def GET(self): form = web.input(_unicode=False) is_api_login = False # check if trying API Login with GET Method try: if form.get('key', '').strip() != "" and form.get( 'key', '').strip() != None: is_api_login = True api_key = str(form.get('key', '').strip()) else: is_api_login = False except AttributeError: raise web.seeother('/api?msg=Something_Went_Wrong_E:AuthAPIChk') # return if trying API Login with GET Method if is_api_login: raise web.seeother( '/api?msg=Login_with_API_KEY_must_be_via_POST_method') if not session.get('logged'): form = web.input(_unicode=False) if not iredutils.is_allowed_admin_login_ip(client_ip=web.ctx.ip): return web.render('error_without_login.html', error='NOT_ALLOWED_IP') # Show login page. return web.render('login.html', languagemaps=iredutils.get_language_maps(), msg=form.get('msg')) else: if settings.REDIRECT_TO_DOMAIN_LIST_AFTER_LOGIN: raise web.seeother('/domains') else: raise web.seeother('/dashboard')
def GET(self): form = web.input() return web.render('sql/domain/create.html', preferred_language=settings.default_language, languagemaps=iredutils.get_language_maps(), timezones=TIMEZONES, msg=form.get('msg'))
def GET(self): form = web.input() return web.render('sql/admin/create.html', languagemaps=iredutils.get_language_maps(), default_language=settings.default_language, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, password_policies=iredutils.get_password_policies(), msg=form.get('msg'))
def GET(self): form = web.input() domain = form_utils.get_domain_name(form=form) return web.render('ldap/domain/create.html', preferred_language=settings.default_language, languagemaps=iredutils.get_language_maps(), timezones=TIMEZONES, domainName=domain, msg=form.get('msg'))
def GET(self, domain): domain = str(domain).lower() form = web.input() # Get all managed domains. _wrap = SQLWrap() conn = _wrap.conn if session.get('is_global_admin'): qr = sql_lib_domain.get_all_domains(conn=conn, name_only=True) else: qr = sql_lib_admin.get_managed_domains( conn=conn, admin=session.get('username'), domain_name_only=True) if qr[0] is True: all_domains = qr[1] else: raise web.seeother('/domains?msg=' + web.urlquote(qr[1])) # Get domain profile. qr_profile = sql_lib_domain.simple_profile(domain=domain, conn=conn) if qr_profile[0] is True: domain_profile = qr_profile[1] domain_settings = sqlutils.account_settings_string_to_dict( domain_profile['settings']) else: raise web.seeother('/domains?msg=%s' % web.urlquote(qr_profile[1])) # Cet total number and allocated quota size of existing users under domain. num_users_under_domain = sql_lib_general.num_users_under_domain( domain=domain, conn=conn) min_passwd_length = domain_settings.get('min_passwd_length', settings.min_passwd_length) max_passwd_length = domain_settings.get('max_passwd_length', settings.max_passwd_length) return web.render( 'sql/user/create.html', cur_domain=domain, allDomains=all_domains, profile=domain_profile, domain_settings=domain_settings, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, store_password_in_plain_text=settings.STORE_PASSWORD_IN_PLAIN_TEXT, num_existing_users=num_users_under_domain, languagemaps=iredutils.get_language_maps(), password_policies=iredutils.get_password_policies(), msg=form.get('msg'), )
def ldif_mailadmin(mail, passwd, cn, account_status=None, preferred_language=None, account_setting=None, disabled_services=None): """Generate LDIF used to create a standalone domain admin account. :param mail: full email address. The mail domain cannot be one of locally hosted domain. :param passwd: hashed password string :param cn: the display name of this admin :param account_status: account status (active, disabled) :param preferred_language: short code of preferred language. e.g. en_US. :param is_global_admin: mark this admin as a global admin (yes, no) :param account_setting: a dict of per-account settings. :param disabled_services: a list/tupe/set of disabled services. """ mail = web.safestr(mail).lower() if account_status not in ['active', 'disabled']: account_status = 'disabled' ldif = ldaputils.attrs_ldif({ 'objectClass': 'mailAdmin', 'mail': mail, 'userPassword': passwd, 'accountStatus': account_status, 'domainGlobalAdmin': 'yes', 'shadowLastChange': ldaputils.get_days_of_shadow_last_change(), 'cn': cn, 'disabledService': disabled_services, }) if preferred_language: if preferred_language in iredutils.get_language_maps(): ldif += ldaputils.attr_ldif("preferredLanguage", preferred_language) if account_setting and isinstance(account_setting, dict): _as = ldaputils.account_setting_dict_to_list(account_setting) ldif += ldaputils.attr_ldif("accountSetting", _as) return ldif
def GET(self, profile_type, domain): form = web.input() domain = web.safestr(domain).lower() _wrap = LDAPWrap() conn = _wrap.conn qr = ldap_lib_domain.get_profile(domain=domain, conn=conn) if not qr[0]: raise web.seeother('/domains?msg=' + web.urlquote(qr[1])) domain_profile = qr[1]['ldif'] r = ldap_lib_domain.list_accounts(attributes=['domainName'], conn=conn) if r[0] is True: all_domains = r[1] else: return r domain_account_settings = ldaputils.get_account_setting_from_profile( domain_profile) (min_passwd_length, max_passwd_length) = ldap_lib_general.get_domain_password_lengths( domain=domain, account_settings=domain_account_settings, fallback_to_global_settings=False) # Get settings from db. _settings = iredutils.get_settings_from_db( params=['min_passwd_length', 'max_passwd_length']) global_min_passwd_length = _settings['min_passwd_length'] global_max_passwd_length = _settings['max_passwd_length'] return web.render( 'ldap/domain/profile.html', cur_domain=domain, allDomains=all_domains, domain_account_settings=domain_account_settings, profile=domain_profile, profile_type=profile_type, global_min_passwd_length=global_min_passwd_length, global_max_passwd_length=global_max_passwd_length, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, timezones=TIMEZONES, default_mta_transport=settings.default_mta_transport, languagemaps=iredutils.get_language_maps(), msg=form.get('msg', None), )
def GET(self): if not session.get('logged'): form = web.input(_unicode=False) if not iredutils.is_allowed_admin_login_ip(client_ip=web.ctx.ip): return web.render('error_without_login.html', error='NOT_ALLOWED_IP') # Show login page. return web.render('login.html', languagemaps=iredutils.get_language_maps(), msg=form.get('msg')) else: if settings.REDIRECT_TO_DOMAIN_LIST_AFTER_LOGIN: raise web.seeother('/domains') else: raise web.seeother('/dashboard')
