implement password change
This commit is contained in:
parent
bf5ba98ab8
commit
6446c09a01
GPG key ID:
12E3D2136B818350
3 changed files with 85 additions and 27 deletions
|
|
@ -12,6 +12,7 @@ from .helpers.ldap import (
|
||||||
login_required,
|
login_required,
|
||||||
try_auth,
|
try_auth,
|
||||||
update_user,
|
update_user,
|
||||||
|
update_user_password,
|
||||||
)
|
)
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
|
@ -63,32 +64,72 @@ def logout():
|
||||||
@login_required
|
@login_required
|
||||||
def selfservice(ldap):
|
def selfservice(ldap):
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
try:
|
if request.form.get("userdata"):
|
||||||
update_user(
|
try:
|
||||||
ldap,
|
update_user(
|
||||||
session["username"],
|
ldap,
|
||||||
{
|
session["username"],
|
||||||
"givenName": request.form["givenName"],
|
{
|
||||||
"sn": request.form["sn"],
|
"givenName": request.form["givenName"],
|
||||||
"cn": "{} {}".format(
|
"sn": request.form["sn"],
|
||||||
request.form["givenName"],
|
"cn": "{} {}".format(
|
||||||
request.form["sn"],
|
request.form["givenName"],
|
||||||
|
request.form["sn"],
|
||||||
|
),
|
||||||
|
"mail": request.form["mail"],
|
||||||
|
},
|
||||||
|
)
|
||||||
|
flash("data updated")
|
||||||
|
except LDAPException as e:
|
||||||
|
app.logger.error(
|
||||||
|
"Updating {} failed: {}\n{}".format(
|
||||||
|
APP_CONFIG["template"]["user_dn"].format(session["username"]),
|
||||||
|
repr(e),
|
||||||
|
repr(request.form),
|
||||||
),
|
),
|
||||||
"mail": request.form["mail"],
|
)
|
||||||
},
|
flash(e)
|
||||||
)
|
elif request.form.get("passwordchange"):
|
||||||
flash("data updated")
|
validated = (True,)
|
||||||
return redirect(url_for("selfservice"))
|
if not try_auth(
|
||||||
except LDAPException as e:
|
session["username"],
|
||||||
app.logger.error(
|
request.form["current"],
|
||||||
"Updating {} failed: {}\n{}".format(
|
):
|
||||||
APP_CONFIG["template"]["user_dn"].format(session["username"]),
|
validated = False
|
||||||
repr(e),
|
flash("current password does not match")
|
||||||
repr(request.form),
|
|
||||||
),
|
|
||||||
)
|
|
||||||
flash(e)
|
|
||||||
|
|
||||||
|
if request.form["new"] != request.form["repeat"]:
|
||||||
|
validated = False
|
||||||
|
flash("new passwords do not match")
|
||||||
|
|
||||||
|
if len(request.form["new"]) < 12:
|
||||||
|
validated = False
|
||||||
|
flash("new password must be atleast 12 characters")
|
||||||
|
|
||||||
|
if validated:
|
||||||
|
try:
|
||||||
|
update_user_password(
|
||||||
|
ldap,
|
||||||
|
session["username"],
|
||||||
|
request.form["new"],
|
||||||
|
)
|
||||||
|
session["password"] = request.form["new"]
|
||||||
|
flash("password changed")
|
||||||
|
except LDAPException as e:
|
||||||
|
app.logger.error(
|
||||||
|
"Updating {} failed: {}\n{}".format(
|
||||||
|
APP_CONFIG["template"]["user_dn"].format(
|
||||||
|
session["username"]
|
||||||
|
),
|
||||||
|
repr(e),
|
||||||
|
repr(request.form),
|
||||||
|
),
|
||||||
|
)
|
||||||
|
flash(e)
|
||||||
|
|
||||||
|
return redirect(url_for("selfservice"))
|
||||||
|
|
||||||
|
print(session)
|
||||||
return template(ldap, "selfservice.html")
|
return template(ldap, "selfservice.html")
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,15 @@ from json import load
|
||||||
from os import environ
|
from os import environ
|
||||||
|
|
||||||
from flask import redirect, session, url_for
|
from flask import redirect, session, url_for
|
||||||
from ldap3 import ALL, ALL_ATTRIBUTES, MODIFY_REPLACE, Connection, Server
|
from ldap3 import (
|
||||||
|
ALL_ATTRIBUTES,
|
||||||
|
HASHED_SALTED_SHA512,
|
||||||
|
MODIFY_REPLACE,
|
||||||
|
Connection,
|
||||||
|
Server,
|
||||||
|
)
|
||||||
from ldap3.core.exceptions import LDAPException
|
from ldap3.core.exceptions import LDAPException
|
||||||
|
from ldap3.utils.hashed import hashed
|
||||||
|
|
||||||
with open(environ["APP_CONFIG"]) as f:
|
with open(environ["APP_CONFIG"]) as f:
|
||||||
APP_CONFIG = load(f)
|
APP_CONFIG = load(f)
|
||||||
|
|
@ -112,5 +119,15 @@ def update_user(ldap, username, settings):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def update_user_password(ldap, username, password):
|
||||||
|
return update_user(
|
||||||
|
ldap,
|
||||||
|
username,
|
||||||
|
{
|
||||||
|
"userPassword": hashed(HASHED_SALTED_SHA512, password),
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class UserNotFoundException(Exception):
|
class UserNotFoundException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<input type="submit" value="update" class="btn btn-primary mb-3"><br>
|
<input type="submit" name="userdata" value="update" class="btn btn-primary mb-3"><br>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
|
@ -71,7 +71,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<input type="submit" value="change password" class="btn btn-primary mb-3"><br>
|
<input type="submit" name="passwordchange" value="change password" class="btn btn-primary mb-3"><br>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue