def get_bound_ldapuser(request, password=None, username=None): """ Get LDAPUser with connection bound to the current user. Uses either provided password or the secondary password saved in session. """ if not username: username = request.user.username if not password: try: password = b64encode( cipher.decrypt(request.session['secondary_password'], 48)) except KeyError: raise OkupyError( 'Secondary password not available (no strong auth?)') bound_cls = LDAPUser.bind_as( alias='ldap_%s' % request.session.cache_key, username=username, password=password, ) try: return bound_cls.objects.get(username=username) except Exception as e: bound_cls.restore_alias() raise e
def get_bound_ldapuser(request, password=None, username=None): """ Get LDAPUser with connection bound to the current user. Uses either provided password or the secondary password saved in session. """ if not username: username = request.user.username if not password: try: password = b64encode(cipher.decrypt( request.session['secondary_password'], 48)) except KeyError: raise OkupyError( 'Secondary password not available (no strong auth?)') bound_cls = LDAPUser.bind_as( alias='ldap_%s' % request.session.cache_key, username=username, password=password, ) try: return bound_cls.objects.get(username=username) except Exception as e: bound_cls.restore_alias() raise e
def activate(request, token): """ The page that users get to activate their accounts It is in the form /activate/$TOKEN """ try: try: queued = Queue.objects.get(encrypted_id=token) except (Queue.DoesNotExist, OverflowError, TypeError, ValueError): raise OkupyError('Invalid URL') except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError("Can't contact the database") # get max uidNumber try: uidnumber = LDAPUser.objects.latest('uid').uid + 1 except LDAPUser.DoesNotExist: uidnumber = 1 except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError("Can't contact LDAP server") # add account to ldap new_user = LDAPUser( object_class=settings.AUTH_LDAP_USER_OBJECTCLASS, last_name=queued.last_name, full_name='%s %s' % (queued.first_name, queued.last_name), password=[ldap_md5_crypt.encrypt(queued.password)], first_name=queued.first_name, email=[queued.email], username=queued.username, uid=uidnumber, gid=100, gecos='%s %s' % (queued.first_name, queued.last_name), home_directory='/home/%s' % queued.username, ACL=['user.group'], ) new_user.save() # remove queued account from DB queued.delete() messages.success(request, "Your account has been activated successfully") except OkupyError as error: messages.error(request, str(error)) return redirect(login)
def activate(request, token): """ The page that users get to activate their accounts It is in the form /activate/$TOKEN """ try: try: queued = Queue.objects.get(encrypted_id=token) except (Queue.DoesNotExist, OverflowError, TypeError, ValueError): raise OkupyError('Invalid URL') except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError("Can't contact the database") # get max uidNumber try: uidnumber = LDAPUser.objects.latest('uid').uid + 1 except LDAPUser.DoesNotExist: uidnumber = 1 except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError("Can't contact LDAP server") # add account to ldap new_user = LDAPUser( object_class=settings.AUTH_LDAP_USER_OBJECTCLASS, last_name=queued.last_name, full_name='%s %s' % (queued.first_name, queued.last_name), password=[ldap_md5_crypt.encrypt(queued.password)], first_name=queued.first_name, email=[queued.email], username=queued.username, uid=uidnumber, gid=100, gecos='%s %s' % (queued.first_name, queued.last_name), home_directory='/home/%s' % queued.username, ACL=['user.group'], ) new_user.save() # remove queued account from DB queued.delete() messages.success( request, "Your account has been activated successfully") except OkupyError as error: messages.error(request, str(error)) return redirect(login)