def GET(self): form = web.input() db_settings = iredutils.get_settings_from_db() min_passwd_length = db_settings['min_passwd_length'] max_passwd_length = db_settings['max_passwd_length'] password_policies = iredutils.get_password_policies( db_settings=db_settings) return web.render('ldap/admin/create.html', languagemaps=iredutils.get_language_maps(), default_language=settings.default_language, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, password_policies=password_policies, msg=form.get('msg'))
def GET(self, domain): domain = str(domain).lower() form = web.input() _wrap = LDAPWrap() conn = _wrap.conn _attrs = ['domainName', 'accountSetting', 'domainCurrentQuotaSize'] result = ldap_lib_domain.list_accounts(attributes=_attrs, conn=conn) if result[0] is True: allDomains = result[1] # Get accountSetting of current domain. allAccountSettings = ldaputils.get_account_settings_from_qr( allDomains) domainAccountSetting = allAccountSettings.get(domain, {}) defaultUserQuota = ldap_lib_domain.get_default_user_quota( domain=domain, domain_account_setting=domainAccountSetting) else: raise web.seeother('/domains?msg=' + web.urlquote(result[1])) # Get number of account limit. numberOfCurrentAccounts = ldap_lib_general.num_users_under_domain( domain=domain, conn=conn) (min_passwd_length, max_passwd_length) = ldap_lib_general.get_domain_password_lengths( domain=domain, account_settings=domainAccountSetting, fallback_to_global_settings=True, ) return web.render( 'ldap/user/create.html', cur_domain=domain, allDomains=allDomains, defaultUserQuota=defaultUserQuota, domainAccountSetting=domainAccountSetting, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, store_password_in_plain_text=settings.STORE_PASSWORD_IN_PLAIN_TEXT, password_policies=iredutils.get_password_policies(), numberOfCurrentAccounts=numberOfCurrentAccounts, languagemaps=iredutils.get_language_maps(), msg=form.get('msg'))
def GET(self, profile_type, domain): form = web.input() domain = web.safestr(domain.split('/', 1)[0]) profile_type = web.safestr(profile_type) #check if admin asking for details of correct domain admins_of_domain = sql_lib_domain.get_domain_admin_addresses( domain=domain)[1] if session.get('username') not in admins_of_domain and not session.get( 'is_global_admin'): raise web.seeother( '/domains?msg=PERMISSION_DENIED_TRYING_TO_ACCESS_OUT_OF_BOUND_DOMAIN' ) _wrap = SQLWrap() conn = _wrap.conn result = sql_lib_domain.profile(conn=conn, domain=domain) if result[0] is not True: raise web.seeother('/domains?msg=' + web.urlquote(result[1])) domain_profile = result[1] # Get settings from db. _settings = iredutils.get_settings_from_db( params=['min_passwd_length', 'max_passwd_length']) global_min_passwd_length = _settings['min_passwd_length'] global_max_passwd_length = _settings['max_passwd_length'] return web.render( 'sql/domain/profile.html', cur_domain=domain, profile_type=profile_type, profile=domain_profile, default_mta_transport=settings.default_mta_transport, domain_settings=sqlutils.account_settings_string_to_dict( domain_profile['settings']), global_min_passwd_length=global_min_passwd_length, global_max_passwd_length=global_max_passwd_length, timezones=TIMEZONES, # Language languagemaps=iredutils.get_language_maps(), msg=form.get('msg'), )
def GET(self): form = web.input() _wrap = SQLWrap() conn = _wrap.conn all_domains = sql_lib_domain.get_all_domains(conn=conn, name_only=True) if all_domains[0]: all_domains = all_domains[1] else: all_domains = [] return web.render('sql/admin/create.html', languagemaps=iredutils.get_language_maps(), domains=all_domains, default_language=settings.default_language, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, password_policies=iredutils.get_password_policies(), msg=form.get('msg'))
def POST(self): # Get username, password. form = web.input(_unicode=False) username = form.get('username', '').strip().lower() password = str(form.get('password', '').strip()) # Auth as domain admin _wrap = SQLWrap() conn = _wrap.conn auth_result = auth.auth(conn=conn, username=username, password=password, account_type='admin') if auth_result[0] is True: log_activity(msg="Admin login success", event='login') # Save selected language selected_language = str(form.get('lang', '')).strip() if selected_language != web.ctx.lang and \ selected_language in iredutils.get_language_maps(): session['lang'] = selected_language account_settings = auth_result[1].get('account_settings', {}) if (not session.get('is_global_admin') ) and 'create_new_domains' in account_settings: session['create_new_domains'] = True for k in [ 'disable_viewing_mail_log', 'disable_managing_quarantined_mails' ]: if account_settings.get(k) == 'yes': session[k] = True if settings.REDIRECT_TO_DOMAIN_LIST_AFTER_LOGIN: raise web.seeother('/domains') else: raise web.seeother('/dashboard?checknew') else: raise web.seeother('/login?msg=INVALID_CREDENTIALS')
def GET(self, profile_type, domain): form = web.input() domain = web.safestr(domain.split('/', 1)[0]) profile_type = web.safestr(profile_type) _wrap = SQLWrap() conn = _wrap.conn result = sql_lib_domain.profile(conn=conn, domain=domain) if result[0] is not True: raise web.seeother('/domains?msg=' + web.urlquote(result[1])) domain_profile = result[1] # Get settings from db. _settings = iredutils.get_settings_from_db( params=['min_passwd_length', 'max_passwd_length']) global_min_passwd_length = _settings['min_passwd_length'] global_max_passwd_length = _settings['max_passwd_length'] return web.render( 'sql/domain/profile.html', cur_domain=domain, profile_type=profile_type, profile=domain_profile, default_mta_transport=settings.default_mta_transport, domain_settings=sqlutils.account_settings_string_to_dict( domain_profile['settings']), global_min_passwd_length=global_min_passwd_length, global_max_passwd_length=global_max_passwd_length, timezones=TIMEZONES, # Language languagemaps=iredutils.get_language_maps(), msg=form.get('msg'), )
