implement password change
This commit is contained in:
parent
bf5ba98ab8
commit
6446c09a01
3 changed files with 85 additions and 27 deletions
|
@ -12,6 +12,7 @@ from .helpers.ldap import (
|
|||
login_required,
|
||||
try_auth,
|
||||
update_user,
|
||||
update_user_password,
|
||||
)
|
||||
|
||||
app = Flask(__name__)
|
||||
|
@ -63,6 +64,7 @@ def logout():
|
|||
@login_required
|
||||
def selfservice(ldap):
|
||||
if request.method == "POST":
|
||||
if request.form.get("userdata"):
|
||||
try:
|
||||
update_user(
|
||||
ldap,
|
||||
|
@ -78,7 +80,6 @@ def selfservice(ldap):
|
|||
},
|
||||
)
|
||||
flash("data updated")
|
||||
return redirect(url_for("selfservice"))
|
||||
except LDAPException as e:
|
||||
app.logger.error(
|
||||
"Updating {} failed: {}\n{}".format(
|
||||
|
@ -88,7 +89,47 @@ def selfservice(ldap):
|
|||
),
|
||||
)
|
||||
flash(e)
|
||||
elif request.form.get("passwordchange"):
|
||||
validated = (True,)
|
||||
if not try_auth(
|
||||
session["username"],
|
||||
request.form["current"],
|
||||
):
|
||||
validated = False
|
||||
flash("current password does not match")
|
||||
|
||||
if request.form["new"] != request.form["repeat"]:
|
||||
validated = False
|
||||
flash("new passwords do not match")
|
||||
|
||||
if len(request.form["new"]) < 12:
|
||||
validated = False
|
||||
flash("new password must be atleast 12 characters")
|
||||
|
||||
if validated:
|
||||
try:
|
||||
update_user_password(
|
||||
ldap,
|
||||
session["username"],
|
||||
request.form["new"],
|
||||
)
|
||||
session["password"] = request.form["new"]
|
||||
flash("password changed")
|
||||
except LDAPException as e:
|
||||
app.logger.error(
|
||||
"Updating {} failed: {}\n{}".format(
|
||||
APP_CONFIG["template"]["user_dn"].format(
|
||||
session["username"]
|
||||
),
|
||||
repr(e),
|
||||
repr(request.form),
|
||||
),
|
||||
)
|
||||
flash(e)
|
||||
|
||||
return redirect(url_for("selfservice"))
|
||||
|
||||
print(session)
|
||||
return template(ldap, "selfservice.html")
|
||||
|
||||
|
||||
|
|
|
@ -3,8 +3,15 @@ from json import load
|
|||
from os import environ
|
||||
|
||||
from flask import redirect, session, url_for
|
||||
from ldap3 import ALL, ALL_ATTRIBUTES, MODIFY_REPLACE, Connection, Server
|
||||
from ldap3 import (
|
||||
ALL_ATTRIBUTES,
|
||||
HASHED_SALTED_SHA512,
|
||||
MODIFY_REPLACE,
|
||||
Connection,
|
||||
Server,
|
||||
)
|
||||
from ldap3.core.exceptions import LDAPException
|
||||
from ldap3.utils.hashed import hashed
|
||||
|
||||
with open(environ["APP_CONFIG"]) as f:
|
||||
APP_CONFIG = load(f)
|
||||
|
@ -112,5 +119,15 @@ def update_user(ldap, username, settings):
|
|||
)
|
||||
|
||||
|
||||
def update_user_password(ldap, username, password):
|
||||
return update_user(
|
||||
ldap,
|
||||
username,
|
||||
{
|
||||
"userPassword": hashed(HASHED_SALTED_SHA512, password),
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
class UserNotFoundException(Exception):
|
||||
pass
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<input type="submit" value="update" class="btn btn-primary mb-3"><br>
|
||||
<input type="submit" name="userdata" value="update" class="btn btn-primary mb-3"><br>
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
|
@ -71,7 +71,7 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<input type="submit" value="change password" class="btn btn-primary mb-3"><br>
|
||||
<input type="submit" name="passwordchange" value="change password" class="btn btn-primary mb-3"><br>
|
||||
</fieldset>
|
||||
</form>
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in a new issue