implement password change

This commit is contained in:
Franzi 2021-12-21 09:58:57 +01:00
parent bf5ba98ab8
commit 6446c09a01
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 85 additions and 27 deletions

View file

@ -12,6 +12,7 @@ from .helpers.ldap import (
login_required, login_required,
try_auth, try_auth,
update_user, update_user,
update_user_password,
) )
app = Flask(__name__) app = Flask(__name__)
@ -63,6 +64,7 @@ def logout():
@login_required @login_required
def selfservice(ldap): def selfservice(ldap):
if request.method == "POST": if request.method == "POST":
if request.form.get("userdata"):
try: try:
update_user( update_user(
ldap, ldap,
@ -78,7 +80,6 @@ def selfservice(ldap):
}, },
) )
flash("data updated") flash("data updated")
return redirect(url_for("selfservice"))
except LDAPException as e: except LDAPException as e:
app.logger.error( app.logger.error(
"Updating {} failed: {}\n{}".format( "Updating {} failed: {}\n{}".format(
@ -88,7 +89,47 @@ def selfservice(ldap):
), ),
) )
flash(e) flash(e)
elif request.form.get("passwordchange"):
validated = (True,)
if not try_auth(
session["username"],
request.form["current"],
):
validated = False
flash("current password does not match")
if request.form["new"] != request.form["repeat"]:
validated = False
flash("new passwords do not match")
if len(request.form["new"]) < 12:
validated = False
flash("new password must be atleast 12 characters")
if validated:
try:
update_user_password(
ldap,
session["username"],
request.form["new"],
)
session["password"] = request.form["new"]
flash("password changed")
except LDAPException as e:
app.logger.error(
"Updating {} failed: {}\n{}".format(
APP_CONFIG["template"]["user_dn"].format(
session["username"]
),
repr(e),
repr(request.form),
),
)
flash(e)
return redirect(url_for("selfservice"))
print(session)
return template(ldap, "selfservice.html") return template(ldap, "selfservice.html")

View file

@ -3,8 +3,15 @@ from json import load
from os import environ from os import environ
from flask import redirect, session, url_for from flask import redirect, session, url_for
from ldap3 import ALL, ALL_ATTRIBUTES, MODIFY_REPLACE, Connection, Server from ldap3 import (
ALL_ATTRIBUTES,
HASHED_SALTED_SHA512,
MODIFY_REPLACE,
Connection,
Server,
)
from ldap3.core.exceptions import LDAPException from ldap3.core.exceptions import LDAPException
from ldap3.utils.hashed import hashed
with open(environ["APP_CONFIG"]) as f: with open(environ["APP_CONFIG"]) as f:
APP_CONFIG = load(f) APP_CONFIG = load(f)
@ -112,5 +119,15 @@ def update_user(ldap, username, settings):
) )
def update_user_password(ldap, username, password):
return update_user(
ldap,
username,
{
"userPassword": hashed(HASHED_SALTED_SHA512, password),
},
)
class UserNotFoundException(Exception): class UserNotFoundException(Exception):
pass pass

View file

@ -42,7 +42,7 @@
</div> </div>
</div> </div>
<input type="submit" value="update" class="btn btn-primary mb-3"><br> <input type="submit" name="userdata" value="update" class="btn btn-primary mb-3"><br>
</fieldset> </fieldset>
</form> </form>
@ -71,7 +71,7 @@
</div> </div>
</div> </div>
<input type="submit" value="change password" class="btn btn-primary mb-3"><br> <input type="submit" name="passwordchange" value="change password" class="btn btn-primary mb-3"><br>
</fieldset> </fieldset>
</form> </form>
{% endblock %} {% endblock %}