def GET(self, profile_type, mail): mail = str(mail).lower() form = web.input() if not (session.get('is_global_admin') or session.get('username') == mail): # Don't allow to view/update others' profile. raise web.seeother( '/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username')) _wrap = SQLWrap() conn = _wrap.conn is_global_admin = sql_lib_general.is_global_admin(admin=mail, conn=conn) result = sql_lib_admin.get_profile(mail=mail, conn=conn) if result[0] is True: profile = result[1] qr = sql_lib_general.get_admin_settings(admin=mail, conn=conn) if qr[0]: admin_settings = qr[1] else: return qr # Get all domains. all_domains = [] qr_all_domains = sql_lib_domain.get_all_domains(conn=conn) if qr_all_domains[0] is True: all_domains = qr_all_domains[1] # Get managed domains. managed_domains = [] qr = sql_lib_admin.get_managed_domains(conn=conn, admin=mail, domain_name_only=True, listed_only=True) if qr[0] is True: managed_domains += qr[1] return web.render( 'sql/admin/profile.html', mail=mail, profile_type=profile_type, is_global_admin=is_global_admin, profile=profile, admin_settings=admin_settings, languagemaps=iredutils.get_language_maps(), allDomains=all_domains, managedDomains=managed_domains, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, store_password_in_plain_text=settings. STORE_PASSWORD_IN_PLAIN_TEXT, password_policies=iredutils.get_password_policies(), msg=form.get('msg'), ) else: # Return to user profile page if admin is a mail user. qr = sql_lib_user.simple_profile(conn=conn, mail=mail, columns=['username']) if qr[0]: raise web.seeother('/profile/user/general/' + mail) else: raise web.seeother('/admins?msg=' + web.urlquote(result[1]))
def update(profile_type, mail, form, conn=None): profile_type = web.safestr(profile_type) mail = str(mail).lower() (username, domain) = mail.split('@', 1) if not conn: _wrap = LDAPWrap() conn = _wrap.conn # Get account dn. dn_user = ldaputils.rdn_value_to_user_dn(mail) mod_attrs = [] qr = ldap_lib_general.get_domain_account_setting(domain=domain, conn=conn) if qr[0]: domainAccountSetting = qr[1] else: return qr qr = get_profile(mail=mail, conn=conn) if qr[0]: user_profile = qr[1]['ldif'] user_account_setting = ldaputils.get_account_setting_from_profile( user_profile) else: return qr if profile_type == 'general': # Update domainGlobalAdmin=yes if session.get('is_global_admin'): # Update domainGlobalAdmin=yes if 'domainGlobalAdmin' in form: mod_attrs = ldaputils.mod_replace('domainGlobalAdmin', 'yes') if user_profile.get('domainGlobalAdmin') != ['yes']: log_activity(msg="User %s is marked as global admin." % mail, username=mail, domain=domain, event='grant') else: mod_attrs = ldaputils.mod_replace('domainGlobalAdmin', None) if user_profile.get('domainGlobalAdmin') == ['yes']: log_activity(msg="User %s is not a global admin anymore." % mail, username=mail, domain=domain, event='revoke') # Get full name, first name, last name. # Note: cn, givenName, sn are required by objectClass `inetOrgPerson`. cn = form_utils.get_name(form=form, input_name="cn") first_name = form_utils.get_single_value(form=form, input_name="first_name") last_name = form_utils.get_single_value(form=form, input_name="last_name") mod_attrs += ldaputils.mod_replace(attr="cn", value=cn, default=username) mod_attrs += ldaputils.mod_replace(attr='givenName', value=first_name, default=username) mod_attrs += ldaputils.mod_replace(attr='sn', value=last_name, default=username) # Get preferred language: short lang code. e.g. en_US, de_DE. preferred_language = form_utils.get_language(form) # Must be equal to or less than 5 characters. if not (preferred_language in iredutils.get_language_maps()): preferred_language = None mod_attrs += ldaputils.mod_replace('preferredLanguage', preferred_language) # Update language immediately. if session.get('username') == mail and \ session.get('lang', 'en_US') != preferred_language: session['lang'] = preferred_language # Update timezone tz_name = form_utils.get_timezone(form) if qr[0]: user_account_setting['timezone'] = tz_name if session['username'] == mail and tz_name: session['timezone'] = TIMEZONES[tz_name] # Update employeeNumber, mobile, title. mod_attrs += ldaputils.mod_replace('employeeNumber', form.get('employeeNumber')) ############ # Reset quota # # Get new mail quota from web form. quota = form_utils.get_single_value(form=form, input_name='mailQuota', default_value=0, is_integer=True) # quota must be stored in bytes. mod_attrs += ldaputils.mod_replace('mailQuota', quota * 1024 * 1024) # Get telephoneNumber, mobile. # - multi values are allowed. # - non-ascii characters are not allowed. for k in ['mobile', 'telephoneNumber']: mod_attrs += ldaputils.form_mod_attrs_from_api(form=form, input_name=k, attr=k, to_string=True) # Get title, with multiple values. for _attr in ['title']: _values = [v for v in form.get(_attr, []) if v] # Remove duplicate entries _values = list(set(_values)) mod_attrs += ldaputils.mod_replace(attr=_attr, value=_values) # check account status. accountStatus = 'disabled' if 'accountStatus' in form: accountStatus = 'active' mod_attrs += ldaputils.mod_replace('accountStatus', accountStatus) elif profile_type == 'password': # Get password length from @domainAccountSetting. (min_pw_len, max_pw_len) = ldap_lib_general.get_domain_password_lengths( domain=domain, account_settings=domainAccountSetting, fallback_to_global_settings=False, conn=conn) # Get new passwords from user input. newpw = web.safestr(form.get('newpw', '')) confirmpw = web.safestr(form.get('confirmpw', '')) result = iredpwd.verify_new_password(newpw=newpw, confirmpw=confirmpw, min_passwd_length=min_pw_len, max_passwd_length=max_pw_len) if result[0] is True: if 'store_password_in_plain_text' in form and settings.STORE_PASSWORD_IN_PLAIN_TEXT: passwd = iredpwd.generate_password_hash(result[1], pwscheme='PLAIN') else: passwd = iredpwd.generate_password_hash(result[1]) mod_attrs += ldaputils.mod_replace('userPassword', passwd) mod_attrs += ldaputils.mod_replace( 'shadowLastChange', ldaputils.get_days_of_shadow_last_change()) # Always store plain password in another attribute. if settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR: mod_attrs += ldaputils.mod_replace( settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR, newpw) else: return result # accountSetting list_of_account_setting = ldaputils.account_setting_dict_to_list( user_account_setting) mod_attrs += ldaputils.mod_replace('accountSetting', list_of_account_setting) try: conn.modify_s(dn_user, mod_attrs) log_activity(msg="Update user profile ({}): {}.".format( profile_type, mail), admin=session.get('username'), username=mail, domain=domain, event='update') return (True, {}) except Exception as e: return (False, repr(e))
