Merge remote-tracking branch 'mainRepo/master' into feature/VAT_number
This commit is contained in:
commit
c9de757bc7
19 changed files with 521 additions and 45 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -10,7 +10,7 @@ __pycache__/
|
|||
.ropeproject/
|
||||
#django
|
||||
local_settings.py
|
||||
|
||||
Pipfile
|
||||
media/
|
||||
!media/keep
|
||||
/CACHE/
|
||||
|
@ -43,3 +43,4 @@ secret-key
|
|||
# to keep empty dirs
|
||||
!.gitkeep
|
||||
*.orig
|
||||
.vscode/settings.json
|
||||
|
|
12
Changelog
12
Changelog
|
@ -1,3 +1,15 @@
|
|||
2.8: 2019-12-20
|
||||
* ldap_migration: Migrate django users to Ldap
|
||||
Notes for deployment:
|
||||
```
|
||||
1. Git Pull
|
||||
2. Ensure the newly dependencies in requirements.txt are installed
|
||||
3. Put new values in .env
|
||||
4. Run migrations
|
||||
5. Restart uwsgi
|
||||
```
|
||||
2.7.3: 2019-12-18
|
||||
* Bugfix: Swiss VAT being wrongly added to non-EU customers
|
||||
2.7.2: 2019-12-17
|
||||
* Add vat rates for AD, TK and IS
|
||||
* Improve billing address' string representation
|
||||
|
|
|
@ -10,13 +10,35 @@ Requirements
|
|||
|
||||
Install
|
||||
=======
|
||||
|
||||
.. note::
|
||||
lxml that is one of the dependency of dynamicweb couldn't
|
||||
get build on Python 3.7 so, please use Python 3.5.
|
||||
|
||||
|
||||
First install packages from requirements.archlinux.txt or
|
||||
requirements.debian.txt based on your distribution.
|
||||
|
||||
|
||||
The quick way:
|
||||
``pip install -r requirements.txt``
|
||||
|
||||
Next find the dump.db file on stagging server. Path for the file is under the base application folder.
|
||||
|
||||
or you can create one for yourself by running the following commands on dynamicweb server
|
||||
|
||||
.. code:: sh
|
||||
|
||||
sudo su - postgres
|
||||
pg_dump app > /tmp/postgres_db.bak
|
||||
exit
|
||||
cp /tmp/postgres_db.bak /root/postgres_db.bak
|
||||
|
||||
Now, you can download this using sftp.
|
||||
|
||||
|
||||
Install the postgresql server and import the database::
|
||||
``psql -d app < dump.db``
|
||||
``psql -d app -U root < dump.db``
|
||||
|
||||
**No migration is needed after a clean install, and You are ready to start developing.**
|
||||
|
||||
|
@ -27,7 +49,7 @@ Master branch is currently used on `Digital Glarus <https://digitalglarus.unglei
|
|||
|
||||
If You are starting to create a new feature fork the github `repo <https://github.com/ungleich/dynamicweb>`_ and branch the development branch.
|
||||
|
||||
After You have complited the task create a pull request and ask someone to review the code from other developers.
|
||||
After You have completed the task, create a pull request and ask someone to review the code from other developers.
