Merge branch 'master' of git.stuve-bamberg.de:mgoetz/ldap_account_manager

2019-06-07 17:53:35 +02:00 · 2019-06-07 17:53:35 +02:00 · 7b0bd4f17e
commit 7b0bd4f17e
parent eca52bec63 15ab8b2ab6
10 changed files with 85 additions and 27 deletions
--- a/docker/lama/dev.env
+++ b/docker/lama/dev.env
@ -30,3 +30,13 @@ DEFAULT_FROM_EMAIL=
 SERVER_EMAIL=

 DELETION_WAIT_DAYS=14
+
+
+#EMAIL_BACKEND=smtp
+#EMAIL_HOST=smtp.uni-bamberg.de
+#EMAIL_PORT=587
+#EMAIL_USE_TLS=False
+#EMAIL_USE_SSL=False
+#DEFAULT_FROM_EMAIL=vergesslich@uni-bamberg.de
+##DEFAULT_FROM_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de
+#SERVER_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de
--- a/src/account_manager/forms.py
+++ b/src/account_manager/forms.py
@ -1,6 +1,6 @@
 from django import forms
 from django.contrib.auth import get_user_model
-from django.contrib.auth.forms import PasswordResetForm
+from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm

 from account_manager.utils.django_user import update_dajngo_user
 from .models import LdapUser, LdapGroup
@ -95,3 +95,11 @@ class LdapPasswordResetForm(PasswordResetForm):
        })
        logger.debug((u for u in active_users))
        return (u for u in active_users)
+
+
+class LdapPasswordChangeForm(PasswordChangeForm):
+    def clean_old_password(self):
+        """
+        Validates that the old_password field is correct.
+        """
+        return "ralf"
--- a/src/account_manager/main_views.py
+++ b/src/account_manager/main_views.py
@ -45,7 +45,7 @@ def realm_list(request):
        try:
            LdapUser.base_dn = LdapUser.ROOT_DN
            user = LdapUser.objects.get(username=user.username)
-            realm_base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3)
+            realm_base_dn = re.compile('(uid=[a-zA-Z0-9_-]*),(ou=[a-zA-Z_-]*),(.*)').match(user.dn).group(3)
            realm = Realm.objects.get(ldap_base_dn=realm_base_dn)

            return redirect('user-detail', realm.id, user.dn)
@ -68,6 +68,7 @@ def _get_group_user_count_wrapper(realm):


@login_required
+@is_realm_admin
 def realm_add(request):
    if request.user.is_superuser:
        realms = Realm.objects.all().order_by('name')
@ -111,6 +112,7 @@ def realm_detail(request, realm_id):
 def get_realm_detail_rendered(request, realm_id, success_headline=None, success_text=None, error_headline=None,
                              error_text=None):
    realm = Realm.objects.get(id=realm_id)
+    ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
    LdapUser.base_dn = realm.ldap_base_dn
    inactive_users = LdapUser.get_inactive_users().count()
    ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
--- a/src/account_manager/models.py
+++ b/src/account_manager/models.py
@ -84,7 +84,7 @@ class LdapUser(Model):
        LdapUser.base_dn = LdapUser.ROOT_DN
        ldap_user = LdapUser.objects.get(username=user.username)
        ldap_user.password = raw_password
-        LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(.*)').match(ldap_user.dn).group(2)
+        LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_-]*),(.*)').match(ldap_user.dn).group(2)
        ldap_user.save()

    @staticmethod
--- a/src/account_manager/urls.py
+++ b/src/account_manager/urls.py
@ -80,6 +80,8 @@ urlpatterns = [
         name='user-delete'),
    path('accounts/reset/<uidb64>/<token>/', user_views.LdapPasswordResetConfirmView.as_view(),
         name='ldap_password_reset_confirm'),
+    path('accounts/password_change/secure/', user_views.password_change_controller,
+         name='password_change_controller'),
    path('accounts/password_change/', user_views.LdapPasswordChangeView.as_view(),
         name='password_change'),

--- a/src/account_manager/views/user_views.py
+++ b/src/account_manager/views/user_views.py
@ -8,19 +8,22 @@ from django.contrib.auth.views import PasswordResetConfirmView, PasswordChangeVi
 from django.contrib.sites.shortcuts import get_current_site
 from django.core.exceptions import ObjectDoesNotExist
 from django.db import IntegrityError
-from django.http import HttpRequest
+from django.http import HttpRequest, HttpResponseRedirect
 from django.shortcuts import render, redirect
 from django.utils.translation import gettext as _
 from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
+from django.urls import reverse
+from urllib.parse import urlencode

 from account_helper.models import Realm, DeletedUser
 from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
-    UserGroupListForm
+    UserGroupListForm, LdapPasswordChangeForm
 from account_manager.main_views import is_realm_admin
 from account_manager.models import LdapUser, LdapGroup
 from account_manager.utils.django_user import update_dajngo_user
 from account_manager.utils.mail_utils import send_welcome_mail, send_deletion_mail

