segurtasuna hobetzeko lanetan

This commit is contained in:
aitzol 2023-04-06 16:40:24 +02:00
parent 6094fc1156
commit 0136747a7f
11 changed files with 30 additions and 6 deletions

Binary file not shown.

Binary file not shown.

1
.gitignore vendored
View File

@ -1,5 +1,6 @@
/settings.ini
/settings.ini.example.original
/uwsgi.ini
/*.sw*
session
libs/__pycache__

Binary file not shown.

22
app.py
View File

@ -24,7 +24,7 @@ from bottle import SimpleTemplate
from bottle.ext import beaker
from configparser import ConfigParser
from ldap3 import Server, Connection, ALL
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, ALL_ATTRIBUTES
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, ALL_ATTRIBUTES
from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \
LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult
@ -35,6 +35,7 @@ from libs.localization import *
from libs.helper import *
import random
from user_agents import parse
from datetime import datetime
BASE_DIR = path.dirname(__file__)
LOG = logging.getLogger(__name__)
@ -397,9 +398,7 @@ def login_user_ldap(conf, username, password):
# Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c:
c.bind()
#IP helbidea sartu db-an
ip = {'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr)}
c.add(attributes=ip)
update_login_info(conf, user_dn)
newSession().set(get_user_data(user_dn, c))
LOG.debug("%s logged in to %s" % (username, conf['base']))
@ -515,9 +514,10 @@ def register(conf, username, firstname, surname, password, email, isFake, device
uidNumber = find_uid_number(conf,c)+1
directory = 'home/user/'+to_ascii(username)
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName':
firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake,
'devices':device}
'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': t}
new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base']
c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes)
#create/change user password
@ -843,6 +843,18 @@ def get_dev():
user_agent = parse(ua_string)
return str(user_agent)
def update_login_info(conf, user_dn):
superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] })
d = get_dev()
if not find_device(conf, c, d):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
c.unbind()
class Error(Exception):
pass

Binary file not shown.

View File

@ -51,6 +51,17 @@
<a href="/change_pwd">{{ str['edit'] }}</a>
</div>
<div class="grid-item">
<div class="account">
<h5>Erregistroak</h5>
</div>
</div>
<div class="grid-item">
<a href="/change_pwd">ikusi</a>
</div>
<div class="account">
<a href="/logout"><button class="green" type="button">{{ str['log-out'] }}</button></a>
<a href="/delete"><button class="red" type="button">{{ str['del'] }}</button></a>