diff --git a/ldap_frontend/__init__.py b/ldap_frontend/__init__.py
index d64b11e..0df32c8 100644
--- a/ldap_frontend/__init__.py
+++ b/ldap_frontend/__init__.py
@@ -12,6 +12,7 @@ from .helpers.ldap import (
login_required,
try_auth,
update_user,
+ update_user_password,
)
app = Flask(__name__)
@@ -63,32 +64,72 @@ def logout():
@login_required
def selfservice(ldap):
if request.method == "POST":
- try:
- update_user(
- ldap,
- session["username"],
- {
- "givenName": request.form["givenName"],
- "sn": request.form["sn"],
- "cn": "{} {}".format(
- request.form["givenName"],
- request.form["sn"],
+ if request.form.get("userdata"):
+ try:
+ update_user(
+ ldap,
+ session["username"],
+ {
+ "givenName": request.form["givenName"],
+ "sn": request.form["sn"],
+ "cn": "{} {}".format(
+ request.form["givenName"],
+ request.form["sn"],
+ ),
+ "mail": request.form["mail"],
+ },
+ )
+ flash("data updated")
+ except LDAPException as e:
+ app.logger.error(
+ "Updating {} failed: {}\n{}".format(
+ APP_CONFIG["template"]["user_dn"].format(session["username"]),
+ repr(e),
+ repr(request.form),
),
- "mail": request.form["mail"],
- },
- )
- flash("data updated")
- return redirect(url_for("selfservice"))
- except LDAPException as e:
- app.logger.error(
- "Updating {} failed: {}\n{}".format(
- APP_CONFIG["template"]["user_dn"].format(session["username"]),
- repr(e),
- repr(request.form),
- ),
- )
- flash(e)
+ )
+ flash(e)
+ elif request.form.get("passwordchange"):
+ validated = (True,)
+ if not try_auth(
+ session["username"],
+ request.form["current"],
+ ):
+ validated = False
+ flash("current password does not match")
+ if request.form["new"] != request.form["repeat"]:
+ validated = False
+ flash("new passwords do not match")
+
+ if len(request.form["new"]) < 12:
+ validated = False
+ flash("new password must be atleast 12 characters")
+
+ if validated:
+ try:
+ update_user_password(
+ ldap,
+ session["username"],
+ request.form["new"],
+ )
+ session["password"] = request.form["new"]
+ flash("password changed")
+ except LDAPException as e:
+ app.logger.error(
+ "Updating {} failed: {}\n{}".format(
+ APP_CONFIG["template"]["user_dn"].format(
+ session["username"]
+ ),
+ repr(e),
+ repr(request.form),
+ ),
+ )
+ flash(e)
+
+ return redirect(url_for("selfservice"))
+
+ print(session)
return template(ldap, "selfservice.html")
diff --git a/ldap_frontend/helpers/ldap.py b/ldap_frontend/helpers/ldap.py
index f3e8db2..b02d0f6 100644
--- a/ldap_frontend/helpers/ldap.py
+++ b/ldap_frontend/helpers/ldap.py
@@ -3,8 +3,15 @@ from json import load
from os import environ
from flask import redirect, session, url_for
-from ldap3 import ALL, ALL_ATTRIBUTES, MODIFY_REPLACE, Connection, Server
+from ldap3 import (
+ ALL_ATTRIBUTES,
+ HASHED_SALTED_SHA512,
+ MODIFY_REPLACE,
+ Connection,
+ Server,
+)
from ldap3.core.exceptions import LDAPException
+from ldap3.utils.hashed import hashed
with open(environ["APP_CONFIG"]) as f:
APP_CONFIG = load(f)
@@ -112,5 +119,15 @@ def update_user(ldap, username, settings):
)
+def update_user_password(ldap, username, password):
+ return update_user(
+ ldap,
+ username,
+ {
+ "userPassword": hashed(HASHED_SALTED_SHA512, password),
+ },
+ )
+
+
class UserNotFoundException(Exception):
pass
diff --git a/ldap_frontend/templates/selfservice.html b/ldap_frontend/templates/selfservice.html
index 7fc8e9b..fd6126a 100644
--- a/ldap_frontend/templates/selfservice.html
+++ b/ldap_frontend/templates/selfservice.html
@@ -42,7 +42,7 @@
-
+
@@ -71,7 +71,7 @@
-
+
{% endblock %}