def pre_request():
"""
Setup any of the global variables before the request is processed.
"""
g.menu = []
g.menu.append((url_for("core_index"), "Mi Account"))
g.menu.append((url_for("tree_base"), u"Directory"))
g.menu.append((url_for("core_logout"), "Log out"))
# LDAP connection settings
g.ldap = {
'domain': app.config['LDAP_DOMAIN'],
'dn': app.config['LDAP_DN'],
'server': app.config['LDAP_SERVER'],
'search_dn': app.config['SEARCH_DN']
}
# The various caches
g.ldap_cache = {}
# SICC-IP integrations
g.siccip = app.config['SICCIP_AWARE']
# Extra fields form
g.extra_fields = app.config['EXTRA_FIELDS']
def group_delete(groupname):
title = "Delete group"
if not ldap_group_exists(groupname):
abort(404)
form = FlaskForm(request.form)
if form.validate_on_submit():
try:
group = ldap_get_group(groupname=groupname)
ldap_delete_entry(group['distinguishedName'])
flash(u"Group removed successfully.", "success")
return redirect(url_for('core_index'))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash(u"Data validation failed.", "error")
return render_template("pages/group_delete_es.html",
title=title,
action="Delete group",
form=form,
groupname=groupname,
parent=url_for('group_overview',
groupname=groupname))
def user_delete(username):
title = "Delete user"
if not ldap_user_exists(username=username):
abort(404)
form = Form(request.form)
if form.validate_on_submit():
try:
user = ldap_get_user(username=username)
ldap_delete_entry(user['distinguishedName'])
flash("User successfuly deleted.", "success")
return redirect(url_for('core_index'))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("pages/user_delete.html",
title=title,
action="Delete user",
form=form,
username=username,
parent=url_for('user_overview',
username=username))
def user_delete(username):
title = "Delete User"
if not ldap_user_exists(username=username):
abort(404)
form = FlaskForm(request.form)
if form.validate_on_submit():
try:
user = ldap_get_user(username=username)
ldap_delete_entry(user['distinguishedName'])
flash(u"User deleted successfully.", "success")
return redirect(url_for('core_index'))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
return render_template("pages/user_delete_es.html",
title=title,
action="Delete User",
form=form,
username=username,
parent=url_for('user_overview',
username=username))
def user_delete(username):
title = "Delete user"
if not ldap_user_exists(username=username):
abort(404)
form = Form(request.form)
if form.validate_on_submit():
try:
user = ldap_get_user(username=username)
ldap_delete_entry(user['distinguishedName'])
flash("User successfuly deleted.", "success")
return redirect(url_for('core_index'))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("pages/user_delete.html", title=title,
action="Delete user", form=form,
username=username,
parent=url_for('user_overview',
username=username))
def user_edit_ssh(username):
title = "Edit SSH keys"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserSSHEdit(request.form)
form.visible_fields = [form.ssh_keys]
if form.validate_on_submit():
new_entries = [entry.strip() for entry in
form.ssh_keys.data.split("\n")]
try:
ldap_update_attribute(user['distinguishedName'],
'sshPublicKey', new_entries,
'ldapPublicKey')
flash("SSH keys successfuly updated.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
if 'sshPublicKey' in user:
form.ssh_keys.data = "\n".join(user['sshPublicKey'])
return render_template("forms/basicform.html", form=form, title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def group_add():
title = "Add group"
base = request.args.get('base')
if not base:
base = "OU=People,%s" % g.ldap['dn']
form = GroupEdit(request.form)
field_mapping = [('sAMAccountName', form.name),
('description', form.description),
(None, form.group_type),
('groupType', form.group_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.group_flags.choices = [
(key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items()
if value[1]
]
if form.validate_on_submit():
try:
# Default attributes
attributes = {'objectClass': "group"}
for attribute, field in field_mapping:
if attribute == "groupType":
group_type = int(form.group_type.data) + \
int(form.group_flags.data)
attributes[attribute] = str(
struct.unpack("i",
struct.pack("I",
int(group_type)))[0])
elif attribute and field.data:
attributes[attribute] = field.data
ldap_create_entry("cn=%s,%s" % (form.name.data, base),
attributes)
flash("Group successfully created.", "success")
return redirect(
url_for('group_overview', groupname=form.name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.group_type.data = 2147483648
form.group_flags.data = 2
return render_template("forms/basicform.html",
form=form,
title=title,
action="Add group",
parent=url_for('group_add'))
def user_edit_siccip(username):
title = u"Edit SICC-IP Configuration"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
pager = user['pager'][0] if 'pager' in user else None
form = SICCIPEdit(request.form)
field_mapping = [ #('internet_type', form.internet_type),
('internet_quota', form.internet_quota),
