def command(self): "run command" self.init() try: for option in ['username', 'password', 'email']: if getattr(self.options, option) is None: if option == 'password' and \ 'BARUWA_ADMIN_PASSWD' in os.environ and \ os.environ['BARUWA_ADMIN_PASSWD']: VeryFascistCheck(os.environ['BARUWA_ADMIN_PASSWD']) self.options.password = \ os.environ['BARUWA_ADMIN_PASSWD'] continue print "\nOption: %s is required\n" % option print self.parser.print_help() sys.exit(2) user = User(username=self.options.username, email=self.options.email) user.active = True user.timezone = self.options.timezone user.account_type = 1 user.local = True user.set_password(self.options.password) Session.add(user) Session.commit() print "Admin account %s created" % self.options.username except ValueError, message: print >> sys.stderr, "%s." % str(message)[3:] sys.exit(2)
def command(self): "run command" self.init() for option in ['username', 'password', 'email']: if getattr(self.options, option) is None: print "\nOption: %s is required\n" % option print self.parser.print_help() sys.exit(2) try: user = User(username=self.options.username, email=self.options.email) user.active = True user.timezone = self.options.timezone user.account_type = 1 user.local = True user.set_password(self.options.password) Session.add(user) Session.commit() print "Admin account %s created" % self.options.username except IntegrityError: Session.rollback() print >> sys.stderr, ("The user %s already exists" % self.options.username)
def loggedin(self): "Landing page" came_from = (unquote(str(request.params.get('came_from', ''))) or url('/')) if not self.identity: login_counter = request.environ['repoze.who.logins'] + 1 redirect(url('/accounts/login', came_from=came_from, __logins=login_counter)) userid = self.identity['repoze.who.userid'] user = self.identity['user'] if user is None: try: user = User(username=userid, email=userid) user.active = True local_part, domain = userid.split('@') domains = Session.query(Domain)\ .filter(Domain.name == domain)\ .all() user.domains = domains user.timezone = domains[0].timezone Session.add(user) Session.commit() msg = _('First time Login from external auth,' ' your local account was created') addresses = [] if ('tokens' in self.identity and 'ldap' in self.identity['tokens']): lsettings = Session.query(AuthServer.address, AuthServer.port, LDAPSettings.binddn, LDAPSettings.bindpw, LDAPSettings.usetls)\ .join(LDAPSettings)\ .join(Domain)\ .filter(AuthServer.enabled == True)\ .filter(Domain.name == domain)\ .all() lsettings = lsettings[0] lurl = make_ldap_uri(lsettings.address, lsettings.port) base_dn = get_user_dn(self.identity['tokens'][1]) attributes = ['sn', 'givenName', 'proxyAddresses', 'mail', 'memberOf'] ldapattributes = LDAPAttributes( lurl, base_dn, attributes=attributes, bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls ) ldapattributes() attrmap = { 'sn': 'lastname', 'givenName': 'firstname', 'mail': 'email', } update_attrs = False doms = [domains[0].name] doms.extend([alias.name for alias in domains[0].aliases]) for attr in attrmap: if attr == 'mail': for mailattr in ldapattributes[attr]: mailattr = mailattr.lower() if (mailattr != user.email and '@' in mailattr and mailattr.split('@')[1] in doms): address = Address(mailattr) address.user = user addresses.append(address) continue if attr in ldapattributes: setattr(user, attrmap[attr], ldapattributes[attr][0]) update_attrs = True if update_attrs: Session.add(user) Session.commit() # accounts aliases if 'proxyAddresses' in ldapattributes: for mailaddr in ldapattributes['proxyAddresses']: try: if mailaddr.startswith('SMTP:'): continue clean_addr = PROXY_ADDR_RE.sub('', mailaddr) clean_addr = clean_addr.lower() if (mailaddr.startswith('smtp:') and clean_addr.split('@')[1] in doms): # Only add domain if we host it address = Address(clean_addr) address.user = user addresses.append(address) except IndexError: pass # accounts groups if 'memberOf' in ldapattributes: for group_dn in