def ipa_connect(ipa_user, ipa_password, ipa_hostname):
"""
Connect and login to FreeIPA system with a secured
SSL connection.
"""
client = Client(ipa_hostname, version='2.215')
client.login(ipa_user, ipa_password)
return client
def add_user(user_name, first_name, last_name):
print("Adding User into IPA")
client = Client(IPA_SERVER_HOST, version='2.215')
client.login(IPA_ADMIN_USER, IPA_ADMIN_PASSWORD)
user = client.user_add(user_name, first_name, last_name,
"{} {}".format(first_name, last_name))
print user
def verify_user(uid):
form = RegisterForm(request.form)
user = User.query.filter_by(uuid=uid).first_or_404()
if request.method == "POST" and form.validate():
client = Client("ipa.freeside.co.uk",
verify_ssl=False,
version="2.215")
client.login("admin", app.config["IPA_PASSWORD"])
username = user.email.split("@")[0]
firstname = form.first_name.data
firstname = firstname.title()
lastname = username.split(".")[-1].title()
username = re.sub("[^a-zA-Z]+", "", username)
username = username.lower()
try:
ipauser = client.user_add(
username,
firstname,
lastname,
form.first_name.data + " " + lastname,
display_name=form.display_name.data,
mail=user.email,
preferred_language="EN",
random_pass=True,
)
except exceptions.DuplicateEntry:
flash("Account already exists.")
return render_template("layout.html")
print(ipauser["randompassword"])
client.change_password(username, form.password.data,
ipauser["randompassword"])
user.account_created = True
db.session.commit()
createHomeDir(username)
msg = Message("Welcome to Freeside", recipients=[user.email])
msg.html = render_template("emails/welcome.html",
firstname=firstname,
username=username)
with app.app_context():
mail.send(msg)
flash("Account created! Your username is: " + username)
return redirect(url_for("accounts.home"))
else:
if user.account_created is True:
flash("Account already verified!")
return redirect(url_for("accounts.home"))
else:
return render_template("complete_registration.html", form=form)
def initialize(self):
"""Initialize a connection to the IPA server.
:return: IPA connection object.
"""
try:
conn = Client(current_app.config['IPA_HOST'])
conn.login(current_app.config['IPA_USERNAME'],
current_app.config['IPA_PASSWORD'])
return conn
except freeipa.exceptions as e:
raise IPAException(self.error(e.args))
def valid_login(username, password):
'''
Tries to login and checks if user is member of admin-group
:param username: user trying to log in
:param password: user trying to log in
:return: True on valid credentials, false on faliure
'''
try:
client = Client(_config['ipa']['server'],
verify_ssl=True,
version=_config['ipa']['version'])
client.login(username, password)
return True
except Unauthorized:
return False
def login():
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
client = Client("ipa.freeside.co.uk", verify_ssl=False, version="2.215")
try:
uid = form.username.data
client.login(uid, form.password.data)
data = client.user_show(uid)
login_user(UserSession(uid, data))
flash("Logged in!")
return redirect("/")
except exceptions.Unauthorized:
flash("Invalid username or password")
except exceptions.NotFound:
flash("User not in database.")
return render_template("login.html", form=form)
def isAdmin(username, password):
'''
Checks if user is member of admin-group.
:param username: of the user to the checked
:param password: of the user to the checked
:return: True if admin, false otherwise
'''
try:
client = Client(_config['ipa']['server'],
verify_ssl=True,
version=_config['ipa']['version'])
client.login(username, password)
var = client.group_find(_config['ipa']['admin_group'])
return username in json.dumps(var)
except Unauthorized:
return False
try:
from settings import *
except:
from settings_default import *
fas = AccountSystem(
'https://admin.fedoraproject.org/accounts',
username=fas_user,
password=fas_pw,
)
instances = []
for instance in ipa_instances:
ipa = Client(host=instance, verify_ssl=ipa_ssl)
ipa.login(ipa_user, ipa_pw)
instances.append(ipa)
if not skip_group_creation:
# Start by creating groups
fas_groups = fas.send_request(
'/group/list',
req_params={'search': group_search},
auth=True,
timeout=240
)
fas_groups = [g for g in fas_groups['groups'] if g['name'] not in ignore_groups]
for group in progressbar.progressbar(fas_groups, redirect_stdout=True):
print(group['name'], end=' ')
def get_ipa_client():
client = Client(ipa_server, version='2.230', verify_ssl=False)
client.login(ipa_service_user, ipa_service_pass)
return client
#!/usr/bin/env python
# Adds and removes 10 test user accounts on the FreeIPA demo server
# Uses Python Fire library to generate a CLI for the TestUsers class
# Uses names library to generate randon user names
# Run with no arguments for usage help
import sys
import os
import fire
import names
from python_freeipa import Client, exceptions
client = Client("ipa.demo1.freeipa.org", version="2.215")
client.login("admin", "Secret123")
class TestUsers:
def add(self):
"""Generate and add test users to IPA and append the UIDs to a data file."""
datafile = open('userlist.txt', 'a')
for i in range(0, 10):
full_name = names.get_full_name()
username = full_name.lower().replace(" ", ".")
first_name = full_name.split()[0]
last_name = full_name.split()[1]
print("Adding user: {}".format(full_name))
client.user_add(username,
first_name,
last_name,
full_name,