|
||||
|
||||
**Cheat sheet for branching and forking**:
|
||||
|
||||
|
|
|
@ -625,6 +625,7 @@ class OrderConfirmationView(DetailView, FormView):
|
|||
vm_specs["vat_country"] = user_vat_country
|
||||
vm_specs["discount"] = discount
|
||||
vm_specs["total_price"] = round(price + vat - discount['amount'], 2)
|
||||
request.session['specs'] = vm_specs
|
||||
|
||||
context.update({
|
||||
'vm': vm_specs,
|
||||
|
|
|
@ -52,7 +52,7 @@ PROJECT_DIR = os.path.abspath(
|
|||
)
|
||||
|
||||
# load .env file
|
||||
dotenv.read_dotenv("{0}/.env".format(PROJECT_DIR))
|
||||
dotenv.load_dotenv("{0}/.env".format(PROJECT_DIR))
|
||||
|
||||
from multisite import SiteID
|
||||
|
||||
|
@ -244,8 +244,9 @@ DATABASES = {
|
|||
}
|
||||
|
||||
AUTHENTICATION_BACKENDS = (
|
||||
'utils.backend.MyLDAPBackend',
|
||||
'guardian.backends.ObjectPermissionBackend',
|
||||
'django.contrib.auth.backends.ModelBackend',
|
||||
|
||||
)
|
||||
|
||||
# Internationalization
|
||||
|
@ -721,6 +722,31 @@ X_FRAME_OPTIONS = ('SAMEORIGIN' if X_FRAME_OPTIONS_ALLOW_FROM_URI is None else
|
|||
|
||||
DEBUG = bool_env('DEBUG')
|
||||
|
||||
|
||||
# LDAP setup
|
||||
LDAP_ADMIN_DN = env('LDAP_ADMIN_DN')
|
||||
LDAP_ADMIN_PASSWORD = env('LDAP_ADMIN_PASSWORD')
|
||||
AUTH_LDAP_SERVER = env('LDAPSERVER')
|
||||
|
||||
LDAP_CUSTOMER_DN = env('LDAP_CUSTOMER_DN')
|
||||
LDAP_CUSTOMER_GROUP_ID = int(env('LDAP_CUSTOMER_GROUP_ID'))
|
||||
LDAP_MAX_UID_FILE_PATH = os.environ.get('LDAP_MAX_UID_FILE_PATH',
|
||||
os.path.join(os.path.abspath(os.path.dirname(__file__)), 'ldap_max_uid_file')
|
||||
)
|
||||
LDAP_DEFAULT_START_UID = int(env('LDAP_DEFAULT_START_UID'))
|
||||
|
||||
# Search union over OUs
|
||||
AUTH_LDAP_START_TLS = bool(os.environ.get('LDAP_USE_TLS', False))
|
||||
|
||||
ENTIRE_SEARCH_BASE = env("ENTIRE_SEARCH_BASE")
|
||||
|
||||
|
||||
AUTH_LDAP_USER_ATTR_MAP = {
|
||||
"first_name": "givenName",
|
||||
"last_name": "sn",
|
||||
"email": "mail"
|
||||
}
|
||||
|
||||
READ_VM_REALM = env('READ_VM_REALM')
|
||||
AUTH_NAME = env('AUTH_NAME')
|
||||
AUTH_SEED = env('AUTH_SEED')
|
||||
|
|
|
@ -23,7 +23,6 @@
|
|||
|
||||
.hosting-dashboard .dashboard-container-head {
|
||||
color: #fff;
|
||||
margin-bottom: 60px;
|
||||
}
|
||||
|
||||
.hosting-dashboard-item {
|
||||
|
|
|
@ -248,6 +248,9 @@
|
|||
.dashboard-title-thin {
|
||||
font-size: 22px;
|
||||
}
|
||||
.dashboard-greetings-thin {
|
||||
font-size: 16px;
|
||||
}
|
||||
}
|
||||
|
||||
.btn-vm-invoice {
|
||||
|
@ -315,6 +318,11 @@
|
|||
font-size: 32px;
|
||||
}
|
||||
|
||||
.dashboard-greetings-thin {
|
||||
font-weight: 300;
|
||||
font-size: 24px;
|
||||
}
|
||||
|
||||
.dashboard-title-thin .un-icon {
|
||||
height: 34px;
|
||||
margin-right: 5px;
|
||||
|
@ -411,6 +419,9 @@
|
|||
.dashboard-title-thin {
|
||||
font-size: 22px;
|
||||
}
|
||||
.dashboard-greetings-thin {
|
||||
font-size: 16px;
|
||||
}
|
||||
.dashboard-title-thin .un-icon {
|
||||
height: 22px;