ldapattributes['memberOf']: groupattributes = LDAPAttributes( lurl, group_dn, attributes=['proxyAddresses'], bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls ) groupattributes() if 'proxyAddresses' not in groupattributes: continue for mailaddr in groupattributes['proxyAddresses']: try: mailaddr = mailaddr.lower() clean_addr = PROXY_ADDR_RE.sub('', mailaddr) if (mailaddr.startswith('smtp:') and clean_addr.split('@')[1] in doms): address = Address(clean_addr) address.user = user addresses.append(address) except IndexError: pass else: for alias in domains[0].aliases: address = Address('%s@%s' % (local_part, alias.name)) address.user = user addresses.append(address) for unsaved in addresses: try: Session.add(unsaved) Session.commit() except IntegrityError: Session.rollback() except IntegrityError: Session.rollback() redirect(url('/logout')) except ldap.LDAPError: pass else: if not user.active: redirect(url('/logout')) msg = _('Login successful, Welcome back %(username)s !' % dict(username=userid)) user.last_login = now() Session.add(user) Session.commit() if user.is_peleb: for domain in user.domains: if check_language(domain.language): session['lang'] = domain.language session.save() break session['taskids'] = [] session.save() info = ACCOUNTLOGIN_MSG % dict(u=user.username) audit_log(user.username, 6, unicode(info), request.host, request.remote_addr, now()) flash(msg) redirect(url(came_from))
def setup_app(command, conf, variables): """Place any commands to setup baruwa here""" # Don't reload the app if it was loaded under the testing environment if not pylons.test.pylonsapp: load_environment(conf.global_conf, conf.local_conf) # Create the tables if they don't already exist print '-' * 100 log.info("Creating tables") Base.metadata.create_all(bind=Session.bind) basepath = os.path.dirname(os.path.dirname(__file__)) # Create the custom functions print '-' * 100 log.info("Creating custom functions") sqlfile = os.path.join(basepath, 'baruwa', 'config', 'sql', 'functions.sql') if os.path.exists(sqlfile): with open(sqlfile, 'r') as handle: sql = handle.read() try: conn = Session.connection() conn.execute(text(sql)) Session.commit() except ProgrammingError: Session.rollback() defaultserver = Session.query(Server)\ .filter(Server.hostname == 'default')\ .all() # Create the Mailscanner SQL config views print '-' * 100 log.info("Populating initial sql") sqlfile = os.path.join(basepath, 'baruwa', 'config', 'sql', 'integration.sql') if os.path.exists(sqlfile): with open(sqlfile, 'r') as handle: sql = handle.read() for sqlcmd in sql.split(';'): if sqlcmd: try: sqlcmd = "%s;" % sqlcmd Session.execute(text(sqlcmd)) Session.commit() except ProgrammingError: Session.rollback() if not defaultserver: log.info("Creating the default settings node") dfls = Server('default', True) Session.add(dfls) confserial = ConfigSettings('confserialnumber', 'ConfSerialNumber', 0) confserial.value = 1 confserial.server_id = 1 Session.add(confserial) Session.commit() log.info("Default settings node created !") admin = Session.query(User).filter(User.account_type==1).all() if not admin: def timeout_handler(signum, frame): raise TimeoutException() old_handler = signal.signal(signal.SIGALRM, timeout_handler) signal.alarm(30) try: create_user = raw_input('Do you want to configure ' 'an admin account? (Y/N): ') except (TimeoutException, EOFError): sys.exit(0) finally: signal.signal(signal.SIGALRM, old_handler) signal.alarm(0) if str(create_user).lower() == 'y': print '-' * 100 log.info("Creating initial admin account") value_map = {'username': True, 'password1': True, 'password2': True, 'firstname': False, 'lastname': False, 'email': True} values = {} def get_input(field, required): "Get user input" prompt = "Please enter the %s:" % field while 1: if field in ['password1', 'password2']: value = getpass.getpass(prompt=prompt) else: value = raw_input(prompt) if not required: break if required and value.strip() != "": if not field in ['email', 'password1', 