('socialnetwork_quota', form.socialnetwork_quota),
('dansguardian_filter', form.dansguardian_filter),
('email_type', form.email_type), ('email_quota', form.email_quota)
]
form.visible_fields = [field[1] for field in field_mapping]
if form.validate_on_submit():
try:
internet_type = 'F'
new_pager = 'I%s%f_%f|E%s%f|D%d' % (
internet_type, form.internet_quota.data,
form.socialnetwork_quota.data, form.email_type.data,
form.email_quota.data, form.dansguardian_filter.data)
if pager != new_pager:
ldap_update_attribute(user['distinguishedName'], "pager",
new_pager)
print(new_pager)
flash(u"Profile updated successfully.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash(u"Data validation failed.", "error")
if not form.is_submitted():
if pager:
siccip_data = get_parsed_pager_attribute(pager)
if siccip_data is not None:
form.internet_type.data = siccip_data['internet_type']
form.internet_quota.data = siccip_data['internet_quota']
form.socialnetwork_quota.data = siccip_data[
'socialnetwork_quota']
form.email_type.data = siccip_data['email_type']
form.email_quota.data = siccip_data['email_quota']
form.dansguardian_filter.data = siccip_data[
'dansguardian_filter']
return render_template("forms/basicform.html",
form=form,
title=title,
action="Salvar los cambios",
parent=url_for('user_overview',
username=username))
def tree_base(base=None):
if not base:
base = g.ldap['dn']
elif not base.lower().endswith(g.ldap['dn'].lower()):
base += ",%s" % g.ldap['dn']
admin = ldap_in_group("Domain Admins")
entry_fields = [('name', "Name"),
('__description', "Description"),
('__type', "Type")]
entries = []
for entry in sorted(ldap_get_entries("objectClass=top", base,
"onelevel"), key=lambda entry: entry['name']):
if not 'description' in entry:
if 'displayName' in entry:
entry['__description'] = entry['displayName']
else:
entry['__description'] = entry['description']
entry['__target'] = url_for('tree_base',
base=entry['distinguishedName'])
if 'user' in entry['objectClass']:
entry['__type'] = "User"
entry['__target'] = url_for('user_overview',
username=entry['sAMAccountName'])
elif 'group' in entry['objectClass']:
entry['__type'] = "Group"
entry['__target'] = url_for('group_overview',
groupname=entry['sAMAccountName'])
elif 'organizationalUnit' in entry['objectClass']:
entry['__type'] = "Organizational Unit"
elif 'container' in entry['objectClass']:
entry['__type'] = "Container"
elif 'builtinDomain' in entry['objectClass']:
entry['__type'] = "Built-in"
else:
entry['__type'] = "Unknown"
if 'showInAdvancedViewOnly' in entry \
and entry['showInAdvancedViewOnly']:
continue
for blacklist in TREE_BLACKLIST:
if entry['distinguishedName'].startswith(blacklist):
break
else:
entries.append(entry)
parent = None
base_split = base.split(',')
if not base_split[0].lower().startswith("dc"):
parent = ",".join(base_split[1:])
return render_template("pages/tree_base.html", parent=parent,
admin=admin, base=base, entries=entries,
entry_fields=entry_fields)
def group_add():
title = "Add group"
form = GroupEdit(request.form)
field_mapping = [('sAMAccountName', form.name),
('description', form.description),
('mail', form.mail), (None, form.group_type),
('groupType', form.group_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.group_flags.choices = [
(key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items()
if value[1]
]
if form.validate_on_submit():
try:
base = request.args.get("b'base")
base = base.rstrip("'")
# Default attributes
attributes = {'objectClass': b"group"}
for attribute, field in field_mapping:
if attribute == "groupType":
group_type = int(form.group_type.data) + int(
form.group_flags.data)
attributes[attribute] = str(
struct.unpack("i", struct.pack(
"I", int(group_type)))[0]).encode('utf-8')
elif attribute and field.data:
attributes[attribute] = field.data.encode('utf-8')
print(attributes)
print("cn=%s,%s" % (form.name.data, base))
ldap_create_entry("cn=%s,%s" % (form.name.data, base),
attributes)
flash(u"Group created successfully.", "success")
return redirect(
url_for('group_overview', groupname=form.name.data))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
if not form.is_submitted():
form.group_type.data = 2147483648
form.group_flags.data = 2
return render_template("forms/basicform.html",
form=form,
title=title,
action="Add group",
parent=url_for('tree_base'))
def group_add():
title = "Add group"
base = request.args.get('base')
if not base:
base = "OU=People,%s" % g.ldap['dn']
form = GroupEdit(request.form)
field_mapping = [('sAMAccountName', form.name),
('description', form.description),
(None, form.group_type),
('groupType', form.group_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.group_flags.choices = [(key, value[0]) for key, value in
LDAP_AD_GROUPTYPE_VALUES.items()
if value[1]]
if form.validate_on_submit():
try:
# Default attributes
attributes = {'objectClass': "group"}
for attribute, field in field_mapping:
if attribute == "groupType":
group_type = int(form.group_type.data) + \
int(form.group_flags.data)
attributes[attribute] = str(
struct.unpack("i",
struct.pack("I",