|
||||
width: 22px;
|
||||
|
|
|
@ -7,6 +7,9 @@
|
|||
<div class="dashboard-container-head">
|
||||
<h1 class="dashboard-title-thin">{% trans "My Dashboard" %}</h1>
|
||||
</div>
|
||||
<div style="color:#fff; font-size: 18px; font-weight:300; padding: 0 8px; margin-top: 30px; margin-bottom: 30px;">
|
||||
{% trans "Welcome" %} {{request.user.name}}
|
||||
</div>
|
||||
<div class="hosting-dashboard-content">
|
||||
<a href="{% url 'hosting:create_virtual_machine' %}" class="hosting-dashboard-item">
|
||||
<h2>{% trans "Create VM" %}</h2>
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
</li>
|
||||
<li class="dropdown highlights-dropdown">
|
||||
<a class="dropdown-toggle" role="button" data-toggle="dropdown" href="#">
|
||||
<i class="fa fa-fw fa-user"></i> {{request.user.name}} <span class="fa fa-fw fa-caret-down"></span>
|
||||
<i class="fa fa-fw fa-user"></i> {{request.user.username}} <span class="fa fa-fw fa-caret-down"></span>
|
||||
</a>
|
||||
<ul id="g-account-menu" class="dropdown-menu" role="menu">
|
||||
<li><a href="{% url 'hosting:logout' %}">{% trans "Logout"%}</a></li>
|
||||
|
|
|
@ -15,6 +15,10 @@
|
|||
<div class="settings-container">
|
||||
<div class="row">
|
||||
<div class="col-sm-5 col-md-6 billing dcl-billing">
|
||||
<h3><b>{%trans "My Username"%}</b></h3>
|
||||
<hr class="top-hr">
|
||||
<p>{{request.user.username}}</p>
|
||||
<br>
|
||||
<h3>{%trans "Billing Address" %}</h3>
|
||||
<hr>
|
||||
<form role="form" id="billing-form" method="post" action="" novalidate>
|
||||
|
|
|
@ -57,6 +57,8 @@ from utils.hosting_utils import (
|
|||
from utils.mailer import BaseEmail
|
||||
from utils.stripe_utils import StripeUtils
|
||||
from utils.tasks import send_plain_email_task
|
||||
from utils.ldap_manager import LdapManager
|
||||
|
||||
from utils.views import (
|
||||
PasswordResetViewMixin, PasswordResetConfirmViewMixin, LoginViewMixin,
|
||||
ResendActivationLinkViewMixin
|
||||
|
@ -394,16 +396,25 @@ class PasswordResetConfirmView(HostingContextMixin,
|
|||
if user is not None and default_token_generator.check_token(user,
|
||||
token):
|
||||
if form.is_valid():
|
||||
ldap_manager = LdapManager()
|
||||
new_password = form.cleaned_data['new_password2']
|
||||
|
||||
# Make sure the user have an ldap account already
|
||||
user.create_ldap_account(new_password)
|
||||
|
||||
# We are changing password in ldap before changing in database because
|
||||
# ldap have more chances of failure than local database
|
||||
if ldap_manager.change_password(user.username, new_password):
|
||||
user.set_password(new_password)
|
||||
user.save()
|
||||
|
||||
messages.success(request, _('Password has been reset.'))
|
||||
|
||||
# Change opennebula password
|
||||
opennebula_client.change_user_password(user.password)
|
||||
|
||||
return self.form_valid(form)
|
||||
else:
|
||||
|
||||
messages.error(
|
||||
request, _('Password reset has not been successful.'))