'password2']: break if field == 'email': if not ADDRESS_RE.match(value): print "Please provide a valid email address." else: break if field == 'password1': try: cracklib.VeryFascistCheck(value) except ValueError, message: print str(message) else: break if field == 'password2': if values['password1'] == value: break else: print 'password2 does not match password1' return value for attr in value_map: value = get_input(attr, value_map[attr]) values[attr] = value user = User(values['username'], values['email']) for name in ['firstname', 'lastname']: if values[name]: setattr(user, name, values[name]) user.internal = True user.active = True user.local = True user.account_type = 1 user.set_password(values['password1']) Session.add(user) Session.commit()
def setup_app(command, conf, variables): """Place any commands to setup baruwa here""" # Don't reload the app if it was loaded under the testing environment if not pylons.test.pylonsapp: load_environment(conf.global_conf, conf.local_conf) # Create the tables if they don't already exist print '-' * 100 log.info("Creating tables") Base.metadata.create_all(bind=Session.bind) basepath = os.path.dirname(os.path.dirname(__file__)) # Create the custom functions print '-' * 100 log.info("Creating custom functions") sqlfile = os.path.join(basepath, 'baruwa', 'config', 'sql', 'functions.sql') if os.path.exists(sqlfile): with open(sqlfile, 'r') as handle: sql = handle.read() try: conn = Session.connection() conn.execute(text(sql)) Session.commit() except ProgrammingError: Session.rollback() defaultserver = Session.query(Server)\ .filter(Server.hostname == 'default')\ .all() # Create the Mailscanner SQL config views print '-' * 100 log.info("Populating initial sql") sqlfile = os.path.join(basepath, 'baruwa', 'config', 'sql', 'integration.sql') if os.path.exists(sqlfile): with open(sqlfile, 'r') as handle: sql = handle.read() for sqlcmd in sql.split(';'): if sqlcmd: try: sqlcmd = "%s;" % sqlcmd Session.execute(text(sqlcmd)) Session.commit() except ProgrammingError: Session.rollback() if not defaultserver: log.info("Creating the default settings node") dfls = Server('default', True) Session.add(dfls) confserial = ConfigSettings('confserialnumber', 'ConfSerialNumber', 0) confserial.value = 1 confserial.server_id = 1 Session.add(confserial) Session.commit() log.info("Default settings node created !") admin = Session.query(User).filter(User.account_type == 1).all() if not admin: def timeout_handler(signum, frame): raise TimeoutException() old_handler = signal.signal(signal.SIGALRM, timeout_handler) signal.alarm(30) try: create_user = raw_input('Do you want to configure ' 'an admin account? (Y/N): ') except (TimeoutException, EOFError): sys.exit(0) finally: signal.signal(signal.SIGALRM, old_handler) signal.alarm(0) if str(create_user).lower() == 'y': print '-' * 100 log.info("Creating initial admin account") value_map = { 'username': True, 'password1': True, 'password2': True, 'firstname': False, 'lastname': False, 'email': True } values = {} def get_input(field, required): "Get user input" prompt = "Please enter the %s:" % field while 1: if field in ['password1', 'password2']: value = getpass.getpass(prompt=prompt) else: value = raw_input(prompt) if not required: break if required and value.strip() != "": if not field in ['email', 'password1', 'password2']: break if field == 'email': if not ADDRESS_RE.match(value): print "Please provide a valid email address." else: break if field == 'password1': try: cracklib.VeryFascistCheck(value) except ValueError, message: print str(message) else: break if field == 'password2': if values['password1'] == value: break else: print 'password2 does not match password1' return value for attr in value_map: value = get_input(attr, value_map[attr]) values[attr] = value user = User(values['username'], values['email']) for name in ['firstname', 'lastname']: if values[name]: setattr(user, name, values[name]) user.internal = True user.active = True user.local = True user.account_type = 1 user.set_password(values['password1']) Session.add(user) Session.commit()
