now using hash func from utils.ldap_manager

2019-12-14 14:29:45 +05:00 · 2019-12-14 14:29:45 +05:00 · b52f2de8d7
commit b52f2de8d7
parent 2a1932e052
5 changed files with 14 additions and 12 deletions
--- a/dynamicweb/settings/ldap_max_uid_file
+++ b/dynamicweb/settings/ldap_max_uid_file
@ -1 +1 @@
-10192
+10200
--- a/hosting/views.py
+++ b/hosting/views.py
@ -398,10 +398,12 @@ class PasswordResetConfirmView(HostingContextMixin,
            if form.is_valid():
                ldap_manager = LdapManager()
                new_password = form.cleaned_data['new_password2']
-                user.create_ldap_account()
+
+                user.create_ldap_account(new_password)
                user.set_password(new_password)
                user.save()
-                ldap_manager.change_password(user.username, user.password)
+
+                ldap_manager.change_password(user.username, new_password)
                messages.success(request, _('Password has been reset.'))

                # Change opennebula password
--- a/membership/models.py
+++ b/membership/models.py
@ -50,7 +50,7 @@ class MyUserManager(BaseUserManager):
        user.is_admin = False
        user.set_password(password)
        user.save(using=self._db)
-        user.create_ldap_account()
+        user.create_ldap_account(password)
        return user

    def create_superuser(self, email, name, password):
@ -214,7 +214,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
        # The user is identified by their email address
        return self.email

-    def create_ldap_account(self):
+    def create_ldap_account(self, password):
        # create ldap account for user if it does not exists already.
        if self.in_ldap:
            return
@ -236,8 +236,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
                first_name, last_name = get_first_and_last_name(self.name)
                if not last_name:
                    last_name = first_name
-
-                ldap_manager.create_user(self.username, password=self.password,
+                ldap_manager.create_user(self.username, password=password,
                                         firstname=first_name, lastname=last_name,
                                         email=self.email)
                self.in_ldap = True
--- a/utils/backend.py
+++ b/utils/backend.py
@ -13,7 +13,7 @@ class MyLDAPBackend(object):
            # User does not exists in Database
            return None
        else:
-            user.create_ldap_account()
+            user.create_ldap_account(password)
            if user.check_password(password):
                return user
            else:
--- a/utils/ldap_manager.py
+++ b/utils/ldap_manager.py
@ -58,8 +58,7 @@ class LdapManager:
        SALT_BYTES = 15

        sha1 = hashlib.sha1()
-        salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES,
-                                                               "little")
+        salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES, "little")
        sha1.update(password)
        sha1.update(salt)

@ -104,7 +103,9 @@ class LdapManager:
                    "loginShell": ["/bin/bash"],
                    "homeDirectory": ["/home/{}".format(user).encode("utf-8")],
                    "mail": email.encode("utf-8"),
-                    "userPassword": [password.encode("utf-8")]
+                    "userPassword": [self._ssha_password(
+                        password.encode("utf-8")
+                    )]
                }
            )
            logger.debug('Created user %s %s' % (user.encode('utf-8'),
@ -139,7 +140,7 @@ class LdapManager:
                    {
                        "userpassword": (
                            ldap3.MODIFY_REPLACE,
-                            [new_password.encode("utf-8")]
+                            [self._ssha_password(new_password.encode("utf-8"))]
                        )
                    }
                )