|
||||
form.add_error(None,
|
||||
|
|
31
membership/migrations/0011_auto_20191218_1050.py
Normal file
31
membership/migrations/0011_auto_20191218_1050.py
Normal file
|
@ -0,0 +1,31 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.9.4 on 2019-12-18 10:50
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations, models
|
||||
import membership.models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('membership', '0010_customuser_import_stripe_bill_remark'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='customuser',
|
||||
name='in_ldap',
|
||||
field=models.BooleanField(default=False),
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name='customuser',
|
||||
name='username',
|
||||
field=models.CharField(max_length=60, null=True, unique=True),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name='customuser',
|
||||
name='name',
|
||||
field=models.CharField(max_length=50, validators=[membership.models.validate_name]),
|
||||
),
|
||||
]
|
|
@ -1,20 +0,0 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.9.4 on 2019-12-17 16:37
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('membership', '0010_customuser_import_stripe_bill_remark'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='customuser',
|
||||
name='vat_number',
|
||||
field=models.CharField(default='', max_length=100),
|
||||
),
|
||||
]
|
|
@ -1,5 +1,8 @@
|
|||
from datetime import datetime
|
||||
import logging
|
||||
import random
|
||||
import unicodedata
|
||||
|
||||
from datetime import datetime
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.hashers import make_password
|
||||
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager, \
|
||||
|
@ -7,13 +10,17 @@ from django.contrib.auth.models import AbstractBaseUser, BaseUserManager, \
|
|||
from django.contrib.sites.models import Site
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.core.validators import RegexValidator
|
||||
from django.db import models
|
||||
from django.db import models, IntegrityError
|
||||
from django.utils.crypto import get_random_string
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.core.exceptions import ValidationError
|
||||
|
||||
from utils.mailer import BaseEmail
|
||||
from utils.mailer import DigitalGlarusRegistrationMailer
|
||||
from utils.stripe_utils import StripeUtils
|
||||
from utils.ldap_manager import LdapManager
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
REGISTRATION_MESSAGE = {'subject': "Validation mail",
|
||||
'message': 'Please validate Your account under this link '
|
||||
|
@ -42,6 +49,7 @@ class MyUserManager(BaseUserManager):
|
|||
user.is_admin = False
|
||||
user.set_password(password)
|
||||
user.save(using=self._db)
|
||||
user.create_ldap_account(password)
|
||||
return user
|
||||
|
||||
def create_superuser(self, email, name, password):
|
||||
|
@ -63,14 +71,56 @@ def get_validation_slug():
|
|||
return make_password(None)
|
||||
|
||||
|
||||
def get_first_and_last_name(full_name):
|
||||
first_name, *last_name = full_name.split(" ")
|
||||
last_name = " ".join(last_name)
|
||||
return first_name, last_name
|
||||
|
||||
|
||||
def assign_username(user):
|
||||
if not user.username:
|
||||
ldap_manager = LdapManager()
|
||||
|
||||
# Try to come up with a username
|
||||
first_name, last_name = get_first_and_last_name(user.name)
|
||||
user.username = unicodedata.normalize('NFKD', first_name + last_name)
|
||||
user.username = "".join([char for char in user.username if char.isalnum()]).lower()
|
||||
exist = True
|
||||
while exist:
|
||||
# Check if it exists
|
||||
exist, entries = ldap_manager.check_user_exists(user.username)
|
||||
if exist:
|
||||
# If username exists in ldap, come up with a new user name and check it again
|
||||
user.username = user.username + str(random.randint(0, 2 ** 10))
|
||||
else:
|
||||
# If username does not exists in ldap, try to save it in database
|
||||
try:
|
||||
user.save()
|
||||
except IntegrityError:
|
||||
# If username exists in database then come up with a new username
|
||||
user.username = user.username + str(random.randint(0, 2 ** 10))
|
||||
exist = True
|
||||
|
||||
|
||||
def validate_name(value):
|
||||
valid_chars = [char for char in value if (char.isalpha() or char == "-" or char == " ")]
|
||||
if len(valid_chars) < len(value):
|
||||
raise ValidationError(
|
||||
_('%(value)s is not a valid name. A valid name can only include letters, spaces or -'),
|
||||
params={'value': value},
|
||||
)
|
||||
|
||||
|
||||
class CustomUser(AbstractBaseUser, PermissionsMixin):
|
||||
VALIDATED_CHOICES = ((0, 'Not validated'), (1, 'Validated'))
|
||||
site = models.ForeignKey(Site, default=1)
|
||||
name = models.CharField(max_length=50)
|
||||
name = models.CharField(max_length=50, validators=[validate_name])
|
||||
email = models.EmailField(unique=True)
|
||||
username = models.CharField(max_length=60, unique=True, null=True)
|
||||
vat_number = models.CharField(max_length=100, default="")
|
||||
|
||||
validated = models.IntegerField(choices=VALIDATED_CHOICES, default=0)
|
||||
in_ldap = models.BooleanField(default=False)
|
||||
# By default, we initialize the validation_slug with appropriate value
|
||||
# This is required for User(page) admin
|
||||
validation_slug = models.CharField(
|
||||
|
@ -165,6 +215,29 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
|
|||
# The user is identified by their email address
|
||||
return self.email
|
||||
|
||||
def create_ldap_account(self, password):