int(group_type)))[0])
elif attribute and field.data:
attributes[attribute] = field.data
ldap_create_entry("cn=%s,%s" % (form.name.data, base),
attributes)
flash("Group successfully created.", "success")
return redirect(url_for('group_overview',
groupname=form.name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.group_type.data = 2147483648
form.group_flags.data = 2
return render_template("forms/basicform.html", form=form, title=title,
action="Add group",
parent=url_for('group_add'))
def group_addmembers(groupname):
title = "Add members"
if not ldap_group_exists(groupname):
abort(404)
form = GroupAddMembers(request.form)
form.visible_fields = [form.new_members]
if form.validate_on_submit():
group = ldap_get_group(groupname)
if 'member' in group:
entries = set(group['member'])
else:
entries = set()
for line in form.new_members.data.split("\n"):
entry = ldap_get_entry_simple({'sAMAccountName': line.strip()})
if not entry:
error = "Invalid username: %s" % line
flash(error, "error")
break
entries.add(entry['distinguishedName'])
else:
try:
ldap_update_attribute(group['distinguishedName'], "member",
list(entries))
flash("Members added.", "success")
return redirect(
url_for('group_overview', groupname=groupname))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Add members",
parent=url_for('group_overview',
groupname=groupname))
def group_addmembers(groupname):
title = "Add members"
if not ldap_group_exists(groupname):
abort(404)
form = GroupAddMembers(request.form)
form.visible_fields = [form.new_members]
if form.validate_on_submit():
group = ldap_get_group(groupname)
if 'member' in group:
entries = set(group['member'])
else:
entries = set()
for line in form.new_members.data.split("\n"):
entry = ldap_get_entry_simple({'sAMAccountName': line.strip()})
if not entry:
error = u"Invalid username: %s" % line
flash(error, "error")
break
entries.add(entry['distinguishedName'])
else:
try:
ldap_add_users_to_group(group['distinguishedName'],
"member", list(entries))
flash("Added users.", "success")
return redirect(
url_for('group_overview', groupname=groupname))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Adicionar miembros",
parent=url_for('group_overview',
groupname=groupname))
def group_delmember(groupname, member):
title = "Remove from group"
group = ldap_get_group(groupname)
if not group or 'member' not in group:
abort(404)
member = ldap_get_entry_simple({'sAMAccountName': member})
if not member:
abort(404)
if not member['distinguishedName'] in group['member']:
abort(404)
form = GroupDelMember(request.form)
if form.validate_on_submit():
try:
members = group['member']
members.remove(member['distinguishedName'])
ldap_update_attribute(group['distinguishedName'], "member",
members)
flash(
"Member of group X %s eliminated" %
group['sAMAccountName'], "success")
return redirect(
url_for('user_overview',
username=member['sAMAccountName']))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
return render_template("pages/group_delmember_es.html",
title=title,
action="Remove member from group",
form=form,
member=member['sAMAccountName'],
group=group['sAMAccountName'],
parent=url_for(
'user_overview',
username=member['sAMAccountName']))
def group_addmembers(groupname):
title = "Add members"
if not ldap_group_exists(groupname):
abort(404)
form = GroupAddMembers(request.form)
form.visible_fields = [form.new_members]
if form.validate_on_submit():
group = ldap_get_group(groupname)
if 'member' in group:
entries = set(group['member'])
else:
entries = set()
for line in form.new_members.data.split("\n"):
entry = ldap_get_entry_simple({'sAMAccountName': line.strip()})
if not entry:
error = "Invalid username: %s" % line
flash(error, "error")
break
entries.add(entry['distinguishedName'])
else:
try:
ldap_update_attribute(group['distinguishedName'],
"member", list(entries))
flash("Members added.", "success")
return redirect(url_for('group_overview',
groupname=groupname))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html", form=form, title=title,
action="Add members",
parent=url_for('group_overview',
groupname=groupname))
def user_changepw(username):
title = u"Change Password"
if not ldap_user_exists(username=username):
abort(404)
admin = ldap_in_group(Settings.ADMIN_GROUP)
if username != g.ldap['username'] and admin:
form = PasswordChange(request.form)
form.visible_fields = []
else:
form = PasswordChangeUser(request.form)
form.visible_fields = [form.oldpassword]
form.visible_fields += [form.password, form.password_confirm]
if form.validate_on_submit():
try:
if username != g.ldap['username'] and admin:
ldap_change_password(None,
form.password.data,
username=username)
else:
ldap_change_password(form.oldpassword.data,
form.password.data,
username=username)
flash(u"The password was changed successfully.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action=u"Change Password",
parent=url_for('user_overview',
username=username))
def user_changepw(username):
title = "Change password"
if not ldap_user_exists(username=username):
abort(404)
admin = ldap_in_group("Domain Admins")