def add(domain, form, conn=None): # Get domain name, username, cn. form_domain = form_utils.get_domain_name(form) if not (domain == form_domain): return (False, 'INVALID_DOMAIN_NAME') username = web.safestr(form.get('username')).strip().lower() mail = username + '@' + domain mail = iredutils.strip_mail_ext_address(mail) if not iredutils.is_auth_email(mail): return (False, 'INVALID_MAIL') if not conn: _wrap = LDAPWrap() conn = _wrap.conn _qr = ldap_lib_general.check_account_existence(mail=mail, account_type='mail', conn=conn) if _qr[0] is not False: return (False, 'ALREADY_EXISTS') # Get @domainAccountSetting. qr = ldap_lib_domain.get_profile(domain=domain, conn=conn) if not qr[0]: return qr domain_profile = qr[1]['ldif'] domain_status = domain_profile.get('accountStatus', ['disabled'])[0] domainAccountSetting = ldaputils.get_account_setting_from_profile( domain_profile) # Check account number limit. _num_users = domainAccountSetting.get('numberOfUsers') if _num_users == '-1': return (False, 'NOT_ALLOWED') _pw_hash = form.get('password_hash', '') if _pw_hash: if not iredpwd.is_supported_password_scheme(_pw_hash): return (False, 'INVALID_PASSWORD_SCHEME') passwd_plain = '' passwd_hash = _pw_hash else: (min_pw_len, max_pw_len) = ldap_lib_general.get_domain_password_lengths( domain=domain, account_settings=domainAccountSetting, fallback_to_global_settings=False, conn=conn, ) qr = form_utils.get_password(form=form, input_name='newpw', confirm_pw_input_name='confirmpw', min_passwd_length=min_pw_len, max_passwd_length=max_pw_len) if qr[0]: passwd_plain = qr[1]['pw_plain'] passwd_hash = qr[1]['pw_hash'] else: return qr cn = form_utils.get_name(form=form, input_name="cn") # Get preferred language. preferred_language = form_utils.get_language(form=form) if preferred_language not in iredutils.get_language_maps(): preferred_language = None # Get user quota. Unit is MB. quota = form_utils.get_single_value(form=form, input_name='mailQuota', default_value=0, is_integer=True) quota = abs(quota) if quota == 0: # Get per-domain default user quota default_user_quota = ldap_lib_domain.get_default_user_quota( domain=domain, domain_account_setting=domainAccountSetting) quota = default_user_quota defaultStorageBaseDirectory = domainAccountSetting.get( 'defaultStorageBaseDirectory', None) db_settings = iredutils.get_settings_from_db() # Get mailbox format and folder. _mailbox_format = form.get('mailboxFormat', '').lower() _mailbox_folder = form.get('mailboxFolder', '') if not iredutils.is_valid_mailbox_format(_mailbox_format): _mailbox_format = db_settings['mailbox_format'] if not iredutils.is_valid_mailbox_folder(_mailbox_folder): _mailbox_folder = db_settings['mailbox_folder'] # Get full maildir path _mailbox_maildir = form.get('maildir') # Get default mailing lists which set in domain accountSetting. ldif = iredldif.ldif_mailuser( domain=domain, username=username, cn=cn, passwd=passwd_hash, quota=quota, storage_base_directory=defaultStorageBaseDirectory, mailbox_format=_mailbox_format, mailbox_folder=_mailbox_folder, mailbox_maildir=_mailbox_maildir, language=preferred_language, domain_status=domain_status, ) dn_user = ldaputils.rdn_value_to_user_dn(mail) # Store plain password in additional attribute if passwd_plain and settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR: ldif += [(settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR, [passwd_plain])] try: conn.add_s(dn_user, ldif) # Update count of accounts ldap_lib_general.update_num_domain_current_users(domain=domain, increase=True, conn=conn) log_activity(msg="Create user: %s." % (mail), domain=domain, event='create') return (True, ) except ldap.ALREADY_EXISTS: return (False, 'ALREADY_EXISTS') except Exception as e: return (False, repr(e))
def update(domain, profile_type, form, conn=None): profile_type = str(profile_type) domain = str(domain).lower() sql_vars = {'domain': domain} if not conn: _wrap = SQLWrap() conn = _wrap.conn db_settings = iredutils.get_settings_from_db() # Get current domain profile qr = simple_profile(conn=conn, domain=domain) if qr[0]: domain_profile = qr[1] domain_settings = sqlutils.account_settings_string_to_dict( domain_profile.get('settings', '')) del qr else: return qr # Check disabled domain profiles disabled_domain_profiles = [] if not session.get('is_global_admin'): disabled_domain_profiles = domain_settings.get( 'disabled_domain_profiles', []) if profile_type in disabled_domain_profiles: return (False, 'PERMISSION_DENIED') # Pre-defined update key:value. updates = {'modified': iredutils.get_gmttime()} if profile_type == 'general': # Get name cn = form.get('cn', '') updates['description'] = cn # Get default quota for new user. default_user_quota = form_utils.get_single_value( form=form, input_name='defaultQuota', default_value=0, is_integer=True) if default_user_quota > 0: domain_settings['default_user_quota'] = default_user_quota else: if 'default_user_quota' in domain_settings: domain_settings.pop('default_user_quota') elif profile_type == 'advanced': # Update min/max password length in domain setting if session.get('is_global_admin') or ('password_policies' not in disabled_domain_profiles): for (_input_name, _key_name) in [('minPasswordLength', 'min_passwd_length'), ('maxPasswordLength', 'max_passwd_length')]: try: _length = int(form.get(_input_name, 0)) except: _length = 0 if _length > 0: if not session.get('is_global_admin'): # Make sure domain setting doesn't exceed global setting. if _input_name == 'minPasswordLength': # Cannot be shorter than global setting. if _length < db_settings['min_passwd_length']: _length = db_settings['min_passwd_length'] elif _input_name == 'maxPasswordLength': # Cannot be longer than global setting. if (db_settings['max_passwd_length'] > 0) and \ (_length > db_settings['max_passwd_length'] or _length <= db_settings['min_passwd_length']): _length = db_settings['max_passwd_length'] domain_settings[_key_name] = _length else: if _key_name in domain_settings: domain_settings.pop(_key_name) # Update default language for new user default_language = form_utils.get_language(form) if default_language in iredutils.get_language_maps(): domain_settings['default_language'] = default_language domain_settings['timezone'] = form_utils.get_timezone(form) updates['settings'] = sqlutils.account_settings_dict_to_string( domain_settings) try: conn.update('domain', vars=sql_vars, where='domain=$domain', **updates) log_activity(msg="Update domain profile: {} ({}).".format( domain, profile_type), domain=domain, event='update') return (True, ) except Exception as e: return (False, repr(e))
