now using hash func from utils.ldap_manager

This commit is contained in:
ahmadbilalkhalid 2019-12-14 14:29:45 +05:00
parent 2a1932e052
commit b52f2de8d7
5 changed files with 14 additions and 12 deletions

View file

@ -1 +1 @@
10192 10200

View file

@ -398,10 +398,12 @@ class PasswordResetConfirmView(HostingContextMixin,
if form.is_valid(): if form.is_valid():
ldap_manager = LdapManager() ldap_manager = LdapManager()
new_password = form.cleaned_data['new_password2'] new_password = form.cleaned_data['new_password2']
user.create_ldap_account()
user.create_ldap_account(new_password)
user.set_password(new_password) user.set_password(new_password)
user.save() user.save()
ldap_manager.change_password(user.username, user.password)
ldap_manager.change_password(user.username, new_password)
messages.success(request, _('Password has been reset.')) messages.success(request, _('Password has been reset.'))
# Change opennebula password # Change opennebula password

View file

@ -50,7 +50,7 @@ class MyUserManager(BaseUserManager):
user.is_admin = False user.is_admin = False
user.set_password(password) user.set_password(password)
user.save(using=self._db) user.save(using=self._db)
user.create_ldap_account() user.create_ldap_account(password)
return user return user
def create_superuser(self, email, name, password): def create_superuser(self, email, name, password):
@ -214,7 +214,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
# The user is identified by their email address # The user is identified by their email address
return self.email return self.email
def create_ldap_account(self): def create_ldap_account(self, password):
# create ldap account for user if it does not exists already. # create ldap account for user if it does not exists already.
if self.in_ldap: if self.in_ldap:
return return
@ -236,8 +236,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
first_name, last_name = get_first_and_last_name(self.name) first_name, last_name = get_first_and_last_name(self.name)
if not last_name: if not last_name:
last_name = first_name last_name = first_name
ldap_manager.create_user(self.username, password=password,
ldap_manager.create_user(self.username, password=self.password,
firstname=first_name, lastname=last_name, firstname=first_name, lastname=last_name,
email=self.email) email=self.email)
self.in_ldap = True self.in_ldap = True

View file

@ -13,7 +13,7 @@ class MyLDAPBackend(object):
# User does not exists in Database # User does not exists in Database
return None return None
else: else:
user.create_ldap_account() user.create_ldap_account(password)
if user.check_password(password): if user.check_password(password):
return user return user
else: else:

View file

@ -58,8 +58,7 @@ class LdapManager:
SALT_BYTES = 15 SALT_BYTES = 15
sha1 = hashlib.sha1() sha1 = hashlib.sha1()
salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES, salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES, "little")
"little")
sha1.update(password) sha1.update(password)
sha1.update(salt) sha1.update(salt)
@ -104,7 +103,9 @@ class LdapManager:
"loginShell": ["/bin/bash"], "loginShell": ["/bin/bash"],
"homeDirectory": ["/home/{}".format(user).encode("utf-8")], "homeDirectory": ["/home/{}".format(user).encode("utf-8")],
"mail": email.encode("utf-8"), "mail": email.encode("utf-8"),
"userPassword": [password.encode("utf-8")] "userPassword": [self._ssha_password(
password.encode("utf-8")
)]
} }
) )
logger.debug('Created user %s %s' % (user.encode('utf-8'), logger.debug('Created user %s %s' % (user.encode('utf-8'),
@ -139,7 +140,7 @@ class LdapManager:
{ {
"userpassword": ( "userpassword": (
ldap3.MODIFY_REPLACE, ldap3.MODIFY_REPLACE,
[new_password.encode("utf-8")] [self._ssha_password(new_password.encode("utf-8"))]
) )
} }
) )