if username != g.ldap['username'] and admin:
form = PasswordChange(request.form)
form.visible_fields = []
else:
form = PasswordChangeUser(request.form)
form.visible_fields = [form.oldpassword]
form.visible_fields += [form.password, form.password_confirm]
if form.validate_on_submit():
try:
if username != g.ldap['username'] and admin:
ldap_change_password(None,
form.password.data,
username=username)
else:
ldap_change_password(form.oldpassword.data,
form.password.data,
username=username)
flash("Password changed successfuly.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Change password",
parent=url_for('user_overview',
username=username))
def user_changepw(username):
title = "Change password"
if not ldap_user_exists(username=username):
abort(404)
admin = ldap_in_group("Domain Admins")
if username != g.ldap['username'] and admin:
form = PasswordChange(request.form)
form.visible_fields = []
else:
form = PasswordChangeUser(request.form)
form.visible_fields = [form.oldpassword]
form.visible_fields += [form.password, form.password_confirm]
if form.validate_on_submit():
try:
if username != g.ldap['username'] and admin:
ldap_change_password(None,
form.password.data,
username=username)
else:
ldap_change_password(form.oldpassword.data,
form.password.data,
username=username)
flash("Password changed successfuly.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html", form=form, title=title,
action="Change password",
parent=url_for('user_overview',
username=username))
def group_delmember(groupname, member):
title = "Remove group member"
group = ldap_get_group(groupname)
if not group or 'member' not in group:
abort(404)
member = ldap_get_entry_simple({'sAMAccountName': member})
if not member:
abort(404)
if not member['distinguishedName'] in group['member']:
abort(404)
form = Form(request.form)
if form.validate_on_submit():
try:
members = group['member']
members.remove(member['distinguishedName'])
ldap_update_attribute(group['distinguishedName'], "member",
members)
flash("Member removed.", "success")
return redirect(url_for('group_overview', groupname=groupname))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("pages/group_delmember.html",
title=title,
action="Remove group member",
form=form,
member=member['sAMAccountName'],
group=group['sAMAccountName'],
parent=url_for('group_overview',
groupname=groupname))
def user_edit_ssh(username):
title = "Edit SSH keys"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserSSHEdit(request.form)
form.visible_fields = [form.ssh_keys]
if form.validate_on_submit():
new_entries = [
entry.strip() for entry in form.ssh_keys.data.split("\n")
]
try:
ldap_update_attribute(user['distinguishedName'],
'sshPublicKey', new_entries,
'ldapPublicKey')
flash("SSH keys successfuly updated.", "success")
return redirect(url_for('user_overview', username=username))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
if 'sshPublicKey' in user:
form.ssh_keys.data = "\n".join(user['sshPublicKey'])
return render_template("forms/basicform.html",
form=form,
title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def group_delmember(groupname, member):
title = "Remove group member"
group = ldap_get_group(groupname)
if not group or 'member' not in group:
abort(404)
member = ldap_get_entry_simple({'sAMAccountName': member})
if not member:
abort(404)
if not member['distinguishedName'] in group['member']:
abort(404)
form = Form(request.form)
if form.validate_on_submit():
try:
members = group['member']
members.remove(member['distinguishedName'])
ldap_update_attribute(group['distinguishedName'],
"member", members)
flash("Member removed.", "success")
return redirect(url_for('group_overview', groupname=groupname))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("pages/group_delmember.html", title=title,
action="Remove group member", form=form,
member=member['sAMAccountName'],
group=group['sAMAccountName'],
parent=url_for('group_overview',
groupname=groupname))
def group_edit(groupname):
title = "Edit group"
if not ldap_group_exists(groupname):
abort(404)
group = ldap_get_group(groupname)
# We can't edit system groups
if group['groupType'] & 1:
abort(401)
form = GroupEdit(request.form)
field_mapping = [('sAMAccountName', form.name),
('description', form.description),
(None, form.group_type),
('groupType', form.group_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.group_flags.choices = [
(key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items()
if value[1]
]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
if value != group.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(group['distinguishedName'],
"sAMAccountName", value)
# Finish by renaming the whole record
ldap_update_attribute(group['distinguishedName'],
"cn", value)
group = ldap_get_group(value)
elif attribute == "groupType":
group_type = int(form.group_type.data) + \
int(form.group_flags.data)
ldap_update_attribute(
group['distinguishedName'], attribute,
str(
struct.unpack(
"i", struct.pack("I",
int(group_type)))[0]))
elif attribute:
ldap_update_attribute(group['distinguishedName'],