+from django.contrib.auth import logout
 from django.conf import settings

 logger = logging.getLogger(__name__)
@ -153,7 +156,7 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
    ldap_user = LdapUser.objects.get(dn=user_dn)
    try:
        if ldap_user.email:
-            logger.info("Sending email for to this email:", ldap_user.email)
+            logger.info(f"Sending email to {ldap_user.email}")
            form = PasswordResetForm({'email': ldap_user.email})
            if form.is_valid():
                logger.info('CREATE REQUEST')
@ -166,11 +169,11 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
                form.save(
                    request=pw_reset_request,
                    use_https=True,
-                    from_email=os.environ.get('DEFAULT_FROM_EMAIL', 'vergesslich@test.de'),
+                    from_email=settings.DEFAULT_FROM_EMAIL,
                    email_template_name='registration/password_reset_email.html')

    except Exception as e:
-        logger.info('Error')
+        logger.error('Error')
    return redirect('realm-user-detail', realm_id, user_dn)


@ -496,19 +499,37 @@ def ldap_add_user_to_groups(ldap_user, user_groups):
        group.save()


+@login_required
+def password_change_controller(request):
+    logout(request)
+    base_url = reverse('login')
+    next_param = reverse('password_change')
+    query_string = urlencode({'next': next_param})
+    url = '{}?{}'.format(base_url, query_string)
+    return redirect(url)
+
+
 class LdapPasswordResetConfirmView(PasswordResetConfirmView):
    def form_valid(self, form):
        user = form.save()
        password = form.cleaned_data['new_password1']
        LdapUser.base_dn = LdapUser.ROOT_DN
        LdapUser.password_reset(user, password)
-        return super().form_valid(form)
+        cached_redirect = super().form_valid(form)
+        user.set_unusable_password()
+        user.save()
+        return cached_redirect


 class LdapPasswordChangeView(PasswordChangeView):
+    form_class = LdapPasswordChangeForm
+
    def form_valid(self, form):
        user = form.save()
        password = form.cleaned_data['new_password1']
        LdapUser.base_dn = LdapUser.ROOT_DN
        LdapUser.password_reset(user, password)
-        return super().form_valid(form)
+        cached_request = super().form_valid(form)
+        user.set_unusable_password()
+        user.save()
+        return cached_request
--- a/src/core/docker_settings.py
+++ b/src/core/docker_settings.py
@ -180,6 +180,8 @@ else:
    EMAIL_TIMEOUT = 15
    EMAIL_HOST = os.environ['EMAIL_HOST']
    EMAIL_PORT = int(os.environ['EMAIL_PORT'])
+    EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER','')
+    EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD','')
    EMAIL_USE_TLS = os.environ.get('EMAIL_USE_TLS', 'False') == 'True'
    EMAIL_USE_SSL = os.environ.get('EMAIL_USE_SSL', 'False') == 'True'

--- a/src/core/urls.py
+++ b/src/core/urls.py
@ -18,6 +18,7 @@ from django.urls import path, include
 from django.contrib.auth import views as auth_views
 from django.contrib.auth.decorators import user_passes_test
 from account_manager.forms import LdapPasswordResetForm
+from account_manager.views.user_views import LdapPasswordChangeView
 from .views import about

 login_forbidden = user_passes_test(lambda u: u.is_anonymous(), '/')
@ -31,5 +32,6 @@ urlpatterns = [
         auth_views.PasswordResetView.as_view(html_email_template_name='registration/password_reset_email.html',
                                              form_class=LdapPasswordResetForm),
         name='password_reset'),
+
    path('accounts/', include('django.contrib.auth.urls')),
 ]
--- a/src/templates/registration/password_change_form.html
+++ b/src/templates/registration/password_change_form.html
@ -1,13 +1,24 @@
 {% extends 'base.jinja2' %}
 {% import 'macros/form_macros.jinja2' as mform %}
 {% block content %}
-    <div class="col-12 ">
+<div class="col-12 ">
    <div class="row justify-content-center justify-content-sm-center">
        <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
            <h1 class="mb-4">Passwort ändern</h1>
            <form method="post" class="floating-label-form">
                <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
-                    {{ mform.password_input(form.old_password) }}
+<!--                                {{form.errors}}-->
+                    <input type="password"
+                           class="form-control"
+                           placeholder="Old password"
+                           aria-describedby="id_old_password_help"
+                           name="old_password"
+                           id="id_old_password"
+                           maxlength="None"
+                           value="ralf"
+                           hidden>
+
+<!--                {{ mform.password_input(form.old_password) }}-->
                {{ mform.password_input(form.new_password1) }}
                {{ mform.password_input(form.new_password2) }}
                <div class="d-flex mt-4">
@ -18,5 +29,5 @@
            </form>
        </div>
    </div>
-    </div>
+</div>
 {% endblock %}
--- a/src/templates/user/user_detail.jinja2
+++ b/src/templates/user/user_detail.jinja2
@ -32,7 +32,7 @@
                                        class="font-weight-bold">Email:</span> {{ user.user.email }}</li>
                                <li class="list-group-item"><span
                                        class="font-weight-bold">Passwort:</span> <a
-                                        href="{{ url('password_change') }}">Passwort ändern</a>
+                                        href="{{ url('password_change_controller') }}">Passwort ändern</a>
                                </li>
                                <li class="list-group-item"><span
                                        class="font-weight-bold">Telefon:</span> {{ user.user.phone }}</li>