def loggedin(self): "Landing page" came_from = (unquote(str(request.params.get('came_from', ''))) or url('/')) if not self.identity: login_counter = request.environ['repoze.who.logins'] + 1 redirect( url('/accounts/login', came_from=came_from, __logins=login_counter)) userid = self.identity['repoze.who.userid'] user = self.identity['user'] if user is None: try: user = User(username=userid, email=userid) user.active = True local_part, domain = userid.split('@') domains = Session.query(Domain)\ .filter(Domain.name == domain)\ .all() user.domains = domains user.timezone = domains[0].timezone Session.add(user) Session.commit() msg = _('First time Login from external auth,' ' your local account was created') addresses = [] if ('tokens' in self.identity and 'ldap' in self.identity['tokens']): lsettings = Session.query(AuthServer.address, AuthServer.port, LDAPSettings.binddn, LDAPSettings.bindpw, LDAPSettings.usetls)\ .join(Domain)\ .filter(AuthServer.enabled == True)\ .filter(Domain.name == domain)\ .all() lsettings = lsettings[0] lurl = make_ldap_uri(lsettings.address, lsettings.port) base_dn = get_user_dn(self.identity['tokens'][1]) attributes = [ 'sn', 'givenName', 'proxyAddresses', 'mail', 'memberOf' ] ldapattributes = LDAPAttributes(lurl, base_dn, attributes=attributes, bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls) ldapattributes() attrmap = { 'sn': 'lastname', 'givenName': 'firstname', 'mail': 'email', } update_attrs = False doms = [domains[0].name] doms.extend([alias.name for alias in domains[0].aliases]) for attr in attrmap: if (attr == 'mail' and attr in ldapattributes and ldapattributes[attr][0] == user.email): # Dont update if user.email = directory.email continue if (attr == 'mail' and attr in ldapattributes and '@' in ldapattributes[attr][0]): # Update if email is hosted by us if ldapattributes[attr][0].split('@')[1] in doms: setattr(user, attrmap[attr], ldapattributes[attr][0]) update_attrs = True continue if attr in ldapattributes: setattr(user, attrmap[attr], ldapattributes[attr][0]) update_attrs = True if update_attrs: Session.add(user) Session.commit() # accounts aliases if 'proxyAddresses' in ldapattributes: for mailaddr in ldapattributes['proxyAddresses']: try: if mailaddr.startswith('SMTP:'): continue if (mailaddr.startswith('smtp:') and mailaddr.strip('smtp:').lsplit('@')[1] in doms): # Only add domain if we host it address = Address( PROXY_ADDR_RE.sub('', mailaddr)) address.user = user addresses.append(address) except IndexError: pass # accounts groups if 'memberOf' in ldapattributes: for group_dn in ldapattributes['memberOf']: groupattributes = LDAPAttributes( lurl, group_dn, attributes=['proxyAddresses'], bind_dn=lsettings.binddn, bind_pass=lsettings.bindpw, start_tls=lsettings.usetls) groupattributes() for mailaddr in groupattributes['proxyAddresses']: try: mailaddr = mailaddr.lower() if (mailaddr.startswith('smtp:') and mailaddr.lstrip('smtp:').split( '@')[1] in doms): address = Address( PROXY_ADDR_RE.sub('', mailaddr)) address.user = user addresses.append(address) except IndexError: pass else: for alias in domains[0].aliases: address = Address('%s@%s' % (local_part, alias.name)) address.user = user addresses.append(address) for unsaved in addresses: try: Session.add(unsaved) Session.commit() except IntegrityError: Session.rollback() except IntegrityError: Session.rollback() redirect(url('/logout')) else: msg = _('Login successful, Welcome back %(username)s !' % dict(username=userid)) user.last_login = now() Session.add(user) Session.commit() if user.is_peleb: for domain in user.domains: if check_language(domain.language): session['lang'] = domain.language session.save() break session['taskids'] = [] session.save() info = ACCOUNTLOGIN_MSG % dict(u=user.username) audit_log(user.username, 6, info, request.host, request.remote_addr, now()) flash(msg) redirect(url(came_from))