attribute, value)
flash("Group successfully updated.", "success")
return redirect(
url_for('group_overview', groupname=form.name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.name.data = group.get('sAMAccountName')
form.description.data = group.get('description')
form.group_type.data = group['groupType'] & 2147483648
form.group_flags.data = 0
for key, flag in LDAP_AD_GROUPTYPE_VALUES.items():
if flag[1] and group['groupType'] & key:
form.group_flags.data += key
return render_template("forms/basicform.html",
form=form,
title=title,
action="Save changes",
parent=url_for('group_overview',
groupname=groupname))
def user_edit_profile(username):
title = "Edit user"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserProfileEdit(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
('userAccountControl', form.uac_flags)]
form.uac_flags.choices = [(key, value[0]) for key, value in
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]]
form.visible_fields = [field[1] for field in field_mapping]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
if value != user.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(user['distinguishedName'],
"sAMAccountName", value)
ldap_update_attribute(user['distinguishedName'],
"userPrincipalName",
"%s@%s" % (value,
g.ldap['domain']))
# Finish by renaming the whole record
ldap_update_attribute(user['distinguishedName'],
"cn", value)
user = ldap_get_user(value)
elif attribute == 'userAccountControl':
current_uac = user['userAccountControl']
for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES
.items()):
if not flag[1]:
continue
if key in value:
if not current_uac & key:
current_uac += key
else:
if current_uac & key:
current_uac -= key
ldap_update_attribute(user['distinguishedName'],
attribute, str(current_uac))
else:
ldap_update_attribute(user['distinguishedName'],
attribute, value)
flash("Profile successfully updated.", "success")
return redirect(url_for('user_overview',
username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.first_name.data = user.get('givenName')
form.last_name.data = user.get('sn')
form.display_name.data = user.get('displayName')
form.user_name.data = user.get('sAMAccountName')
form.mail.data = user.get('mail')
form.uac_flags.data = [key for key, flag in
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if (flag[1] and
user['userAccountControl'] & key)]
return render_template("forms/basicform.html", form=form, title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def user_add():
title = "Add User"
if g.extra_fields:
form = UserAddExtraFields(request.form)
else:
form = UserAdd(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('sAMAccountName', form.user_name),
('mail', form.mail), (None, form.password),
(None, form.password_confirm),
('userAccountControl', form.uac_flags)]
if g.extra_fields:
extra_field_mapping = [('cUJAEPersonExternal', form.manual),
('cUJAEPersonType', form.person_type),
('cUJAEPersonDNI', form.dni)]
field_mapping += extra_field_mapping
form.visible_fields = [field[1] for field in field_mapping]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
]
if form.validate_on_submit():
try:
base = request.args.get("b'base")
base = base.rstrip("'")
# Default attributes
upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
attributes = {
'objectClass': [
b'top', b'person', b'organizationalPerson', b'user',
b'inetOrgPerson'
],
'UserPrincipalName': [upn.encode('utf-8')],
'accountExpires': [b"0"],
'lockoutTime': [b"0"],
}
for attribute, field in field_mapping:
if attribute == 'userAccountControl':
current_uac = 512
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if flag[1] and key in field.data:
current_uac += key
attributes[attribute] = [
str(current_uac).encode('utf-8')
]
elif attribute and field.data:
if isinstance(field, BooleanField):
if field.data:
attributes[attribute] = 'TRUE'.encode('utf-8')
else:
attributes[attribute] = 'FALSE'.encode('utf-8')
else:
attributes[attribute] = [
field.data.encode('utf-8')
]
if 'sn' in attributes:
attributes['displayName'] = attributes['givenName'][
0].decode('utf-8') + " " + attributes['sn'][0].decode(
'utf-8')
attributes['displayName'] = [
attributes['displayName'].encode('utf-8')
]
else:
attributes['displayName'] = attributes['givenName']
ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
attributes)
ldap_change_password(None, form.password.data,
form.user_name.data)
flash(u"User created successfully.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
print(form.errors)
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Adicionar Usuario",
parent=url_for('tree_base'))
def core_index():
return redirect(url_for("user_overview", username=g.ldap["username"]))
def user_overview(username):
title = "User details - %s" % username
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
admin = ldap_in_group(Settings.ADMIN_GROUP)
logged_user = g.ldap['username']
if logged_user == user['sAMAccountName'] or admin:
identity_fields = [('givenName', "Name"), ('sn', "Last Name"),
('displayName', "Full Name"),
('name', "Registry Name"),
