def user_overview(username):
title = "User details - %s" % username
if not ldap_user_exists(username=username):
abort(404)
identity_fields = [('givenName', "First name"),
('sn', "Last name"),
('displayName', "Display name"),
('sAMAccountName', "User name"),
('mail', "E-mail address"),
('___primary_group', "Primary group")]
group_fields = [('sAMAccountName', "Name"),
('description', "Description")]
admin = ldap_in_group("Domain Admins")
user = ldap_get_user(username=username)
group_details = [ldap_get_group(group, 'distinguishedName')
for group in ldap_get_membership(username)]
user['___primary_group'] = group_details[0]['sAMAccountName']
groups = sorted(group_details, key=lambda entry:
entry['sAMAccountName'])
return render_template("pages/user_overview.html", g=g, title=title,
user=user, identity_fields=identity_fields,
group_fields=group_fields,
admin=admin, groups=groups,
uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)
def user_overview(username):
title = "User details - %s" % username
if not ldap_user_exists(username=username):
abort(404)
identity_fields = [('givenName', "First name"), ('sn', "Last name"),
('displayName', "Display name"),
('sAMAccountName', "User name"),
('mail', "E-mail address"),
('___primary_group', "Primary group")]
group_fields = [('sAMAccountName', "Name"),
('description', "Description")]
admin = ldap_in_group("Domain Admins")
user = ldap_get_user(username=username)
group_details = [
ldap_get_group(group, 'distinguishedName')
for group in ldap_get_membership(username)
]
user['___primary_group'] = group_details[0]['sAMAccountName']
groups = sorted(group_details,
key=lambda entry: entry['sAMAccountName'])
return render_template("pages/user_overview.html",
g=g,
title=title,
user=user,
identity_fields=identity_fields,
group_fields=group_fields,
admin=admin,
groups=groups,
uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)
def group_overview(groupname):
title = "Group details - %s" % groupname
if not ldap_group_exists(groupname=groupname):
abort(404)
identity_fields = [('sAMAccountName', "Name"),
('description', "Description")]
group_fields = [('sAMAccountName', "Name"),
('description', "Description")]
group = ldap_get_group(groupname=groupname)
admin = ldap_in_group("Domain Admins") and not group['groupType'] & 1
group_details = [ldap_get_group(entry, 'distinguishedName')
for entry in ldap_get_membership(groupname)]
groups = sorted(group_details, key=lambda entry:
entry['sAMAccountName'])
member_list = []
for entry in ldap_get_members(groupname):
member = ldap_get_entry_simple({'distinguishedName': entry})
if 'sAMAccountName' not in member:
continue
member_list.append(member)
members = sorted(member_list, key=lambda entry:
entry['sAMAccountName'])
return render_template("pages/group_overview.html", g=g, title=title,
group=group, identity_fields=identity_fields,
group_fields=group_fields, admin=admin,
groups=groups, members=members,
grouptype_values=LDAP_AD_GROUPTYPE_VALUES)
def tree_base(base=None):
if not base:
base = g.ldap['dn']
elif not base.lower().endswith(g.ldap['dn'].lower()):
base += ",%s" % g.ldap['dn']
admin = ldap_in_group("Domain Admins")
entry_fields = [('name', "Name"),
('__description', "Description"),
('__type', "Type")]
entries = []
for entry in sorted(ldap_get_entries("objectClass=top", base,
"onelevel"), key=lambda entry: entry['name']):
if not 'description' in entry:
if 'displayName' in entry:
entry['__description'] = entry['displayName']
else:
entry['__description'] = entry['description']
entry['__target'] = url_for('tree_base',
base=entry['distinguishedName'])
if 'user' in entry['objectClass']:
entry['__type'] = "User"
entry['__target'] = url_for('user_overview',
username=entry['sAMAccountName'])
elif 'group' in entry['objectClass']:
entry['__type'] = "Group"
entry['__target'] = url_for('group_overview',
groupname=entry['sAMAccountName'])
elif 'organizationalUnit' in entry['objectClass']:
entry['__type'] = "Organizational Unit"
elif 'container' in entry['objectClass']:
entry['__type'] = "Container"
elif 'builtinDomain' in entry['objectClass']:
entry['__type'] = "Built-in"
else:
entry['__type'] = "Unknown"
if 'showInAdvancedViewOnly' in entry \
and entry['showInAdvancedViewOnly']:
continue
for blacklist in TREE_BLACKLIST:
if entry['distinguishedName'].startswith(blacklist):
break
else:
entries.append(entry)
parent = None
base_split = base.split(',')
if not base_split[0].lower().startswith("dc"):
parent = ",".join(base_split[1:])
return render_template("pages/tree_base.html", parent=parent,
admin=admin, base=base, entries=entries,
entry_fields=entry_fields)
def group_overview(groupname):
title = "Group details - %s" % groupname
if not ldap_group_exists(groupname=groupname):
