implement password change

This commit is contained in:
Franzi 2021-12-21 09:58:57 +01:00
parent bf5ba98ab8
commit 6446c09a01
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 85 additions and 27 deletions

View file

@ -12,6 +12,7 @@ from .helpers.ldap import (
login_required,
try_auth,
update_user,
update_user_password,
)
app = Flask(__name__)
@ -63,32 +64,72 @@ def logout():
@login_required
def selfservice(ldap):
if request.method == "POST":
try:
update_user(
ldap,
session["username"],
{
"givenName": request.form["givenName"],
"sn": request.form["sn"],
"cn": "{} {}".format(
request.form["givenName"],
request.form["sn"],
if request.form.get("userdata"):
try:
update_user(
ldap,
session["username"],
{
"givenName": request.form["givenName"],
"sn": request.form["sn"],
"cn": "{} {}".format(
request.form["givenName"],
request.form["sn"],
),
"mail": request.form["mail"],
},
)
flash("data updated")
except LDAPException as e:
app.logger.error(
"Updating {} failed: {}\n{}".format(
APP_CONFIG["template"]["user_dn"].format(session["username"]),
repr(e),
repr(request.form),
),
"mail": request.form["mail"],
},
)
flash("data updated")
return redirect(url_for("selfservice"))
except LDAPException as e:
app.logger.error(
"Updating {} failed: {}\n{}".format(
APP_CONFIG["template"]["user_dn"].format(session["username"]),
repr(e),
repr(request.form),
),
)
flash(e)
)
flash(e)
elif request.form.get("passwordchange"):
validated = (True,)
if not try_auth(
session["username"],
request.form["current"],
):
validated = False
flash("current password does not match")
if request.form["new"] != request.form["repeat"]:
validated = False
flash("new passwords do not match")
if len(request.form["new"]) < 12:
validated = False
flash("new password must be atleast 12 characters")
if validated:
try:
update_user_password(
ldap,
session["username"],
request.form["new"],
)
session["password"] = request.form["new"]
flash("password changed")
except LDAPException as e:
app.logger.error(
"Updating {} failed: {}\n{}".format(
APP_CONFIG["template"]["user_dn"].format(
session["username"]
),
repr(e),
repr(request.form),
),
)
flash(e)
return redirect(url_for("selfservice"))
print(session)
return template(ldap, "selfservice.html")

View file

@ -3,8 +3,15 @@ from json import load
from os import environ
from flask import redirect, session, url_for
from ldap3 import ALL, ALL_ATTRIBUTES, MODIFY_REPLACE, Connection, Server
from ldap3 import (
ALL_ATTRIBUTES,
HASHED_SALTED_SHA512,
MODIFY_REPLACE,
Connection,
Server,
)
from ldap3.core.exceptions import LDAPException
from ldap3.utils.hashed import hashed
with open(environ["APP_CONFIG"]) as f:
APP_CONFIG = load(f)
@ -112,5 +119,15 @@ def update_user(ldap, username, settings):
)
def update_user_password(ldap, username, password):
return update_user(
ldap,
username,
{
"userPassword": hashed(HASHED_SALTED_SHA512, password),
},
)
class UserNotFoundException(Exception):
pass

View file

@ -42,7 +42,7 @@
</div>
</div>
<input type="submit" value="update" class="btn btn-primary mb-3"><br>
<input type="submit" name="userdata" value="update" class="btn btn-primary mb-3"><br>
</fieldset>
</form>
@ -71,7 +71,7 @@
</div>
</div>
<input type="submit" value="change password" class="btn btn-primary mb-3"><br>
<input type="submit" name="passwordchange" value="change password" class="btn btn-primary mb-3"><br>
</fieldset>
</form>
{% endblock %}