('sAMAccountName', "Username"),
('mail', u"Email address")]
if 'title' in user:
identity_fields.append(('title', "Occupation"))
if 'telephoneNumber' in user:
identity_fields.append(('telephoneNumber', "Telephone"))
if Settings.USER_ATTRIBUTES:
for item in Settings.USER_ATTRIBUTES:
if item[0] in user:
if len(item) == 3 and item[2] == 'time':
datetime_field = (user[item[0]][6:8] + '/' +
user[item[0]][4:6] + '/' +
user[item[0]][0:4] + ' ' +
user[item[0]][8:10] + ':' +
user[item[0]][10:12] + ':' +
user[item[0]][12:14])
datetime_field = datetime.strptime(
datetime_field, '%d/%m/%Y %H:%M:%S')
user[item[0]] = datetime_field.astimezone(
timezone(Settings.TIMEZONE))
if item[0] == 'jpegPhoto':
imgbase64 = base64.b64encode(
user[item[0]]).decode()
user[item[
0]] = 'data:image/jpeg;base64,' + imgbase64
identity_fields.append((item[0], item[1]))
group_fields = [('sAMAccountName', "Name"),
('description', u"Description")]
user = ldap_get_user(username=username)
group_details = []
for group in ldap_get_membership(username):
group_details.append(ldap_get_group(group,
'distinguishedName'))
# group_details = [ldap_get_group(group, 'distinguishedName') for group in ldap_get_membership(username)]
group_details = list(filter(None, group_details))
groups = sorted(group_details,
key=lambda entry: entry['sAMAccountName'])
siccip_data = None
if 'pager' in user:
siccip_data = get_parsed_pager_attribute(user['pager'])
print(siccip_data)
available_groups = ldap_get_entries(
ldap_filter="(objectclass=group)", scope="subtree")
group_choices = [("_", "Select a Group")]
for group_entry in available_groups:
if not ldap_in_group(group_entry['sAMAccountName'], username):
group_choices += [(group_entry['distinguishedName'],
group_entry['sAMAccountName'])]
form = UserAddGroup(request.form)
form.available_groups.choices = group_choices
if not form.is_submitted():
form.available_groups.data = "_"
if form.validate_on_submit():
try:
group_to_add = form.available_groups.data
if group_to_add == "_":
flash(
u"You must choose a group from the drop-down list.",
"error")
else:
group = ldap_get_entry_simple({
'objectClass':
'group',
'distinguishedName':
group_to_add
})
if 'member' in group:
entries = set(group['member'])
else:
entries = set()
entries.add(user['distinguishedName'])
ldap_update_attribute(group_to_add, "member",
list(entries))
flash(u"User successfully added to group.", "success")
return redirect(url_for('user_overview',
username=username))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
parent = ",".join(user['distinguishedName'].split(',')[1:])
else:
abort(401)
return render_template("pages/user_overview_es.html",
g=g,
title=title,
form=form,
user=user,
identity_fields=identity_fields,
group_fields=group_fields,
admin=admin,
groups=groups,
siccip_data=siccip_data,
parent=parent,
uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)
def tree_base(base=None):
if not base:
base = g.ldap['dn']
elif not base.lower().endswith(g.ldap['dn'].lower()):
base += ",%s" % g.ldap['dn']
admin = ldap_in_group("Domain Admins")
entry_fields = [('name', "Name"), ('__description', "Description"),
('__type', "Type")]
entries = []
for entry in sorted(ldap_get_entries("objectClass=top", base,
"onelevel"),
key=lambda entry: entry['name']):
if 'description' not in entry:
if 'displayName' in entry:
entry['__description'] = entry['displayName']
else:
entry['__description'] = entry['description']
entry['__target'] = url_for('tree_base',
base=entry['distinguishedName'])
if 'user' in entry['objectClass']:
entry['__type'] = "User"
entry['__target'] = url_for('user_overview',
username=entry['sAMAccountName'])
elif 'group' in entry['objectClass']:
entry['__type'] = "Group"
entry['__target'] = url_for('group_overview',
groupname=entry['sAMAccountName'])
elif 'organizationalUnit' in entry['objectClass']:
entry['__type'] = "Organizational Unit"
elif 'container' in entry['objectClass']:
entry['__type'] = "Container"
elif 'builtinDomain' in entry['objectClass']:
entry['__type'] = "Built-in"
else:
entry['__type'] = "Unknown"
if 'showInAdvancedViewOnly' in entry \
and entry['showInAdvancedViewOnly']:
continue
for blacklist in TREE_BLACKLIST:
if entry['distinguishedName'].startswith(blacklist):
break
else:
entries.append(entry)
parent = None
base_split = base.split(',')
if not base_split[0].lower().startswith("dc"):
parent = ",".join(base_split[1:])
return render_template("pages/tree_base.html",
parent=parent,
admin=admin,
base=base,
entries=entries,
entry_fields=entry_fields)
def get_entries(filter_str, filter_select, base, scope):
"""
Get all entries that will be displayed in the tree
"""
entries = []
users = ldap_get_entries("objectClass=top",
base,
scope,
ignore_erros=True)
users = filter(lambda entry: 'displayName' in entry, users)
users = filter(lambda entry: 'sAMAccountName' in entry, users)
users = filter(lambda entry: filter_select in entry, users)
users = filter(lambda entry: filter_str in entry[filter_select], users)
users = sorted(users, key=lambda entry: entry['displayName'])
if filter_str == "top":
