From 5b7d67838b2b1a39d685af3aa4ba4ca1c3574172 Mon Sep 17 00:00:00 2001 From: downhill Date: Tue, 23 Oct 2018 18:13:25 +0200 Subject: [PATCH] bugfixing --- dal/dal/settings.py | 3 ++- dal/dal/views.py | 5 +++++ dal/userservice.conf.example | 2 ++ nameko-func.py | 19 ++++++++++--------- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/dal/dal/settings.py b/dal/dal/settings.py index 2bf5a7c..6acbc1c 100644 --- a/dal/dal/settings.py +++ b/dal/dal/settings.py @@ -23,10 +23,11 @@ config.read('userservice.conf') # LDAP config +AUTH_LDAP_SERVER_URI = config['LDAP']['LDAPSERVER'] # The search user AUTH_LDAP_BIND_DN = config['LDAP']['SEARCHUSER'] # The password for the search user -AUTH_LDAP_BIND_PASSWORD = config['LDAP']['SEARCHUSERPASSWORD'] +AUTH_LDAP_BIND_PASSWORD = config.get('LDAP','SEARCHUSERPASSWORD', raw=True) # Search union over two ou AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( LDAPSearch("ou=users,dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), diff --git a/dal/dal/views.py b/dal/dal/views.py index 3719ea3..aff11ca 100644 --- a/dal/dal/views.py +++ b/dal/dal/views.py @@ -100,6 +100,11 @@ class Register(View): if password1 != password2: return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Your passwords did not match. Please supply the same password twice.' } ) + # check for at least a bit of length on the password + if len(password1) < 8: + return render(request, 'error.html', { 'urlname': urlname, 'service': service, + 'error': 'Your password is too short, please use a longer one. At least 8 characters.' } ) + email = request.POST.get('email') # Is the emailaddress valid? try: diff --git a/dal/userservice.conf.example b/dal/userservice.conf.example index 6ab0867..a34bfbd 100644 --- a/dal/userservice.conf.example +++ b/dal/userservice.conf.example @@ -10,4 +10,6 @@ RABBITMQ = guest:guest@127.0.0.1 SEARCHUSER = uid=search,ou=system,dc=ungleich,dc=ch SEARCHUSERPASSWORD = fnord +# Set up which LDAP server to query for auth +LDAPSERVER = ldaps://ldap1.ungleich.ch diff --git a/nameko-func.py b/nameko-func.py index 1305c70..cc3012a 100644 --- a/nameko-func.py +++ b/nameko-func.py @@ -43,7 +43,7 @@ def ldapservers(): # returns the full dn def user_or_customer(uid): server = ldapservers() - conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) + conn = Connection(server, config['LDAP']['LDAPMANAGER'], config.get('LDAP','LDAPMANAGERPASSWORD', raw=True)) conn.bind() search_customers = conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid) if search_customers: @@ -67,7 +67,7 @@ class UserLookUp(object): # Setup the search parameter and connect to LDAP LDAP_UID = 'uid=%s' % user server = ldapservers() - conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) + conn = Connection(server, config['LDAP']['LDAPMANAGER'], config.get('LDAP','LDAPMANAGERPASSWORD', raw=True)) conn.bind() # Strange result. It keeps complaining LDAP_UID not set if I try to directly # substitute x and y to the if @@ -96,7 +96,7 @@ class CreateUser(object): def create_user(self, user, password, firstname, lastname, email): # Creates a user with some basic data server = ldapservers() - conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) + conn = Connection(server, config['LDAP']['LDAPMANAGER'], config.get('LDAP','LDAPMANAGERPASSWORD', raw=True)) if not conn.bind(): self.dispatch('ldap', '%s [Error CreateUser] Could not connect to LDAPserver\n' % datetime.now() ) return "Could not connect to LDAP Server." @@ -132,8 +132,9 @@ class CreateUser(object): newuid = 0 uidlist = [] for c in conn.response: - uidlist.append(c['attribute']['uidNumber']) - newuid = sorted(uidlist)[len(uidlist)-1] + uidlist.append(c['attributes']['uidNumber']) + # New uid is highest old uidnumber plus one + newuid = (sorted(uidlist)[len(uidlist)-1] + 1) return newuid @@ -148,7 +149,7 @@ class GetUserData(object): # Setup the search parameter and connect to LDAP LDAP_UID = 'uid=%s' % user server = ldapservers() - conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) + conn = Connection(server, config['LDAP']['LDAPMANAGER'], config.get('LDAP', 'LDAPMANAGERPASSWORD', raw=True)) conn.bind() if not conn.bound: self.dispatch('ldap', '%s [Error GetUserData] Could not connect to LDAP server.\n' % datetime.now() ) @@ -193,7 +194,7 @@ class ChangeUserData(object): LDAP_UID = 'uid=%s' % user server = ldapservers() # Establish connection with a user who can change the data - conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) + conn = Connection(server, config['LDAP']['LDAPMANAGER'], config.get('LDAP', 'LDAPMANAGERPASSWORD', raw=True)) if not conn.bind(): self.dispatch('ldap', '%s [Error ChangeUserData] Could not connect to LDAP server.\n' % datetime.now() ) return "Could not connect to LDAP server." @@ -241,7 +242,7 @@ class ChangePassword(object): def change_password(self, user, newpassword): LDAP_UID = 'uid=%s' % user server = ldapservers() - conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) + conn = Connection(server, config['LDAP']['LDAPMANAGER'], config.get('LDAP', 'LDAPMANAGERPASSWORD', raw=True)) if not conn.bind(): self.dispatch('ldap', '%s [Error ChangePassword] Could not connect to LDAP server.\n' % datetime.now() ) return "Could not connect to LDAP server." @@ -284,7 +285,7 @@ class DeleteUser(object): def delete_user(self, user): LDAP_UID = 'uid=%s' % user server = ldapservers() - conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) + conn = Connection(server, config['LDAP']['LDAPMANAGER'], config.get('LDAP', 'LDAPMANAGERPASSWORD', raw=True)) conn.bind() if not conn.bound: self.dispatch('ldap', '%s [Error DeleteUser] Could not connect to LDAP server.\n' % datetime.now() )