abort(404)
identity_fields = [('sAMAccountName', "Name"),
('description', u"Description")]
group_fields = [('sAMAccountName', "Name"),
('description', u"Description")]
group = ldap_get_group(groupname=groupname)
admin = ldap_in_group(
Settings.ADMIN_GROUP) and not group['groupType'] & 1
group_details = [
ldap_get_group(entry, 'distinguishedName')
for entry in ldap_get_membership(groupname)
]
group_details = list(filter(None, group_details))
groups = sorted(group_details,
key=lambda entry: entry['sAMAccountName'])
member_list = []
for entry in ldap_get_members(groupname):
member = ldap_get_entry_simple({'distinguishedName': entry})
if 'sAMAccountName' not in member:
continue
member_list.append(member)
members = sorted(member_list,
key=lambda entry: entry['sAMAccountName'])
parent = ",".join(group['distinguishedName'].split(',')[1:])
return render_template("pages/group_overview_es.html",
g=g,
title=title,
group=group,
identity_fields=identity_fields,
group_fields=group_fields,
admin=admin,
groups=groups,
members=members,
parent=parent,
grouptype_values=LDAP_AD_GROUPTYPE_VALUES)
def tree_base(base=None):
if not base:
base = g.ldap['dn']
elif not base.lower().endswith(g.ldap['dn'].lower()):
base += ",%s" % g.ldap['dn']
admin = ldap_in_group(Settings.ADMIN_GROUP)
if not admin:
abort(401)
else:
entry_fields = [('name', "Name"),
('__description', u"Login/Description")]
if Settings.TREE_ATTRIBUTES:
for item in Settings.TREE_ATTRIBUTES:
entry_fields.append((item[0], item[1]))
form = FilterTreeView(request.form)
if form.validate_on_submit():
filter_str = form.filter_str.data
filter_select = form.filter_select.data
scope = "subtree"
entries = get_entries(filter_str, filter_select, base, scope)
else:
filter_str = None
scope = "onelevel"
entries = get_entries("top", "objectClass", base, scope)
parent = None
base_split = base.split(',')
if not base_split[0].lower().startswith("dc"):
parent = ",".join(base_split[1:])
return render_template("pages/tree_base_es.html",
form=form,
parent=parent,
admin=admin,
base=base,
entries=entries,
entry_fields=entry_fields)
def user_changepw(username):
title = "Change password"
if not ldap_user_exists(username=username):
abort(404)
admin = ldap_in_group("Domain Admins")
if username != g.ldap['username'] and admin:
form = PasswordChange(request.form)
form.visible_fields = []
else:
form = PasswordChangeUser(request.form)
form.visible_fields = [form.oldpassword]
form.visible_fields += [form.password, form.password_confirm]
if form.validate_on_submit():
try:
if username != g.ldap['username'] and admin:
ldap_change_password(None,
form.password.data,
username=username)
else:
ldap_change_password(form.oldpassword.data,
form.password.data,
username=username)
flash("Password changed successfuly.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Change password",
parent=url_for('user_overview',
username=username))
def user_changepw(username):
title = u"Change Password"
if not ldap_user_exists(username=username):
abort(404)
admin = ldap_in_group(Settings.ADMIN_GROUP)
if username != g.ldap['username'] and admin:
form = PasswordChange(request.form)
form.visible_fields = []
else:
form = PasswordChangeUser(request.form)
form.visible_fields = [form.oldpassword]
form.visible_fields += [form.password, form.password_confirm]
if form.validate_on_submit():
try:
if username != g.ldap['username'] and admin:
ldap_change_password(None,
form.password.data,
username=username)
else:
ldap_change_password(form.oldpassword.data,
form.password.data,
username=username)
flash(u"The password was changed successfully.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action=u"Change Password",
parent=url_for('user_overview',
username=username))
def user_changepw(username):
title = "Change password"
if not ldap_user_exists(username=username):
abort(404)
admin = ldap_in_group("Domain Admins")
if username != g.ldap['username'] and admin:
form = PasswordChange(request.form)
form.visible_fields = []
else:
form = PasswordChangeUser(request.form)
form.visible_fields = [form.oldpassword]
form.visible_fields += [form.password, form.password_confirm]
if form.validate_on_submit():
try:
if username != g.ldap['username'] and admin:
ldap_change_password(None,
form.password.data,
username=username)
else:
ldap_change_password(form.oldpassword.data,
form.password.data,
username=username)
flash("Password changed successfuly.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html", form=form, title=title,
action="Change password",
parent=url_for('user_overview',
username=username))
def tree_base(base=None):
if not base:
base = g.ldap['dn']
elif not base.lower().endswith(g.ldap['dn'].lower()):
base += ",%s" % g.ldap['dn']