other_entries = ldap_get_entries("objectClass=top",
base,
scope,
ignore_erros=True)
other_entries = filter(lambda entry: 'displayName' not in entry,
other_entries)
other_entries = sorted(other_entries,
key=lambda entry: entry['name'])
else:
other_entries = []
for entry in users:
if 'description' not in entry:
if 'sAMAccountName' in entry:
entry['__description'] = entry['sAMAccountName']
else:
entry['__description'] = entry['description']
entry['__target'] = url_for('tree_base',
base=entry['distinguishedName'])
entry['name'] = entry['displayName']
entry['__type'] = "User"
entry['__target'] = url_for('user_overview',
username=entry['sAMAccountName'])
if 'user' in entry['objectClass']:
if entry['userAccountControl'] == 2:
entry['active'] = "Deactivated"
else:
entry['active'] = "Active"
else:
entry['active'] = "No available"
if 'showInAdvancedViewOnly' in entry and entry[
'showInAdvancedViewOnly']:
continue
entries.append(entry)
for entry in other_entries:
if entry not in users:
if 'description' not in entry:
if 'sAMAccountName' in entry:
entry['__description'] = entry['sAMAccountName']
else:
entry['__description'] = entry['description']
entry['__target'] = url_for('tree_base',
base=entry['distinguishedName'])
if 'group' in entry['objectClass']:
entry['__type'] = "Group"
entry['__target'] = url_for(
'group_overview', groupname=entry['sAMAccountName'])
elif 'organizationalUnit' in entry['objectClass']:
entry['__type'] = "Organization Unit"
elif 'container' in entry['objectClass']:
entry['__type'] = "Container"
elif 'builtinDomain' in entry['objectClass']:
entry['__type'] = "Built-in"
else:
entry['__type'] = "Unknown"
entries.append(entry)
for blacklist in Settings.TREE_BLACKLIST:
if entry['distinguishedName'].startswith(blacklist):
entries.remove(entry)
return entries
def group_edit(groupname):
title = "Edit group"
if not ldap_group_exists(groupname):
abort(404)
group = ldap_get_group(groupname)
# We can't edit system groups
if group['groupType'] & 1:
abort(401)
form = GroupEdit(request.form)
field_mapping = [('sAMAccountName', form.name),
('description', form.description),
(None, form.group_type),
('groupType', form.group_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.group_flags.choices = [(key, value[0]) for key, value in
LDAP_AD_GROUPTYPE_VALUES.items()
if value[1]]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
if value != group.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(group['distinguishedName'],
"sAMAccountName", value)
# Finish by renaming the whole record
ldap_update_attribute(group['distinguishedName'],
"cn", value)
group = ldap_get_group(value)
elif attribute == "groupType":
group_type = int(form.group_type.data) + \
int(form.group_flags.data)
ldap_update_attribute(
group['distinguishedName'], attribute,
str(
struct.unpack(
"i", struct.pack(
"I", int(group_type)))[0]))
elif attribute:
ldap_update_attribute(group['distinguishedName'],
attribute, value)
flash("Group successfully updated.", "success")
return redirect(url_for('group_overview',
groupname=form.name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.name.data = group.get('sAMAccountName')
form.description.data = group.get('description')
form.group_type.data = group['groupType'] & 2147483648
form.group_flags.data = 0
for key, flag in LDAP_AD_GROUPTYPE_VALUES.items():
if flag[1] and group['groupType'] & key:
form.group_flags.data += key
return render_template("forms/basicform.html", form=form, title=title,
action="Save changes",
parent=url_for('group_overview',
groupname=groupname))
def user_add():
title = "Add user"
base = request.args.get('base')
if not base:
base = "OU=People,%s" % g.ldap['dn']
form = UserAdd(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail), (None, form.password),
(None, form.password_confirm),
('userAccountControl', form.uac_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]
]
if form.validate_on_submit():
try:
# Default attributes
upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
attributes = {
'objectClass': "user",
'UserPrincipalName': upn,
'accountExpires': "0",
'lockoutTime': "0"
}
for attribute, field in field_mapping:
if attribute == 'userAccountControl':
current_uac = 512
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if flag[1] and key in field.data:
current_uac += key
attributes[attribute] = str(current_uac)
elif attribute and field.data:
attributes[attribute] = field.data
ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
attributes)
ldap_change_password(None, form.password.data,
form.user_name.data)
flash("User successfully created.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Add user",
parent=url_for('user_add'))
def core_logout():
session["logout"] = 1
return redirect(url_for("core_index"))
def user_edit_profile(username):
title = "Edit user"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserProfileEdit(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
('userAccountControl', form.uac_flags)]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]
]
form.visible_fields = [field[1] for field in field_mapping]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