def add_user_from_form(domain, form, conn=None): # Get domain name, username, cn. mail_domain = form_utils.get_domain_name(form) mail_username = form.get('username') if mail_username: mail_username = web.safestr(mail_username).strip().lower() else: return (False, 'INVALID_ACCOUNT') mail = mail_username + '@' + mail_domain if mail_domain != domain: return (False, 'PERMISSION_DENIED') if not iredutils.is_auth_email(mail): return (False, 'INVALID_MAIL') if not conn: _wrap = SQLWrap() conn = _wrap.conn # Check account existing. if sql_lib_general.is_email_exists(mail=mail, conn=conn): return (False, 'ALREADY_EXISTS') # Get domain profile. qr_profile = sql_lib_domain.profile(conn=conn, domain=domain) if qr_profile[0] is True: domain_profile = qr_profile[1] domain_settings = sqlutils.account_settings_string_to_dict( domain_profile['settings']) else: return qr_profile # Check account limit. num_exist_accounts = sql_lib_admin.num_managed_users(conn=conn, domains=[domain]) if domain_profile.mailboxes == -1: return (False, 'NOT_ALLOWED') elif domain_profile.mailboxes > 0: if domain_profile.mailboxes <= num_exist_accounts: return (False, 'EXCEEDED_DOMAIN_ACCOUNT_LIMIT') # Get quota from <form> quota = str(form.get('mailQuota', 0)).strip() try: quota = int(quota) except: quota = 0 # # Get password from <form>. # pw_hash = form.get('password_hash', '') newpw = web.safestr(form.get('newpw', '')) confirmpw = web.safestr(form.get('confirmpw', '')) if pw_hash: if not iredpwd.is_supported_password_scheme(pw_hash): return (False, 'INVALID_PASSWORD_SCHEME') passwd = pw_hash else: # Get password length limit from domain profile or global setting. min_passwd_length = domain_settings.get('min_passwd_length', 0) max_passwd_length = domain_settings.get('max_passwd_length', 0) qr_pw = iredpwd.verify_new_password( newpw, confirmpw, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length) if qr_pw[0] is True: pwscheme = None if 'store_password_in_plain_text' in form and settings.STORE_PASSWORD_IN_PLAIN_TEXT: pwscheme = 'PLAIN' passwd = iredpwd.generate_password_hash(qr_pw[1], pwscheme=pwscheme) else: return qr_pw # Get display name from <form> cn = form_utils.get_single_value(form, input_name='cn', default_value='') # Get preferred language. preferred_language = form_utils.get_language(form) if preferred_language not in iredutils.get_language_maps(): preferred_language = '' # Get storage base directory. _storage_base_directory = settings.storage_base_directory splited_sbd = _storage_base_directory.rstrip('/').split('/') storage_node = splited_sbd.pop() storage_base_directory = '/'.join(splited_sbd) maildir = iredutils.generate_maildir_path(mail) # Read full maildir path from web form - from RESTful API. mailbox_maildir = form.get('maildir', '').lower().rstrip('/') if mailbox_maildir and os.path.isabs(mailbox_maildir): # Split storageBaseDirectory and storageNode _splited = mailbox_maildir.rstrip('/').split('/') storage_base_directory = '/' + _splited[0] storage_node = _splited[1] maildir = '/'.join(_splited[2:]) record = { 'domain': domain, 'username': mail, 'password': passwd, 'name': cn, 'quota': quota, 'storagebasedirectory': storage_base_directory, 'storagenode': storage_node, 'maildir': maildir, 'language': preferred_language, 'passwordlastchange': iredutils.get_gmttime(), 'created': iredutils.get_gmttime(), 'active': 1 } # Get settings from SQL db. db_settings = iredutils.get_settings_from_db() # Get mailbox format and folder. _mailbox_format = form.get('mailboxFormat', db_settings['mailbox_format']).lower() _mailbox_folder = form.get('mailboxFolder', db_settings['mailbox_folder']) if iredutils.is_valid_mailbox_format(_mailbox_format): record['mailboxformat'] = _mailbox_format if iredutils.is_valid_mailbox_folder(_mailbox_folder): record['mailboxfolder'] = _mailbox_folder # Always store plain password in another attribute. if settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR: record[settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR] = newpw # Set disabled mail services. disabled_mail_services = domain_settings.get('disabled_mail_services', []) for srv in disabled_mail_services: record['enable' + srv] = 0 # globally disabled mail services for srv in settings.ADDITIONAL_DISABLED_USER_SERVICES: record['enable' + srv] = 0 # globally enabled mail services for srv in settings.ADDITIONAL_ENABLED_USER_SERVICES: record['enable' + srv] = 1 try: # Store new user in SQL db. conn.insert('mailbox', **record) # Create an entry in `vmail.forwardings` with `address=forwarding` conn.insert('forwardings', address=mail, forwarding=mail, domain=domain, dest_domain=domain, is_forwarding=1, active=1) log_activity(msg="Create user: %s." % (mail), domain=domain, event='create') return (True, ) except Exception as e: return (False, repr(e))
