This commit is contained in:
aitzol 2023-11-24 08:12:00 +01:00
parent b783617335
commit 9b4bd725da

81
app.py
View File

@ -176,22 +176,26 @@ def post_user():
@post('/user/<path>') @post('/user/<path>')
def post_user_step2(path): def post_user_step2(path):
form = request.forms.getunicode form = request.forms.getunicode
# decrypt url
path = base64.urlsafe_b64decode(path)
path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
data = path.split(';')
username = data[0]
password = data[1]
secret = data[2]
def error(msg): def error(msg):
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
try:
# decrypt url
path = base64.urlsafe_b64decode(path)
path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
data = path.split(';')
username = data[0]
password = data[1]
secret = data[2]
except:
newSession()
return error(i18n.msg[27])
#if not tools._2fa_validation(form('code'), newSession().get()['authToken']): #if not tools._2fa_validation(form('code'), newSession().get()['authToken']):
if not tools._2fa_validation(form('code'), secret): if not tools._2fa_validation(form('code'), secret):
return error('Kode okerra. Saio hasierak huts egin du.') return error(i18n.msg[6])
else: else:
try: try:
@ -842,61 +846,6 @@ def add_auth_attribute_step3(conf, username, code, action):
reload=add_auth_attribute_step1 reload=add_auth_attribute_step1
# CHECK SECUREAUTH
'''
def check_2fa_step1(username):
changed = []
for key in (key for key in CONF.sections()
if key == 'ldap' or key.startswith('ldap:')):
LOG.debug("Changing email in %s for %s" % (key, username))
try:
return check_2fa_step2(CONF[key], username)
changed.append(key)
LOG.debug("%s changed email address on %s" % (username, key))
except Error as e:
for key in reversed(changed):
LOG.info("Reverting email change in %s for %s" % (key, username))
try:
return check_2fa_step2(CONF[key], username)
except Error as e2:
LOG.error('{}: {!s}'.format(e.__class__.__name__, e2))
raise e
def check_2fa_step2(conf, *args):
try:
return check_2fa_step3(conf, *args)
except (LDAPBindError, LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError):
raise Error(i18n.msg[26])
except LDAPConstraintViolationResult as e:
# Extract useful part of the error message (for Samba 4 / AD).
msg = e.message.split('check_password_restrictions: ')[-1].capitalize()
raise Error(msg)
except LDAPSocketOpenError as e:
LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
raise Error(i18n.msg[23])
except LDAPExceptionError as e:
LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
raise Error(i18n.msg[23])
def check_2fa_step3(conf, username):
#set current LDAP
superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
user_dn = find_user_dn(conf, c, username)
secure_auth_status = check_secure_auth(user_dn, c)
print(secure_auth_status)
return(secure_auth_status)
#c.modify(user_dn, {'mail': [( MODIFY_REPLACE, new_email_addresses )]})
#newSession().set(get_user_data(user_dn, c))
'''
#CHANGE PASSWORD #CHANGE PASSWORD
def change_passwords(username, old_pass, new_pass): def change_passwords(username, old_pass, new_pass):
changed = [] changed = []