if value != user.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(user['distinguishedName'],
"sAMAccountName", value)
ldap_update_attribute(
user['distinguishedName'], "userPrincipalName",
"%s@%s" % (value, g.ldap['domain']))
# Finish by renaming the whole record
ldap_update_attribute(user['distinguishedName'],
"cn", value)
user = ldap_get_user(value)
elif attribute == 'userAccountControl':
current_uac = user['userAccountControl']
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if not flag[1]:
continue
if key in value:
if not current_uac & key:
current_uac += key
else:
if current_uac & key:
current_uac -= key
ldap_update_attribute(user['distinguishedName'],
attribute, str(current_uac))
else:
ldap_update_attribute(user['distinguishedName'],
attribute, value)
flash("Profile successfully updated.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.first_name.data = user.get('givenName')
form.last_name.data = user.get('sn')
form.display_name.data = user.get('displayName')
form.user_name.data = user.get('sAMAccountName')
form.mail.data = user.get('mail')
form.uac_flags.data = [
key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if (flag[1] and user['userAccountControl'] & key)
]
return render_template("forms/basicform.html",
form=form,
title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def user_add():
title = "Add user"
base = request.args.get('base')
if not base:
base = "OU=People,%s" % g.ldap['dn']
form = UserAdd(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
(None, form.password),
(None, form.password_confirm),
('userAccountControl', form.uac_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.uac_flags.choices = [(key, value[0]) for key, value in
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]]
if form.validate_on_submit():
try:
# Default attributes
upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
attributes = {'objectClass': "user",
'UserPrincipalName': upn,
'accountExpires': "0",
'lockoutTime': "0"}
for attribute, field in field_mapping:
if attribute == 'userAccountControl':
current_uac = 512
for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES
.items()):
if flag[1] and key in field.data:
current_uac += key
attributes[attribute] = str(current_uac)
elif attribute and field.data:
attributes[attribute] = field.data
ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
attributes)
ldap_change_password(None, form.password.data,
form.user_name.data)
flash("User successfully created.", "success")
return redirect(url_for('user_overview',
username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html", form=form, title=title,
action="Add user",
parent=url_for('user_add'))
def user_edit_profile(username):
title = "Edit user"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserProfileEdit(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
('userAccountControl', form.uac_flags)]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
]
form.visible_fields = [field[1] for field in field_mapping]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
given_name = user.get('givenName')
last_name = user.get('lastName')
if value != user.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(user['distinguishedName'],
"sAMAccountName", value)
ldap_update_attribute(
user['distinguishedName'], "userPrincipalName",
"%s@%s" % (value, g.ldap['domain']))
# Finish by renaming the whole record
# TODO: refactor this to use rename_s instead of update
# ldap_update_attribute(user['distinguishedName'], "cn", value)
user = ldap_get_user(value)
elif attribute == 'userAccountControl':
current_uac = 512
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if flag[1] and key in field.data:
current_uac += key
ldap_update_attribute(user['distinguishedName'],
attribute, str(current_uac))
elif attribute == 'givenName':
given_name = value
ldap_update_attribute(user['distinguishedName'],
attribute, value)
displayName = given_name + ' ' + last_name
ldap_update_attribute(user['distinguishedName'],
'displayName', displayName)
elif attribute == 'sn':
last_name = value
ldap_update_attribute(user['distinguishedName'],
attribute, value)
displayName = given_name + ' ' + last_name
ldap_update_attribute(user['distinguishedName'],
'displayName', displayName)
else:
ldap_update_attribute(user['distinguishedName'],
attribute, value)
flash(u"Profile updated successfully.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
if not form.is_submitted():
form.first_name.data = user.get('givenName')
form.last_name.data = user.get('sn')
form.user_name.data = user.get('sAMAccountName')
form.mail.data = user.get('mail')
form.uac_flags.data = [
key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if (flag[1] and user['userAccountControl'] & key)
]
return render_template("forms/basicform.html",
form=form,
title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def core_index():
return redirect(url_for('user_overview', username=g.ldap['username']))
def core_logout():
session['logout'] = 1
return redirect(url_for('core_index'))
