diff --git a/dal/views.py b/dal/views.py index 419e3b0..a1ff4a2 100644 --- a/dal/views.py +++ b/dal/views.py @@ -10,6 +10,7 @@ from django.contrib.auth.tokens import PasswordResetTokenGenerator from django.core.mail import EmailMessage from .models import ResetToken from .forms import LoginForm +from .ungleich_ldap import LdapManager # Imports for the extra stuff not in django @@ -28,75 +29,6 @@ import ldap.modlist as modlist from django.conf import settings - -class LDAP(object): - def __init__(self): - self.uri = settings.AUTH_LDAP_SERVER_URI - self.user = settings.LDAP_ADMIN_DN - self.password = settings.LDAP_ADMIN_PASSWORD - - # FIXME: take from settings - self.search_base = os.environ['LDAPSEARCH'] - self.search_scope = ldap.SCOPE_SUBTREE - self.search_filter = "objectClass=inetOrgPerson" - - # FIXME: hard coded - self.dn = "uid={{}},{}".format(settings.LDAP_CUSTOMER_DN) - self.gid = "10004" - - self.conn = ldap.initialize(self.uri) - if settings.AUTH_LDAP_START_TLS: - self.conn.start_tls_s() - - self.conn.bind_s(self.user, self.password) - - - def check_user_exists(self, username): - exists = False - - result = self.conn.search_s(self.search_base, - self.search_scope, - self.dn.format(username)) - if len(result) > 0: - exists = True - - return exists - - def create_user(self, user, password, firstname, lastname, email): - dn = self.dn.format(user) - attr = { - "objectClass": ["inetOrgPerson".encode("utf-8"), - "posixAccount".encode("utf-8"), - "ldapPublickey".encode("utf-8")], - "uid": [user.encode("utf-8")], - "sn": [lastname.encode("utf-8")], - "givenName": [firstname.encode("utf-8")], - "cn": ["{} {}".format(firstname, lastname).encode("utf-8")], - "displayName": ["{} {}".format(firstname, lastname).encode("utf-8")], - "uidNumber": ["{}".format(self.get_new_uid_number()).encode("utf-8")], - "gidNumber": [self.gid.encode("utf-8")], - "loginShell": ["/bin/bash".encode("utf-8")], - "homeDirectory": ["/home/{}".format(user).encode("utf-8")], - "mail": email.encode("utf-8"), - "userPassword": password.encode("utf-8") - } - - ldif = modlist.addModlist(attr) - - print("just before: {} {}".format(dn, ldif)) - return self.conn.add_s(dn, ldif) - - def get_new_uid_number(self): - uidlist = [0] - - for result in self.conn.search_s(self.search_base, - self.search_scope, - self.search_filter): - if 'uidNumber' in result[1]: - uidlist.append(int(result[1]['uidNumber'][0])) - - return sorted(uidlist)[-1] + 1 - class Index(FormView): template_name = "landing.html" form_class = LoginForm @@ -117,8 +49,6 @@ class Register(View): # Someone filled out the register page, do some basic checks and throw it at nameko def post(self, request): - l = LDAP() - service = 'register an user' urlname = 'register' username = request.POST.get('username') @@ -126,9 +56,6 @@ class Register(View): if username == "" or not username: return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please supply a username.' } ) - if l.check_user_exists(username): - return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'User already exists.' } ) - password1 = request.POST.get('password1') password2 = request.POST.get('password2') if password1 != password2: @@ -155,7 +82,10 @@ class Register(View): pwd = r'%s' % password1 try: - l.create_user(username, pwd, firstname, lastname, email) + ldap_manager = LdapManager() + ldap_manager.create_user( + username, pwd, firstname, lastname, email + ) except Exception as e: return render(request, 'error.html', { 'urlname': urlname, 'service': service, @@ -343,7 +273,6 @@ class ResetRequest(View): return render(request, 'error.html', { 'service': service, 'error': 'The password is too short, please use a longer one. At least 8 characters.' } ) # everything checks out, now change the password - from .ungleich_ldap import LdapManager ldap_manager = LdapManager() result = ldap_manager.change_password( ("uid={uid}," + settings.LDAP_CUSTOMER_DN).format(uid=user),