword SET unix_hash = %s, smb_hash = %s, hint = %s, autogen = 0, cleartext = NULL WHERE people_id = %s", (hash.unix(request.form.get("password1")), hash.samba(request.form.get("password1")), request.form.get("hint"), id))
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    ldap = requests.post(url="http://pc_admin/api/public/usercheck/" + id)
    if not ldap.text == "SUCCESS":
        return "ERR_LDAP_ERROR", 500
    return "SUCCESS", 200
Esempio n. 4
0
def createUser():
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dir = directory.directory()
    if dir.exists(request.form.get("username"), "users"):
        return "ERR_FOLDER_EXISTS", 500
    dbconn = db.database()
    lu = ldap.users()
    lg = ldap.groups()
    id = idsrv.getNew()
    if not request.form.get("password") == request.form.get("password2"):
        return "ERR_PASSWORDS_DIFFERENT", 500
    try:
        short = request.form.get("short") if not request.form.get(
            "short") == "" and not request.form.get(
                "short").lower() == "null" else None
    except AttributeError:
        short = None
    persistant = 1 if request.form.get("persistant") else 0
    smb_homedir = "/home/users/" + request.form.get("username")
    sex = request.form.get("sex") if isinstance(request.form.get("sex"),
                                                int) else 0
    dbconn.execute(
        "INSERT INTO people (id, firstname, lastname, preferredname, sex, title, short, email, birthdate, username, smb_homedir, persistant) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
        (id, request.form.get("firstname"), request.form.get("lastname"),
         request.form.get("preferredname"), sex, request.form.get("title"),
         short, request.form.get("email"), request.form.get("birthdate"),
         request.form.get("username"), smb_homedir, persistant))
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    if not request.form.get("cleartext") is None:
        dbconn.execute(
            "INSERT INTO userpassword (people_id, unix_hash, smb_hash, hint, cleartext, autogen) VALUES (%s, %s, %s, %s, %s, 1)",
            (id, hash.unix(request.form.get("password")),
             hash.samba(request.form.get("password")),
             request.form.get("pwhint"), request.form.get("password")))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
    else:
        dbconn.execute(
            "INSERT INTO userpassword (people_id, unix_hash, smb_hash, hint, autogen) VALUES (%s, %s, %s, %s, 0)",
            (id, hash.unix(request.form.get("password")),
             hash.samba(
                 request.form.get("password")), request.form.get("pwhint")))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
    failed = False
    for group in json.loads(request.form.get("groups")):
        dbconn.execute(
            "INSERT INTO people_has_groups (people_id, group_id) VALUES (%s, %s)",
            (id, group))
        if not dbconn.commit():
            failed = True
        if not lg.addUser(id, group) == 0:
            failed = True
    if failed:
        return "ERR_DATABASE_ERROR", 500
    dircode = dir.create(request.form.get("username"), "users")
    if dircode == 0 and dir.setMode(request.form.get("username"), "users",
                                    "511"):  # 511 in octal gives 777
        if not lu.update(id) == 0:
            return "ERR_LDAP_ERROR", 500
        dbconn.execute("SELECT unix_userid FROM people WHERE id = %s LIMIT 1",
                       (id, ))
        result = dbconn.fetchone()
        if not dir.setOwner(request.form.get("username"), "users",
                            result["unix_userid"]):
            return "ERR_DATABASE_ERROR", 500
    elif dircode == -1:
        return "ERR_FOLDER_PLACE_INVALID", 500
    elif dircode == -4:
        return "ERR_FOLDER_EXISTS", 500
    else:
        return "ERR_CREATE_HOMEFOLDER", 500
    return "SUCCESS", 201
Esempio n. 5
0
def updatePassword():
    dbconn = database()
    dbconn.execute("SELECT id FROM people WHERE username = %s", (current_user.username,))
    result = dbconn.fetchone()
    if not request.form.get("password1") == request.form.get("password2"):
        return "ERR_PASSWORDS_DIFFERENT", 500
    dbconn.execute("UPDATE userpassword SET unix_hash = %s, smb_hash = %s, hint = %s, autogen = 0, cleartext = NULL WHERE people_id = %s", (hash.unix(request.form.get("password1")), hash.samba(request.form.get("password1")), request.form.get("hint"), result["id"]))
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    ldap = requests.post(url = "http://pc_admin/api/public/usercheck/" + result["id"])
    if not ldap.text == "SUCCESS":
        return "ERR_LDAP_ERROR", 500
    return "SUCCESS", 200