|
||||
# create ldap account for user if it does not exists already.
|
||||
if self.in_ldap:
|
||||
return
|
||||
|
||||
assign_username(self)
|
||||
ldap_manager = LdapManager()
|
||||
try:
|
||||
user_exists_in_ldap, entries = ldap_manager.check_user_exists(self.username)
|
||||
except Exception:
|
||||
logger.exception("Exception occur while searching for user in LDAP")
|
||||
else:
|
||||
if not user_exists_in_ldap:
|
||||
# IF no ldap account
|
||||
first_name, last_name = get_first_and_last_name(self.name)
|
||||
if not last_name:
|
||||
last_name = first_name
|
||||
ldap_manager.create_user(self.username, password=password,
|
||||
firstname=first_name, lastname=last_name,
|
||||
email=self.email)
|
||||
self.in_ldap = True
|
||||
self.save()
|
||||
|
||||
def __str__(self): # __unicode__ on Python 2
|
||||
return self.email
|
||||
|
||||
|
|
|
@ -485,9 +485,15 @@ class OpenNebulaManager():
|
|||
)
|
||||
|
||||
def change_user_password(self, passwd_hash):
|
||||
if type(self.opennebula_user) == int:
|
||||
logger.debug("opennebula_user is int and has value = %s" %
|
||||
self.opennebula_user)
|
||||
else:
|
||||
logger.debug("opennebula_user is object and corresponding id is %s"
|
||||
% self.opennebula_user.id)
|
||||
self.oneadmin_client.call(
|
||||
oca.User.METHODS['passwd'],
|
||||
self.opennebula_user.id,
|
||||
self.opennebula_user if type(self.opennebula_user) == int else self.opennebula_user.id,
|
||||
passwd_hash
|
||||
)
|
||||
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
base-devel
|
||||
libmemcached
|
||||
|
|
|
@ -23,7 +23,7 @@ django-classy-tags==0.7.2
|
|||
django-cms==3.2.5
|
||||
django-compressor==2.0
|
||||
django-debug-toolbar==1.4
|
||||
django-dotenv==1.4.1
|
||||
python-dotenv==0.10.3
|
||||
django-extensions==1.6.7
|
||||
django-filer==1.2.0
|
||||
django-filter==0.13.0
|
||||
|
@ -63,6 +63,7 @@ djangocms-text-ckeditor==2.9.3
|
|||
djangocms-video==1.0.0
|
||||
easy-thumbnails==2.3
|
||||
html5lib==0.9999999
|
||||
ldap3==2.6.1
|
||||
lxml==3.6.0
|
||||
model-mommy==1.2.6
|
||||
phonenumbers==7.4.0
|
||||
|
|
13
utils/backend.py
Normal file
13
utils/backend.py
Normal file
|
@ -0,0 +1,13 @@
|
|||
|
||||
import logging
|
||||
|
||||
from django.contrib.auth.backends import ModelBackend
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class MyLDAPBackend(ModelBackend):
|
||||
def authenticate(self, username=None, password=None, **kwargs):
|
||||
user = super().authenticate(username, password, **kwargs)
|
||||
if user:
|
||||
user.create_ldap_account(password)
|
||||
return user
|
281
utils/ldap_manager.py
Normal file
281
utils/ldap_manager.py
Normal file
|
@ -0,0 +1,281 @@
|
|||
import base64
|
||||
import hashlib
|
||||
import random
|
||||
import ldap3
|
||||
import logging
|
||||
|
||||
from django.conf import settings
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class LdapManager:
|
||||
__instance = None
|
||||
|
||||
def __new__(cls):
|
||||
if LdapManager.__instance is None:
|
||||
LdapManager.__instance = object.__new__(cls)
|
||||
return LdapManager.__instance
|
||||
|
||||
def __init__(self):
|
||||
"""
|
||||
Initialize the LDAP subsystem.