def POST(self): # Get username, password. form = web.input(_unicode=False) username = web.safestr(form.get('username', '').strip()).lower() password = form.get('password', '').strip() if not iredutils.is_email(username): raise web.seeother('/login?msg=INVALID_USERNAME') if not password: raise web.seeother('/login?msg=EMPTY_PASSWORD') domain = username.split('@', 1)[-1] _wrap = LDAPWrap() conn = _wrap.conn # Check whether it's a mail user with admin privilege. qr_user_auth = auth.login_auth(username=username, password=password, account_type='user', conn=conn) qr_admin_auth = (False, 'INVALID_CREDENTIALS') if not qr_user_auth[0]: # Verify admin account under 'o=domainAdmins'. qr_admin_auth = auth.login_auth(username=username, password=password, account_type='admin', conn=conn) if not qr_admin_auth[0]: session['failed_times'] += 1 logger.warning( "Web login failed: client_address={}, username={}".format( web.ctx.ip, username)) log_activity(msg="Login failed.", admin=username, event='login', loglevel='error') raise web.seeother('/login?msg=INVALID_CREDENTIALS') session['username'] = username web.config.session_parameters['cookie_name'] = 'iRedAdmin' web.config.session_parameters['ignore_expiry'] = False web.config.session_parameters[ 'ignore_change_ip'] = settings.SESSION_IGNORE_CHANGE_IP _attrs = ['preferredLanguage', 'accountSetting', 'disabledService'] # Read preferred language from LDAP if qr_admin_auth[0]: logger.info( "Admin login success: username={}, client_address={}".format( username, web.ctx.ip)) log_activity(msg="Admin login success", event='login') if not session.get('timezone'): # no per-admin time zone set in `login_auth()` timezone = settings.LOCAL_TIMEZONE session['timezone'] = timezone if qr_user_auth[0]: logger.info( "Admin login success: username={}, client_address={}".format( username, web.ctx.ip)) log_activity(msg="Admin login success", admin=username, event='login') qr_user_profile = ldap_lib_user.get_profile(mail=username, attributes=_attrs, conn=conn) if qr_user_profile[0]: # Time zone if not session.get('timezone'): # no per-user time zone set in `login_auth()` timezone = settings.LOCAL_TIMEZONE # Get per-domain time zone qr = ldap_lib_general.get_domain_account_setting( domain=domain, conn=conn) if qr[0]: _das = qr[1] tz_name = _das.get('timezone') if tz_name in TIMEZONES: timezone = TIMEZONES[tz_name] session['timezone'] = timezone # Save selected language selected_language = str(form.get('lang', '')).strip() if selected_language != web.ctx.lang and \ selected_language in iredutils.get_language_maps(): session['lang'] = selected_language # Save 'logged' at the end, if above settings are failed, it won't # redirect to other page and loop forever. session["logged"] = True if settings.REDIRECT_TO_DOMAIN_LIST_AFTER_LOGIN: raise web.seeother('/domains') else: raise web.seeother('/dashboard?checknew')
def update(conn, mail, profile_type, form): profile_type = web.safestr(profile_type) mail = str(mail).lower() domain = mail.split('@', 1)[-1] qr = sql_lib_domain.simple_profile(conn=conn, domain=domain, columns=['maxquota', 'settings']) if not qr[0]: return qr domain_profile = qr[1] del qr domain_settings = sqlutils.account_settings_string_to_dict( domain_profile.get('settings', '')) disabled_user_profiles = domain_settings.get('disabled_user_profiles', []) if not session.get('is_global_admin'): if profile_type in disabled_user_profiles: return (False, 'PERMISSION_DENIED') # Pre-defined update key:value pairs updates = {'modified': iredutils.get_gmttime()} if profile_type == 'general': # Get name updates['name'] = form.get('cn', '') # Get preferred language: short lang code. e.g. en_US, de_DE. preferred_language = form_utils.get_language(form) if preferred_language in iredutils.get_language_maps(): updates['language'] = preferred_language else: updates['language'] = '' tz_name = form_utils.get_timezone(form) if tz_name: sql_lib_general.update_user_settings( conn=conn, mail=mail, new_settings={'timezone': tz_name}) if session['username'] == mail: session['timezone'] = TIMEZONES[tz_name] else: sql_lib_general.update_user_settings(conn=conn, mail=mail, removed_settings=['timezone']) # Update language immediately. if session.get('username') == mail and \ session.get('lang', 'en_US') != preferred_language: session['lang'] = preferred_language # check account status updates['active'] = 0 if 'accountStatus' in form: updates['active'] = 1 # Update account status in table `alias` immediately try: conn.update('forwardings', vars={'address': mail}, where='address=$address OR forwarding=$address', active=updates['active']) except: pass # Get mail quota size. mailQuota = str(form.get('mailQuota')) if mailQuota.isdigit(): mailQuota = int(mailQuota) else: mailQuota = 0 updates['quota'] = mailQuota updates['employeeid'] = form.get('employeeNumber', '') elif profile_type == 'password': newpw = web.safestr(form.get('newpw', '')) confirmpw = web.safestr(form.get('confirmpw', '')) # Get password length limit from domain profile or global setting. min_passwd_length = domain_settings.get('min_passwd_length', 0) max_passwd_length = domain_settings.get('max_passwd_length', 0) # Verify new passwords. qr = iredpwd.verify_new_password(newpw=newpw, confirmpw=confirmpw, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length) if qr[0] is True: pwscheme = None if 'store_password_in_plain_text' in form and settings.STORE_PASSWORD_IN_PLAIN_TEXT: pwscheme = 'PLAIN' passwd = iredpwd.generate_password_hash(qr[1], pwscheme=pwscheme) else: return qr # Hash/encrypt new password. updates['password'] = passwd updates['passwordlastchange'] = iredutils.get_gmttime() # Store plain password in another attribute. if settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR: updates[settings.STORE_PLAIN_PASSWORD_IN_ADDITIONAL_ATTR] = newpw else: return (True, ) # Update SQL db try: conn.update('mailbox', vars={'username': mail}, where='username=$username', **updates) log_activity(msg="Update user profile ({}): {}.".format( profile_type, mail), admin=session.get('username'), username=mail, domain=domain, event='update') return (True, {}) except Exception as e: return (False, repr(e))
def GET(self, mail): mail = str(mail).lower() domain = mail.split('@', 1)[-1] _wrap = SQLWrap() conn = _wrap.conn form = web.input() msg = form.get('msg', '') used_quota = {} qr = sql_lib_user.profile(mail=mail, conn=conn) if qr[0]: user_profile = qr[1] else: raise web.seeother('/api?msg={}'.format(web.urlquote(qr[1]))) del qr # Get per-user settings user_settings = {} qr = sql_lib_general.get_user_settings( conn=conn, mail=mail, existing_settings=user_profile['settings']) if qr[0]: user_settings = qr[1] del qr # Get used quota. if settings.SHOW_USED_QUOTA: used_quota = sql_lib_general.get_account_used_quota( accounts=[mail], conn=conn) # Get per-domain disabled user profiles. qr = sql_lib_domain.simple_profile(conn=conn, domain=domain, columns=['settings']) if qr[0]: domain_profile = qr[1] domain_settings = sqlutils.account_settings_string_to_dict( domain_profile['settings']) min_passwd_length = domain_settings.get('min_passwd_length', settings.min_passwd_length) max_passwd_length = domain_settings.get('max_passwd_length', settings.max_passwd_length) return web.render('api/msg/msg.html', content_type="application/json", msg={ "cur_domain": domain, "mail": mail, "profile": user_profile, "timezones": TIMEZONES, "min_passwd_length": min_passwd_length, "max_passwd_length": max_passwd_length, "store_password_in_plain_text": settings.STORE_PASSWORD_IN_PLAIN_TEXT, "password_policies": iredutils.get_password_policies(), "user_settings": user_settings, "used_quota": used_quota, "languagemaps": iredutils.get_language_maps(), "msg": msg, })
