From b52f2de8d7ccd1ae8aa66086ca5ba7478484688b Mon Sep 17 00:00:00 2001 From: meow Date: Sat, 14 Dec 2019 14:29:45 +0500 Subject: [PATCH] now using hash func from utils.ldap_manager --- dynamicweb/settings/ldap_max_uid_file | 2 +- hosting/views.py | 6 ++++-- membership/models.py | 7 +++---- utils/backend.py | 2 +- utils/ldap_manager.py | 9 +++++---- 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/dynamicweb/settings/ldap_max_uid_file b/dynamicweb/settings/ldap_max_uid_file index d3cdc227..6cd35a3e 100644 --- a/dynamicweb/settings/ldap_max_uid_file +++ b/dynamicweb/settings/ldap_max_uid_file @@ -1 +1 @@ -10192 \ No newline at end of file +10200 \ No newline at end of file diff --git a/hosting/views.py b/hosting/views.py index 7ee1b93b..4633748a 100644 --- a/hosting/views.py +++ b/hosting/views.py @@ -398,10 +398,12 @@ class PasswordResetConfirmView(HostingContextMixin, if form.is_valid(): ldap_manager = LdapManager() new_password = form.cleaned_data['new_password2'] - user.create_ldap_account() + + user.create_ldap_account(new_password) user.set_password(new_password) user.save() - ldap_manager.change_password(user.username, user.password) + + ldap_manager.change_password(user.username, new_password) messages.success(request, _('Password has been reset.')) # Change opennebula password diff --git a/membership/models.py b/membership/models.py index dd7b1363..5ec6cb6c 100644 --- a/membership/models.py +++ b/membership/models.py @@ -50,7 +50,7 @@ class MyUserManager(BaseUserManager): user.is_admin = False user.set_password(password) user.save(using=self._db) - user.create_ldap_account() + user.create_ldap_account(password) return user def create_superuser(self, email, name, password): @@ -214,7 +214,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin): # The user is identified by their email address return self.email - def create_ldap_account(self): + def create_ldap_account(self, password): # create ldap account for user if it does not exists already. if self.in_ldap: return @@ -236,8 +236,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin): first_name, last_name = get_first_and_last_name(self.name) if not last_name: last_name = first_name - - ldap_manager.create_user(self.username, password=self.password, + ldap_manager.create_user(self.username, password=password, firstname=first_name, lastname=last_name, email=self.email) self.in_ldap = True diff --git a/utils/backend.py b/utils/backend.py index 485dfe93..cbf38d6c 100644 --- a/utils/backend.py +++ b/utils/backend.py @@ -13,7 +13,7 @@ class MyLDAPBackend(object): # User does not exists in Database return None else: - user.create_ldap_account() + user.create_ldap_account(password) if user.check_password(password): return user else: diff --git a/utils/ldap_manager.py b/utils/ldap_manager.py index ee16937d..fd039ad5 100644 --- a/utils/ldap_manager.py +++ b/utils/ldap_manager.py @@ -58,8 +58,7 @@ class LdapManager: SALT_BYTES = 15 sha1 = hashlib.sha1() - salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES, - "little") + salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES, "little") sha1.update(password) sha1.update(salt) @@ -104,7 +103,9 @@ class LdapManager: "loginShell": ["/bin/bash"], "homeDirectory": ["/home/{}".format(user).encode("utf-8")], "mail": email.encode("utf-8"), - "userPassword": [password.encode("utf-8")] + "userPassword": [self._ssha_password( + password.encode("utf-8") + )] } ) logger.debug('Created user %s %s' % (user.encode('utf-8'), @@ -139,7 +140,7 @@ class LdapManager: { "userpassword": ( ldap3.MODIFY_REPLACE, - [new_password.encode("utf-8")] + [self._ssha_password(new_password.encode("utf-8"))] ) } )