|
||||
"""
|
||||
self.rng = random.SystemRandom()
|
||||
self.server = ldap3.Server(settings.AUTH_LDAP_SERVER)
|
||||
|
||||
def get_admin_conn(self):
|
||||
"""
|
||||
Return a bound :class:`ldap3.Connection` instance which has write
|
||||
permissions on the dn in which the user accounts reside.
|
||||
"""
|
||||
conn = self.get_conn(user=settings.LDAP_ADMIN_DN,
|
||||
password=settings.LDAP_ADMIN_PASSWORD,
|
||||
raise_exceptions=True)
|
||||
conn.bind()
|
||||
return conn
|
||||
|
||||
def get_conn(self, **kwargs):
|
||||
"""
|
||||
Return an unbound :class:`ldap3.Connection` which talks to the configured
|
||||
LDAP server.
|
||||
|
||||
The *kwargs* are passed to the constructor of :class:`ldap3.Connection` and
|
||||
can be used to set *user*, *password* and other useful arguments.
|
||||
"""
|
||||
return ldap3.Connection(self.server, **kwargs)
|
||||
|
||||
def _ssha_password(self, password):
|
||||
"""
|
||||
Apply the SSHA password hashing scheme to the given *password*.
|
||||
*password* must be a :class:`bytes` object, containing the utf-8
|
||||
encoded password.
|
||||
|
||||
Return a :class:`bytes` object containing ``ascii``-compatible data
|
||||
which can be used as LDAP value, e.g. after armoring it once more using
|
||||
base64 or decoding it to unicode from ``ascii``.
|
||||
"""
|
||||
SALT_BYTES = 15
|
||||
|
||||
sha1 = hashlib.sha1()
|
||||
salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES, "little")
|
||||
sha1.update(password)
|
||||
sha1.update(salt)
|
||||
|
||||
digest = sha1.digest()
|
||||
passwd = b"{SSHA}" + base64.b64encode(digest + salt)
|
||||
return passwd
|
||||
|
||||
def create_user(self, user, password, firstname, lastname, email):
|
||||
conn = self.get_admin_conn()
|
||||
uidNumber = self._get_max_uid() + 1
|
||||
logger.debug("uidNumber={uidNumber}".format(uidNumber=uidNumber))
|
||||
user_exists = True
|
||||
while user_exists:
|
||||
user_exists, _ = self.check_user_exists(
|
||||
"",
|
||||
'(&(objectClass=inetOrgPerson)(objectClass=posixAccount)'
|
||||
'(objectClass=top)(uidNumber={uidNumber}))'.format(
|
||||
uidNumber=uidNumber
|
||||
)
|
||||
)
|
||||
if user_exists:
|
||||
logger.debug(
|
||||
"{uid} exists. Trying next.".format(uid=uidNumber)
|
||||
)
|
||||
uidNumber += 1
|
||||
logger.debug("{uid} does not exist. Using it".format(uid=uidNumber))
|
||||
self._set_max_uid(uidNumber)
|
||||
try:
|
||||
uid = user.encode("utf-8")
|
||||
conn.add("uid={uid},{customer_dn}".format(
|
||||
uid=uid, customer_dn=settings.LDAP_CUSTOMER_DN
|
||||
),
|
||||
["inetOrgPerson", "posixAccount", "ldapPublickey"],
|
||||
{
|
||||
"uid": [uid],
|
||||
"sn": [lastname.encode("utf-8")],
|
||||
"givenName": [firstname.encode("utf-8")],
|
||||
"cn": [uid],
|
||||
"displayName": ["{} {}".format(firstname, lastname).encode("utf-8")],
|
||||
"uidNumber": [str(uidNumber)],
|
||||
"gidNumber": [str(settings.LDAP_CUSTOMER_GROUP_ID)],
|
||||
"loginShell": ["/bin/bash"],
|
||||
