def modify_ldap_password(request):
"""
Modifies the password for an LDAP account.
Requires POST.
"""
errors = {}
if request.method == 'POST':
form = ModifyLdapPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
where = 'WHERE'
where+= ' ( lower(id_rec.lastname) = "{}" )'.format(
data['sn'].lower()
)
where+= ' AND'
where+= '''
(profile_rec.birth_date = "{}"
'''.format(data['carthageDob'].strftime('%m/%d/%Y'))
where+= ' OR profile_rec.birth_date is null)'
where+= ' AND'
where+= '''
SUBSTRING(id_rec.ss_no FROM 8 FOR 4) = "{}"
'''.format(data['ssn'])
sql = CONFIRM_USER + where
results = do_sql(sql, key=settings.INFORMIX_DEBUG)
try:
objects = results.fetchall()
except:
objects = ''
if len(objects) == 1:
# initial the ldap manager
# we have to use the PWM server here
l = LDAPManager(
protocol=settings.LDAP_PROTOCOL_PWM,
server=settings.LDAP_SERVER_PWM,
port=settings.LDAP_PORT_PWM,
user=settings.LDAP_USER_PWM,
password=settings.LDAP_PASS_PWM,
base=settings.LDAP_BASE_PWM
)
search = l.search(objects[0].id)
if search:
# now modify password
# modify_s() returns a tuple with status code
# and an empty list: (103, [])
try:
status = l.modify(
search[0][0], 'userPassword',
data['userPassword']
)
# success = 103
if status[0] == 103:
# success
request.session['ldap_password_success'] = True
# Get the user record or create one with no privileges.
try:
user = User.objects.get(
username__exact=search[0][1]['cn'][0]
)
except:
# Create a User object.
user = l.dj_create(search)
# authenticate user
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
return HttpResponseRedirect(
reverse_lazy('alumni_directory_home')
)
except Exception as e:
# log it for later
ldap_logger.debug('ldap error: {}\n{}'.format(e,data))
if '16019' in str(e):
error = """
There was an error creating your account. Verify that
your password does not contain any English words like
the names of months, colors, etc.
"""
else:
error = """
There was an error creating your account. Verify that
your passwords meet the criteria.
"""
messages.add_message(
request, messages.ERROR, error, extra_tags='alert alert-danger'
)
else:
# fail
errors['ldap'] = "We failed to update your password."
else:
errors['ldap'] = "We failed to find your Alumni account."
else:
errors['informix'] = "We could not find you in the database."
else:
form = ModifyLdapPasswordForm()
return render(
request,
'registration/modify_ldap_password.html',
{'form':form,'errors':errors}
)
