diff --git a/app.py b/app.py index 91a9e57..938d47a 100644 --- a/app.py +++ b/app.py @@ -396,10 +396,6 @@ def login_user_ldap(conf, username, password): #with connect_ldap(conf) as c: with connect_ldap(conf, user=superUser.readonly_dn, password=superUser.readonly_pwd) as c: user_dn = find_user_dn(conf, c, username) - cur_dev = get_dev() - known_device = find_device(conf, c, cur_dev) - print('KNOWN DEVICE:',known_device) - print(request.environ.get('HTTP_X_REAL_IP', request.remote_addr)) # Note: raises LDAPUserNameIsMandatoryError when user_dn is None. with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c: c.bind() @@ -521,10 +517,10 @@ def register(conf, username, firstname, surname, password, email, isFake, device uidNumber = find_uid_number(conf,c)+1 directory = 'home/user/'+to_ascii(username) OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] - t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' + ts = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName': firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake, - 'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': t} + 'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': ts} new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base'] c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes) #create/change user password @@ -774,16 +770,16 @@ def find_email(conf, conn, email): return False -#find devices -def find_device(conf, conn, device): - search_filter = '(uid=*)' - if conn.search(conf['base'], search_filter, attributes=['devices']): +#find device +def find_device(user_dn, conn, device): + search_filter = '(objectClass=*)' + if conn.search(user_dn, search_filter, attributes=['devices']): for i in conn.response: for j in i['attributes']['devices']: if(j == device): return True - return False + return False #find highest uidNumber def find_uid_number(conf, conn): @@ -860,22 +856,29 @@ def is_trusted_device(conf, user_dn): superUser = SuperUsers(conf) with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: d = get_dev() - if not find_device(conf, c, d): - OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] - c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] }) - c.unbind() - return True - + try: + if not find_device(user_dn, c, d): + OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] + c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] }) + ''' + if find_device(user_dn, c, 'unknown'): + OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] + c.modify(user_dn, {'devices': [( MODIFY_REPLACE, d )] }) + else: + OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] + c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] }) + ''' + c.unbind() + return True + except Exception as e: + print(e) + return True def update_login_info(conf, user_dn): superUser = SuperUsers(conf) with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr) - t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' - c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] }) - #d = get_dev() - #if not find_device(conf, c, d): - #OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] - #c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] }) + ts = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' + c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, ts )] }) c.unbind() class Error(Exception): diff --git a/libs/helper.py b/libs/helper.py index 2edf5c3..c6fc47e 100644 --- a/libs/helper.py +++ b/libs/helper.py @@ -5,42 +5,42 @@ import re class Tools(): - def __init__(self): - self.username = '' + def __init__(self): + self.username = '' - #check code - def code_is_valid(self, code, db): - con = sqlite3.connect(db) - cur = con.cursor() + #check code + def code_is_valid(self, code, db): + con = sqlite3.connect(db) + cur = con.cursor() - codes=[] - for row in cur.execute('SELECT * FROM codes WHERE valid = 1'): - codes.append(row[0]) - return(bool(code in codes)) + codes=[] + for row in cur.execute('SELECT * FROM codes WHERE valid = 1'): + codes.append(row[0]) + return(bool(code in codes)) - def mark_code_as_used(self, code, db): - con = sqlite3.connect(db) - cur = con.cursor() + def mark_code_as_used(self, code, db): + con = sqlite3.connect(db) + cur = con.cursor() - cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code)) - con.commit() + cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code)) + con.commit() - #form validation + #form validation - def input_validation(self, e, ws=None): - if ws: - #accepts whitespaces - regex = r'^\w+( \w+)*$' - else: - regex = r'^\w+$' - return(bool(re.fullmatch(regex, e))) + def input_validation(self, e, ws=None): + if ws: + #accepts whitespaces + regex = r'^\w+( \w+)*$' + else: + regex = r'^\w+$' + return(bool(re.fullmatch(regex, e))) - def email_validation(self, e): - regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b' - return(bool(re.fullmatch(regex, e))) + def email_validation(self, e): + regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b' + return(bool(re.fullmatch(regex, e))) - def pwd_validation(self, e): - regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$' - return(bool(re.fullmatch(regex, e))) + def pwd_validation(self, e): + regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$' + return(bool(re.fullmatch(regex, e))) tools = Tools()