"homeDirectory": ["/home/{}".format(user).encode("utf-8")],
|
||||
"mail": email.encode("utf-8"),
|
||||
"userPassword": [self._ssha_password(
|
||||
password.encode("utf-8")
|
||||
)]
|
||||
}
|
||||
)
|
||||
logger.debug('Created user %s %s' % (user.encode('utf-8'),
|
||||
uidNumber))
|
||||
except Exception as ex:
|
||||
logger.debug('Could not create user %s' % user.encode('utf-8'))
|
||||
logger.error("Exception: " + str(ex))
|
||||
raise Exception(ex)
|
||||
finally:
|
||||
conn.unbind()
|
||||
|
||||
def change_password(self, uid, new_password):
|
||||
"""
|
||||
Changes the password of the user identified by user_dn
|
||||
|
||||
:param uid: str The uid that identifies the user
|
||||
:param new_password: str The new password string
|
||||
:return: True if password was changed successfully False otherwise
|
||||
"""
|
||||
conn = self.get_admin_conn()
|
||||
|
||||
# Make sure the user exists first to change his/her details
|
||||
user_exists, entries = self.check_user_exists(
|
||||
uid=uid,
|
||||
search_base=settings.ENTIRE_SEARCH_BASE
|
||||
)
|
||||
return_val = False
|
||||
if user_exists:
|
||||
try:
|
||||
return_val = conn.modify(
|
||||
entries[0].entry_dn,
|
||||
{
|
||||
"userpassword": (
|
||||
ldap3.MODIFY_REPLACE,
|
||||
[self._ssha_password(new_password.encode("utf-8"))]
|
||||
)
|
||||
}
|
||||
)
|
||||
except Exception as ex:
|
||||
logger.error("Exception: " + str(ex))
|
||||
else:
|
||||
logger.error("User {} not found".format(uid))
|
||||
|
||||
conn.unbind()
|
||||
return return_val
|
||||
|
||||
|
||||
def change_user_details(self, uid, details):
|
||||
"""
|
||||
Updates the user details as per given values in kwargs of the user
|
||||
identified by user_dn.
|
||||
|
||||
Assumes that all attributes passed in kwargs are valid.
|
||||
|
||||
:param uid: str The uid that identifies the user
|
||||
:param details: dict A dictionary containing the new values
|
||||
:return: True if user details were updated successfully False otherwise
|
||||
"""
|
||||
conn = self.get_admin_conn()
|
||||
|
||||
# Make sure the user exists first to change his/her details
|
||||
user_exists, entries = self.check_user_exists(
|
||||
uid=uid,
|
||||
search_base=settings.ENTIRE_SEARCH_BASE
|
||||
)
|
||||
|
||||
return_val = False
|
||||
if user_exists:
|
||||
details_dict = {k: (ldap3.MODIFY_REPLACE, [v.encode("utf-8")]) for
|
||||
k, v in details.items()}
|
||||
try:
|
||||
return_val = conn.modify(entries[0].entry_dn, details_dict)
|
||||
msg = "success"
|
||||
except Exception as ex:
|
||||
msg = str(ex)
|
||||
logger.error("Exception: " + msg)
|
||||
finally:
|
||||
conn.unbind()
|
||||
else:
|
||||
msg = "User {} not found".format(uid)
|
||||
logger.error(msg)
|
||||
conn.unbind()
|
||||
return return_val, msg
|
||||
|
||||
def check_user_exists(self, uid, search_filter="", attributes=None,
|
||||
search_base=settings.LDAP_CUSTOMER_DN, search_attr="uid"):
|
||||
"""
|
||||
Check if the user with the given uid exists in the customer group.
