segurtasuna hobetzeko lanetan

This commit is contained in:
aitzol 2023-04-06 16:40:24 +02:00
parent 6094fc1156
commit 0136747a7f
11 changed files with 30 additions and 6 deletions

Binary file not shown.

Binary file not shown.

3
.gitignore vendored
View File

@ -1,5 +1,6 @@
/settings.ini /settings.ini
/settings.ini.example.original /settings.ini.example.original
/uwsgi.ini /uwsgi.ini
/*.sw*
session session
libs/__pycache__ libs/__pycache__

Binary file not shown.

22
app.py
View File

@ -24,7 +24,7 @@ from bottle import SimpleTemplate
from bottle.ext import beaker from bottle.ext import beaker
from configparser import ConfigParser from configparser import ConfigParser
from ldap3 import Server, Connection, ALL from ldap3 import Server, Connection, ALL
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, ALL_ATTRIBUTES from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, ALL_ATTRIBUTES
from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \ from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \ LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \
LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult
@ -35,6 +35,7 @@ from libs.localization import *
from libs.helper import * from libs.helper import *
import random import random
from user_agents import parse from user_agents import parse
from datetime import datetime
BASE_DIR = path.dirname(__file__) BASE_DIR = path.dirname(__file__)
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -397,9 +398,7 @@ def login_user_ldap(conf, username, password):
# Note: raises LDAPUserNameIsMandatoryError when user_dn is None. # Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c: with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c:
c.bind() c.bind()
#IP helbidea sartu db-an update_login_info(conf, user_dn)
ip = {'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr)}
c.add(attributes=ip)
newSession().set(get_user_data(user_dn, c)) newSession().set(get_user_data(user_dn, c))
LOG.debug("%s logged in to %s" % (username, conf['base'])) LOG.debug("%s logged in to %s" % (username, conf['base']))
@ -515,9 +514,10 @@ def register(conf, username, firstname, surname, password, email, isFake, device
uidNumber = find_uid_number(conf,c)+1 uidNumber = find_uid_number(conf,c)+1
directory = 'home/user/'+to_ascii(username) directory = 'home/user/'+to_ascii(username)
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName': attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName':
firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake, firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake,
'devices':device} 'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': t}
new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base'] new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base']
c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes) c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes)
#create/change user password #create/change user password
@ -843,6 +843,18 @@ def get_dev():
user_agent = parse(ua_string) user_agent = parse(ua_string)
return str(user_agent) return str(user_agent)
def update_login_info(conf, user_dn):
superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] })
d = get_dev()
if not find_device(conf, c, d):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
c.unbind()
class Error(Exception): class Error(Exception):
pass pass

Binary file not shown.

View File

@ -51,6 +51,17 @@
<a href="/change_pwd">{{ str['edit'] }}</a> <a href="/change_pwd">{{ str['edit'] }}</a>
</div> </div>
<div class="grid-item">
<div class="account">
<h5>Erregistroak</h5>
</div>
</div>
<div class="grid-item">
<a href="/change_pwd">ikusi</a>
</div>
<div class="account"> <div class="account">
<a href="/logout"><button class="green" type="button">{{ str['log-out'] }}</button></a> <a href="/logout"><button class="green" type="button">{{ str['log-out'] }}</button></a>
<a href="/delete"><button class="red" type="button">{{ str['del'] }}</button></a> <a href="/delete"><button class="red" type="button">{{ str['del'] }}</button></a>