aitzol/ldap-python-webui
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

erregistroak gehitzen

Browse Source
This commit is contained in:
aitzol 2023-04-06 22:09:26 +02:00
parent 35584086da
commit d82d827079
4 changed files with 94 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
app.py
View File

@ -86,6 +86,13 @@ def get_index():
except Exception as e: except Exception as e:
return index_tpl(str=i18n.str) return index_tpl(str=i18n.str)
@get('/logs')
def get_index():
try:
return logs_tpl(data=newSession().get(), str=i18n.str)
except Exception as e:
return index_tpl(str=i18n.str)
@get('/delete') @get('/delete')
def get_index(): def get_index():
try: try:
@ -93,6 +100,7 @@ def get_index():
except Exception as e: except Exception as e:
return index_tpl(str=i18n.str) return index_tpl(str=i18n.str)
@get('/logout') @get('/logout')
def get_index(): def get_index():
@ -342,6 +350,9 @@ def edit_fullname_tpl(**kwargs):
def delete_tpl(**kwargs): def delete_tpl(**kwargs):
return template('delete', **kwargs) return template('delete', **kwargs)
def logs_tpl(**kwargs):
return template('logs', **kwargs)
def connect_ldap(conf, **kwargs): def connect_ldap(conf, **kwargs):
server = Server(host=conf['host'], server = Server(host=conf['host'],
port=conf.getint('port', None), port=conf.getint('port', None),
@ -398,8 +409,10 @@ def login_user_ldap(conf, username, password):
# Note: raises LDAPUserNameIsMandatoryError when user_dn is None. # Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c: with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c:
c.bind() c.bind()
update_login_info(conf, user_dn) if is_trusted_device(conf, user_dn):
newSession().set(get_user_data(user_dn, c)) newSession().set(get_user_data(user_dn, c))
#update timestamp + ip address
update_login_info(conf, user_dn)
LOG.debug("%s logged in to %s" % (username, conf['base'])) LOG.debug("%s logged in to %s" % (username, conf['base']))
#LOGOUT #LOGOUT
@ -804,7 +817,7 @@ def get_user_email_array(user_dn, conn, old_email, new_email):
def get_user_data(user_dn, conn): def get_user_data(user_dn, conn):
search_filter = '(objectClass=*)' search_filter = '(objectClass=*)'
conn.search(user_dn, search_filter, attributes=['active','fakeCn','givenName','sn','uid','mail','devices']) conn.search(user_dn, search_filter, attributes=['active','fakeCn','givenName','sn','uid','mail','devices','ip','lastLogin'])
data = [] data = []
data.append(conn.entries[0].active.values[0]) data.append(conn.entries[0].active.values[0])
data.append(conn.entries[0].fakeCn.values[0]) data.append(conn.entries[0].fakeCn.values[0])
@ -813,6 +826,12 @@ def get_user_data(user_dn, conn):
data.append(conn.entries[0].uid.values[0]) data.append(conn.entries[0].uid.values[0])
data.append(conn.entries[0].mail.values[0]) data.append(conn.entries[0].mail.values[0])
data.append(conn.entries[0].devices.values) data.append(conn.entries[0].devices.values)
data.append(conn.entries[0].ip.values[0])
#ts = conn.entries[0].lastLogin.values[0]
#ts = datetime.strptime(ts, '%Y-%m-%d %H:%M:%S%z')
#ts = datetime.strftime(t, '%Y-%m-%d %H:%M:%S')
data.append(str(conn.entries[0].lastLogin.values[0])[:-6])
return(data) return(data)
def read_config(): def read_config():
@ -843,16 +862,26 @@ def get_dev():
user_agent = parse(ua_string) user_agent = parse(ua_string)
return str(user_agent) return str(user_agent)
def is_trusted_device(conf, user_dn):
superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
d = get_dev()
if not find_device(conf, c, d):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
c.unbind()
return True
def update_login_info(conf, user_dn): def update_login_info(conf, user_dn):
superUser = SuperUsers(conf) superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr) ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] }) c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] })
d = get_dev() #d = get_dev()
if not find_device(conf, c, d): #if not find_device(conf, c, d):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] #OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] }) #c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
c.unbind() c.unbind()
class Error(Exception): class Error(Exception):
@ -893,6 +922,8 @@ def newSession():
self.username = data[4] self.username = data[4]
self.mail = data[5] self.mail = data[5]
self.devices = data[6] self.devices = data[6]
self.ip = data[7]
self.lastLogin = data[8]
self.data['active'] = self.active self.data['active'] = self.active
self.data['fakeCn'] = self.fakeCn self.data['fakeCn'] = self.fakeCn
@ -901,6 +932,8 @@ def newSession():
self.data['username'] = self.username self.data['username'] = self.username
self.data['mail'] = self.mail self.data['mail'] = self.mail
self.data['devices'] = self.devices self.data['devices'] = self.devices
self.data['ip'] = self.ip
self.data['lastLogin'] = self.lastLogin
def close(self): def close(self):
self.data.pop('username') self.data.pop('username')

51
logs.tpl Normal file
View File

@ -0,0 +1,51 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex, nofollow">
<title>{{ str['edit-email'] }}</title>
<link rel="stylesheet" href="{{ url('static', filename='style.css') }}">
</head>
<body>
<main>
<h1>{{ str['edit-email'] }}Erregistroak</h1>
<form name="editEmailForm" method="post" action="/edit_email">
<label for="email">{{ str['email'] }}</label>
<input id="email" name="email" type="text" value="{{ data['mail'] }}" required>
<div class="form-buttons">
<a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a>
<button class="green" type="submit">{{ str['update'] }}</button>
</div>
</form>
<div class="logs">
<div class="last-login">
<h5>Last login</h5>
<p>{{ data['ip'] }}</p>
<p>{{ data['lastLogin'] }}</p>
</div>
<div class="device-list">
<h5>Devices</h5>
<li>PC / Linux / Firefox 102.0</li>
<li>Samsung A5 2016 / Android 10 / Chrome</li>
<li>Iphone 5S / Iphone 11 / Safari 12</li>
</div>
</div>
%for type, text, animation in get('alerts', []):
<div class="alerts {{ animation }}">
<div class="alert {{ type }}">{{ text }}</div>
</div>
%end
</main>
</body>
</html>

2
static/style.css
View File

@ -35,7 +35,7 @@ form[name="fullNameForm"] input{
} }
form { form, .logs {
/* border-radius: 0.2rem; /* border-radius: 0.2rem;
border: 1px solid #CCC;*/ border: 1px solid #CCC;*/
margin: 0 auto; margin: 0 auto;

2
user.tpl
View File

@ -58,7 +58,7 @@
</div> </div>
<div class="grid-item"> <div class="grid-item">
<a href="/change_pwd">ikusi</a> <a href="/logs">ikusi</a>
</div> </div>