def GET(self, profile_type, mail): mail = str(mail).lower() domain = mail.split('@', 1)[-1] if not session.get('is_global_admin') and not session.get('is_admin'): mail = session.get("username") if session.get('is_admin'): #check if admin asking for details of correct domain admins_of_domain = sql_lib_domain.get_domain_admin_addresses( domain=domain)[1] if session.get( 'username' ) not in admins_of_domain and not session.get('is_global_admin'): raise web.seeother('/domains?msg=PERMISSION_DENIED') _wrap = SQLWrap() conn = _wrap.conn form = web.input() msg = form.get('msg', '') # profile_type == 'general' used_quota = {} qr = sql_lib_user.profile(mail=mail, conn=conn) if qr[0]: user_profile = qr[1] else: if not session.get('is_global_admin') and not session.get( 'is_admin'): raise web.seeother('/users/{}?msg={}'.format( domain, web.urlquote(qr[1]))) else: raise web.seeother("/dashboard?msg=SOMETHING_WENT_WRONG") del qr # Get per-user settings user_settings = {} qr = sql_lib_general.get_user_settings( conn=conn, mail=mail, existing_settings=user_profile['settings']) if qr[0]: user_settings = qr[1] del qr # Get used quota. if settings.SHOW_USED_QUOTA: used_quota = sql_lib_general.get_account_used_quota( accounts=[mail], conn=conn) # Get per-domain disabled user profiles. qr = sql_lib_general.get_domain_settings(conn=conn, domain=domain) if qr[0]: domain_settings = qr[1] min_passwd_length = domain_settings.get('min_passwd_length', settings.min_passwd_length) max_passwd_length = domain_settings.get('max_passwd_length', settings.max_passwd_length) return web.render( 'sql/user/profile.html', cur_domain=domain, mail=mail, profile_type=profile_type, profile=user_profile, timezones=TIMEZONES, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, store_password_in_plain_text=settings.STORE_PASSWORD_IN_PLAIN_TEXT, password_policies=iredutils.get_password_policies(), user_settings=user_settings, used_quota=used_quota, languagemaps=iredutils.get_language_maps(), msg=msg, )
def GET(self, profile_type, mail): mail = web.safestr(mail).lower() profile_type = web.safestr(profile_type) if not (session.get('is_global_admin') or session.get('username') == mail): # Don't allow to view/update other admins' profile. raise web.seeother( '/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username')) _wrap = LDAPWrap() conn = _wrap.conn # Get admin profile. qr = ldap_lib_admin.get_profile(mail=mail, conn=conn) if qr[0]: admin_profile = qr[1]['ldif'] account_settings = ldaputils.get_account_setting_from_profile( admin_profile) _qr = ldap_lib_general.get_admin_account_setting( mail=mail, profile=admin_profile, conn=conn) if _qr[0]: account_settings = _qr[1] else: raise web.seeother('/admins?msg=' + qr[1]) form = web.input() if profile_type in ['general', 'password']: # Get all domains. qr_all_domains = ldap_lib_domain.list_accounts( attributes=['domainName', 'cn'], conn=conn) if qr_all_domains[0] is True: all_domains = qr_all_domains[1] else: return qr_all_domains # Get domains under control. qr_managed_domains = ldap_lib_admin.get_managed_domains( admin=mail, attributes=['domainName'], domain_name_only=True, conn=conn) if qr_managed_domains[0] is True: managed_domains = qr_managed_domains[1] else: return qr_managed_domains return web.render( 'ldap/admin/profile.html', mail=mail, profile_type=profile_type, admin_profile=admin_profile, account_settings=account_settings, languagemaps=iredutils.get_language_maps(), allDomains=all_domains, managedDomains=managed_domains, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, store_password_in_plain_text=settings. STORE_PASSWORD_IN_PLAIN_TEXT, password_policies=iredutils.get_password_policies(), timezones=TIMEZONES, msg=form.get('msg', None), )
def GET(self, profile_type, mail): mail = str(mail).lower() domain = mail.split('@', 1)[-1] _wrap = SQLWrap() conn = _wrap.conn form = web.input() msg = form.get('msg', '') # profile_type == 'general' used_quota = {} qr = sql_lib_user.profile(mail=mail, conn=conn) if qr[0]: user_profile = qr[1] else: raise web.seeother('/users/{}?msg={}'.format( domain, web.urlquote(qr[1]))) del qr # Get per-user settings user_settings = {} qr = sql_lib_general.get_user_settings( conn=conn, mail=mail, existing_settings=user_profile['settings']) if qr[0]: user_settings = qr[1] del qr # Get used quota. if settings.SHOW_USED_QUOTA: used_quota = sql_lib_general.get_account_used_quota( accounts=[mail], conn=conn) # Get per-domain disabled user profiles. qr = sql_lib_domain.simple_profile(conn=conn, domain=domain, columns=['settings']) if qr[0]: domain_profile = qr[1] domain_settings = sqlutils.account_settings_string_to_dict( domain_profile['settings']) min_passwd_length = domain_settings.get('min_passwd_length', settings.min_passwd_length) max_passwd_length = domain_settings.get('max_passwd_length', settings.max_passwd_length) return web.render( 'sql/user/profile.html', cur_domain=domain, mail=mail, profile_type=profile_type, profile=user_profile, timezones=TIMEZONES, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, store_password_in_plain_text=settings.STORE_PASSWORD_IN_PLAIN_TEXT, password_policies=iredutils.get_password_policies(), user_settings=user_settings, used_quota=used_quota, languagemaps=iredutils.get_language_maps(), msg=msg, )