admin = ldap_in_group("Domain Admins")
entry_fields = [('name', "Name"), ('__description', "Description"),
('__type', "Type")]
entries = []
for entry in sorted(ldap_get_entries("objectClass=top", base,
"onelevel"),
key=lambda entry: entry['name']):
if 'description' not in entry:
if 'displayName' in entry:
entry['__description'] = entry['displayName']
else:
entry['__description'] = entry['description']
entry['__target'] = url_for('tree_base',
base=entry['distinguishedName'])
if 'user' in entry['objectClass']:
entry['__type'] = "User"
entry['__target'] = url_for('user_overview',
username=entry['sAMAccountName'])
elif 'group' in entry['objectClass']:
entry['__type'] = "Group"
entry['__target'] = url_for('group_overview',
groupname=entry['sAMAccountName'])
elif 'organizationalUnit' in entry['objectClass']:
entry['__type'] = "Organizational Unit"
elif 'container' in entry['objectClass']:
entry['__type'] = "Container"
elif 'builtinDomain' in entry['objectClass']:
entry['__type'] = "Built-in"
else:
entry['__type'] = "Unknown"
if 'showInAdvancedViewOnly' in entry \
and entry['showInAdvancedViewOnly']:
continue
for blacklist in TREE_BLACKLIST:
if entry['distinguishedName'].startswith(blacklist):
break
else:
entries.append(entry)
parent = None
base_split = base.split(',')
if not base_split[0].lower().startswith("dc"):
parent = ",".join(base_split[1:])
return render_template("pages/tree_base.html",
parent=parent,
admin=admin,
base=base,
entries=entries,
entry_fields=entry_fields)
def user_overview(username):
title = "User details - %s" % username
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
admin = ldap_in_group(Settings.ADMIN_GROUP)
logged_user = g.ldap['username']
if logged_user == user['sAMAccountName'] or admin:
identity_fields = [('givenName', "Name"), ('sn', "Last Name"),
('displayName', "Full Name"),
('name', "Registry Name"),
('sAMAccountName', "Username"),
('mail', u"Email address")]
if 'title' in user:
identity_fields.append(('title', "Occupation"))
if 'telephoneNumber' in user:
identity_fields.append(('telephoneNumber', "Telephone"))
if Settings.USER_ATTRIBUTES:
for item in Settings.USER_ATTRIBUTES:
if item[0] in user:
if len(item) == 3 and item[2] == 'time':
datetime_field = (user[item[0]][6:8] + '/' +
user[item[0]][4:6] + '/' +
user[item[0]][0:4] + ' ' +
user[item[0]][8:10] + ':' +
user[item[0]][10:12] + ':' +
user[item[0]][12:14])
datetime_field = datetime.strptime(
datetime_field, '%d/%m/%Y %H:%M:%S')
user[item[0]] = datetime_field.astimezone(
timezone(Settings.TIMEZONE))
if item[0] == 'jpegPhoto':
imgbase64 = base64.b64encode(
user[item[0]]).decode()
user[item[
0]] = 'data:image/jpeg;base64,' + imgbase64
identity_fields.append((item[0], item[1]))
group_fields = [('sAMAccountName', "Name"),
('description', u"Description")]
user = ldap_get_user(username=username)
group_details = []
for group in ldap_get_membership(username):
group_details.append(ldap_get_group(group,
'distinguishedName'))
# group_details = [ldap_get_group(group, 'distinguishedName') for group in ldap_get_membership(username)]
group_details = list(filter(None, group_details))
groups = sorted(group_details,
key=lambda entry: entry['sAMAccountName'])
siccip_data = None
if 'pager' in user:
siccip_data = get_parsed_pager_attribute(user['pager'])
print(siccip_data)
available_groups = ldap_get_entries(
ldap_filter="(objectclass=group)", scope="subtree")
group_choices = [("_", "Select a Group")]
for group_entry in available_groups:
if not ldap_in_group(group_entry['sAMAccountName'], username):
group_choices += [(group_entry['distinguishedName'],
group_entry['sAMAccountName'])]
form = UserAddGroup(request.form)
form.available_groups.choices = group_choices
if not form.is_submitted():
form.available_groups.data = "_"
if form.validate_on_submit():
try:
group_to_add = form.available_groups.data
if group_to_add == "_":
flash(
u"You must choose a group from the drop-down list.",
"error")
else:
group = ldap_get_entry_simple({
'objectClass':
'group',
'distinguishedName':
group_to_add
})
if 'member' in group:
entries = set(group['member'])
else:
entries = set()
entries.add(user['distinguishedName'])
ldap_update_attribute(group_to_add, "member",
list(entries))
flash(u"User successfully added to group.", "success")
return redirect(url_for('user_overview',
username=username))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
parent = ",".join(user['distinguishedName'].split(',')[1:])
else:
abort(401)
return render_template("pages/user_overview_es.html",
g=g,
title=title,
form=form,
user=user,
identity_fields=identity_fields,
group_fields=group_fields,
admin=admin,
groups=groups,
siccip_data=siccip_data,
parent=parent,
uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)