|
||||
|
||||
:param uid: str representing the user
|
||||
:param search_filter: str representing the filter condition to find
|
||||
users. If its empty, the search finds the user with
|
||||
the given uid.
|
||||
:param attributes: list A list of str representing all the attributes
|
||||
to be obtained in the result entries
|
||||
:param search_base: str
|
||||
:return: tuple (bool, [ldap3.abstract.entry.Entry ..])
|
||||
A bool indicating if the user exists
|
||||
A list of all entries obtained in the search
|
||||
"""
|
||||
conn = self.get_admin_conn()
|
||||
entries = []
|
||||
try:
|
||||
result = conn.search(
|
||||
search_base=search_base,
|
||||
search_filter=search_filter if len(search_filter) > 0 else
|
||||
'(uid={uid})'.format(uid=uid),
|
||||
attributes=attributes
|
||||
)
|
||||
entries = conn.entries
|
||||
finally:
|
||||
conn.unbind()
|
||||
return result, entries
|
||||
|
||||
def delete_user(self, uid):
|
||||
"""
|
||||
Deletes the user with the given uid from ldap
|
||||
|
||||
:param uid: str representing the user
|
||||
:return: True if the delete was successful False otherwise
|
||||
"""
|
||||
conn = self.get_admin_conn()
|
||||
try:
|
||||
return_val = conn.delete(
|
||||
("uid={uid}," + settings.LDAP_CUSTOMER_DN).format(uid=uid),
|
||||
)
|
||||
msg = "success"
|
||||
except Exception as ex:
|
||||
msg = str(ex)
|
||||
logger.error("Exception: " + msg)
|
||||
return_val = False
|
||||
finally:
|
||||
conn.unbind()
|
||||
return return_val, msg
|
||||
|
||||
def _set_max_uid(self, max_uid):
|
||||
"""
|
||||
a utility function to save max_uid value to a file
|
||||
|
||||
:param max_uid: an integer representing the max uid
|
||||
:return:
|
||||
"""
|
||||
with open(settings.LDAP_MAX_UID_FILE_PATH, 'w+') as handler:
|
||||
handler.write(str(max_uid))
|
||||
|
||||
def _get_max_uid(self):
|
||||
"""
|
||||
A utility function to read the max uid value that was previously set
|
||||
|
||||
:return: An integer representing the max uid value that was previously
|
||||
set
|
||||
"""
|
||||
try:
|
||||
with open(settings.LDAP_MAX_UID_FILE_PATH, 'r+') as handler:
|
||||
try:
|
||||
return_value = int(handler.read())
|
||||
except ValueError as ve:
|
||||
logger.error(
|
||||
"Error reading int value from {}. {}"
|
||||
"Returning default value {} instead".format(
|
||||
settings.LDAP_MAX_UID_PATH,
|
||||
str(ve),
|
||||
settings.LDAP_DEFAULT_START_UID
|
||||
)
|
||||
)
|
||||
return_value = settings.LDAP_DEFAULT_START_UID
|
||||
return return_value
|
||||
except FileNotFoundError as fnfe:
|
||||
logger.error("File not found : " + str(fnfe))
|
||||
return_value = settings.LDAP_DEFAULT_START_UID
|
||||
logger.error("So, returning UID={}".format(return_value))
|
||||
return return_value
|
||||
|
Loading…
Reference in a new issue