def POST(self): form = web.input(_unicode=False) is_api_login = False api_key = False username = False password = False login_type = 'admin' # check if API login try: if form.get('key', '').strip() != "" and form.get( 'key', '').strip() != None: is_api_login = True api_key = str(form.get('key', '').strip()).lower() api_key = ''.join(e for e in api_key if e.isalnum()) else: is_api_login = False except AttributeError: raise web.seeother('/api?msg=Something_Went_Wrong_E:AuthAPIChk') # check type of user login try: if form.get('login_type', '').strip() != "" and form.get( 'login_type', '').strip() != None: login_type = str(form.get('login_type', '').strip()).lower() login_type = ''.join(e for e in login_type if e.isalnum()) except AttributeError: raise web.seeother('/login?msg=Try Again!') # Get username, password. if not API login if not is_api_login: username = form.get('username', '').strip().lower() password = str(form.get('password', '').strip()) _wrap = SQLWrap() conn = _wrap.conn # Authenticate auth_result = auth.auth(conn=conn, username=username, password=password, is_api_login=is_api_login, api_key=api_key, account_type=login_type) # if Authenticated if auth_result[0] is True: # Log Activity with correct user type if login_type == "admin": # Admin loggedin log_activity(msg="Admin login success", event='login') else: # user loggedin log_activity(msg="User login success", event='user_login') # Save user's selected language and set into session selected_language = str(form.get('lang', '')).strip() if selected_language != web.ctx.lang and \ selected_language in iredutils.get_language_maps(): session['lang'] = selected_language # set create_new_domain in session if allowed in users settings account_settings = auth_result[1].get('account_settings', {}) if (not session.get('is_global_admin') ) and 'create_new_domains' in account_settings: session['create_new_domains'] = True # set sessions for disable_viewing_mail_log and disable_managing_quarantined_mails if defined in user settings for k in [ 'disable_viewing_mail_log', 'disable_managing_quarantined_mails' ]: if account_settings.get(k) == 'yes': session[k] = True # redirect user to /domains if defined in user settings and not API Login, else redirect to dashboard on normal login and push LOGIN_SUCCESSFUL message on API login if settings.REDIRECT_TO_DOMAIN_LIST_AFTER_LOGIN and ( not is_api_login): raise web.seeother('/domains') else: if not is_api_login: raise web.seeother('/dashboard?checknew') else: raise web.seeother('/api?msg=LOGIN_SUCCESSFUL') # if not Authenticated Push Invalid Credentials message else: if not is_api_login: raise web.seeother('/login?msg=INVALID_CREDENTIALS') else: raise web.seeother('/api?msg=INVALID_CREDENTIALS')
def ldif_mailuser(domain, username, cn, passwd, quota=0, storage_base_directory=None, mailbox_format=None, mailbox_folder=None, mailbox_maildir=None, language=None, disabled_services=None, domain_status=None): domain = str(domain).lower() username = str(username).strip().replace(' ', '').lower() mail = username + '@' + domain if not cn: cn = username if not (storage_base_directory and os.path.isabs(storage_base_directory)): storage_base_directory = settings.storage_base_directory if mailbox_maildir and os.path.isabs(mailbox_maildir): home_directory = str(mailbox_maildir).lower() else: home_directory = os.path.join(storage_base_directory, iredutils.generate_maildir_path(mail)) enabled_services = list(attrs.USER_SERVICES_OF_NORMAL_USER ) + settings.ADDITIONAL_ENABLED_USER_SERVICES if disabled_services: enabled_services = set(enabled_services) - set(disabled_services) enabled_services = list(enabled_services) lang = language or settings.default_language if lang not in iredutils.get_language_maps(): lang = None # Generate basic LDIF. ldif = ldaputils.attrs_ldif({ 'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount'], 'mail': mail, 'userPassword': passwd, 'cn': cn, 'sn': username, 'uid': username, 'homeDirectory': home_directory, 'accountStatus': 'active', 'enabledService': enabled_services, 'preferredLanguage': lang, # shadowAccount integration. 'shadowLastChange': ldaputils.get_days_of_shadow_last_change(), # Amavisd integration. 'amavisLocal': 'TRUE', }) # Append quota. No 'mailQuota' attribute means unlimited. quota = str(quota).strip() if quota.isdigit(): quota = int(int(quota) * 1024 * 1024) ldif += ldaputils.attr_ldif('mailQuota', quota) # Append mailbox format. if mailbox_format: ldif += ldaputils.attr_ldif('mailboxFormat', str(mailbox_format).lower()) # mailbox folder if mailbox_folder: ldif += ldaputils.attr_ldif('mailboxFolder', mailbox_folder) if domain_status not in ['active', None]: ldif += ldaputils.attr_ldif('domainStatus', 'disabled') return ldif
def get_language(form, input_name='preferredLanguage'): lang = get_single_value(form, input_name=input_name, to_string=True) if lang not in iredutils.get_language_maps(): lang = '' return lang
def GET(self, profile_type, mail): mail = str(mail).lower() cur_domain = mail.split('@', 1)[-1] form = web.input(enabledService=[], telephoneNumber=[], domainName=[]) msg = form.get('msg') profile_type = web.safestr(profile_type) _wrap = LDAPWrap() conn = _wrap.conn qr = ldap_lib_user.get_profile(mail=mail, conn=conn) if not qr[0]: raise web.seeother('/users/{}?msg={}'.format( cur_domain, web.urlquote(qr[1]))) user_profile = qr[1]['ldif'] user_account_setting = ldaputils.account_setting_list_to_dict( user_profile.get('accountSetting', [])) # profile_type == 'general' accountUsedQuota = {} # Per-domain account settings domainAccountSetting = {} # Get accountSetting of current domain. qr = ldap_lib_general.get_domain_account_setting(domain=cur_domain, conn=conn) if qr[0] is True: domainAccountSetting = qr[1] if profile_type == 'general': # Get account used quota. if settings.SHOW_USED_QUOTA: accountUsedQuota = ldap_lib_general.get_account_used_quota( [mail]) (min_passwd_length, max_passwd_length) = ldap_lib_general.get_domain_password_lengths( domain=cur_domain, account_settings=domainAccountSetting, fallback_to_global_settings=False) password_policies = iredutils.get_password_policies() if min_passwd_length > 0: password_policies['min_passwd_length'] = min_passwd_length if max_passwd_length > 0: password_policies['max_passwd_length'] = max_passwd_length return web.render( 'ldap/user/profile.html', profile_type=profile_type, mail=mail, user_profile=user_profile, user_account_setting=user_account_setting, defaultStorageBaseDirectory=settings.storage_base_directory, timezones=TIMEZONES, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, store_password_in_plain_text=settings.STORE_PASSWORD_IN_PLAIN_TEXT, password_policies=iredutils.get_password_policies(), accountUsedQuota=accountUsedQuota, domainAccountSetting=domainAccountSetting, languagemaps=iredutils.get_language_maps(), msg=msg, )