From bdb57221e5844006e4ecbfd828ea684acea859da Mon Sep 17 00:00:00 2001 From: PCoder Date: Sun, 24 Feb 2019 23:25:12 +0100 Subject: [PATCH] Also check user before password reset --- dal/ungleich_ldap.py | 44 +++++++++++++++++++++++++------------------- dal/views.py | 1 + 2 files changed, 26 insertions(+), 19 deletions(-) diff --git a/dal/ungleich_ldap.py b/dal/ungleich_ldap.py index 373e927..74f102f 100644 --- a/dal/ungleich_ldap.py +++ b/dal/ungleich_ldap.py @@ -129,15 +129,29 @@ class LdapManager: :return: True if password was changed successfully False otherwise """ conn = self.get_admin_conn() - return_val = conn.modify( - ("uid={uid}," + settings.LDAP_CUSTOMER_DN).format(uid=uid), - { - "userpassword": ( - ldap3.MODIFY_REPLACE, - [self._ssha_password(new_password.encode("utf-8"))] - ) - } + + # Make sure the user exists first to change his/her details + user_exists, entries = self.check_user_exists( + uid=uid, + search_base=settings.ENTIRE_SEARCH_BASE ) + return_val = False + if user_exists: + try: + return_val = conn.modify( + entries[0].entry_dn, + { + "userpassword": ( + ldap3.MODIFY_REPLACE, + [self._ssha_password(new_password.encode("utf-8"))] + ) + } + ) + except Exception as ex: + logger.error("Exception: " + str(ex)) + else: + logger.error("User {} not found".format(uid)) + conn.unbind() return return_val @@ -157,33 +171,25 @@ class LdapManager: # Make sure the user exists first to change his/her details user_exists, entries = self.check_user_exists( uid=uid, - attributes=['uid', 'givenName', 'sn', 'mail', 'gidNumber'], search_base=settings.ENTIRE_SEARCH_BASE ) - + return_val = False if user_exists: details_dict = {k: (ldap3.MODIFY_REPLACE, [v.encode("utf-8")]) for k, v in details.items()} try: - return_val = conn.modify( - ("uid={uid}," + settings.LDAP_CUSTOMER_DN - if entries[0].gidNumber.value == settings.LDAP_CUSTOMER_GROUP_ID - else settings.LDAP_USERS_DN).format(uid=uid), - details_dict - ) + return_val = conn.modify(entries[0].entry_dn, details_dict) msg = "success" except Exception as ex: msg = str(ex) logger.error("Exception: " + msg) - return_val = False finally: conn.unbind() else: msg = "User {} not found".format(uid) logger.error(msg) - raise Exception(msg) - + conn.unbind() return return_val, msg def check_user_exists(self, uid, search_filter="", attributes=None, diff --git a/dal/views.py b/dal/views.py index ea8917a..0bcd174 100644 --- a/dal/views.py +++ b/dal/views.py @@ -176,6 +176,7 @@ class ResetPassword(View): ldap_manager = LdapManager() user_exists, entries = ldap_manager.check_user_exists( uid=user, + search_base=settings.ENTIRE_SEARCH_BASE, attributes=['uid', 'givenName', 'sn', 'mail'] ) if user_exists: