segurtasuna hobetzeko lanetan

.gitignore

@@ -1,5 +1,6 @@
 /settings.ini
 /settings.ini.example.original
 /uwsgi.ini
+/*.sw*
 session
-libs/__pycache__
+libs/__pycache__

app.py

@@ -24,7 +24,7 @@ from bottle import SimpleTemplate
 from bottle.ext import beaker
 from configparser import ConfigParser
 from ldap3 import Server, Connection, ALL
-from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, ALL_ATTRIBUTES
+from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, ALL_ATTRIBUTES
 from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
     LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \
     LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult
@@ -35,6 +35,7 @@ from libs.localization import *
 from libs.helper import *
 import random
 from user_agents import parse
+from datetime import datetime
 
 BASE_DIR = path.dirname(__file__)
 LOG = logging.getLogger(__name__)
@@ -397,9 +398,7 @@ def login_user_ldap(conf, username, password):
     # Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
     with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c:
         c.bind()
-        #IP helbidea sartu db-an
+        update_login_info(conf, user_dn)
-        ip = {'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr)}
-        c.add(attributes=ip)
         newSession().set(get_user_data(user_dn, c))
         LOG.debug("%s logged in to %s" % (username, conf['base']))
 
@@ -515,9 +514,10 @@ def register(conf, username, firstname, surname, password, email, isFake, device
             uidNumber = find_uid_number(conf,c)+1
             directory = 'home/user/'+to_ascii(username)
             OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
+            t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
             attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName':
                     firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake,
-                    'devices':device}            
+                    'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': t}
             new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base']
             c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes)
             #create/change user password
@@ -843,6 +843,18 @@ def get_dev():
     user_agent = parse(ua_string)
     return str(user_agent)
 
+def update_login_info(conf, user_dn):
+    superUser = SuperUsers(conf)
+    with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
+        ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
+        t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' 
+        c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] })
+        d = get_dev()
+        if not find_device(conf, c, d):
+            OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
+            c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
+        c.unbind()
+
 class Error(Exception):
     pass
 

user.tpl

@@ -51,6 +51,17 @@
           <a href="/change_pwd">{{ str['edit'] }}</a>
         </div>
 
+        <div class="grid-item">
+          <div class="account">
+            <h5>Erregistroak</h5>
+          </div>
+        </div>
+
+        <div class="grid-item">
+          <a href="/change_pwd">ikusi</a>
+        </div>
+
+
         <div class="account">
           <a href="/logout"><button class="green" type="button">{{ str['log-out'] }}</button></a>
           <a href="/delete"><button class="red" type="button">{{ str['del'] }}</button></a>