aitzol/ldap-python-webui
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

find_device

Browse Source
This commit is contained in:
aitzol 2023-04-11 18:19:16 +02:00
parent 3b8582a7df
commit f8ed4e028a
2 changed files with 55 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
app.py
View File

@ -396,10 +396,6 @@ def login_user_ldap(conf, username, password):
#with connect_ldap(conf) as c: #with connect_ldap(conf) as c:
with connect_ldap(conf, user=superUser.readonly_dn, password=superUser.readonly_pwd) as c: with connect_ldap(conf, user=superUser.readonly_dn, password=superUser.readonly_pwd) as c:
user_dn = find_user_dn(conf, c, username) user_dn = find_user_dn(conf, c, username)
cur_dev = get_dev()
known_device = find_device(conf, c, cur_dev)
print('KNOWN DEVICE:',known_device)
print(request.environ.get('HTTP_X_REAL_IP', request.remote_addr))
# Note: raises LDAPUserNameIsMandatoryError when user_dn is None. # Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c: with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c:
c.bind() c.bind()
@ -521,10 +517,10 @@ def register(conf, username, firstname, surname, password, email, isFake, device
uidNumber = find_uid_number(conf,c)+1 uidNumber = find_uid_number(conf,c)+1
directory = 'home/user/'+to_ascii(username) directory = 'home/user/'+to_ascii(username)
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' ts = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName': attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName':
firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake, firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake,
'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': t} 'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': ts}
new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base'] new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base']
c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes) c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes)
#create/change user password #create/change user password
@ -774,16 +770,16 @@ def find_email(conf, conn, email):
return False return False
#find devices #find device
def find_device(conf, conn, device): def find_device(user_dn, conn, device):
search_filter = '(uid=*)' search_filter = '(objectClass=*)'
if conn.search(conf['base'], search_filter, attributes=['devices']): if conn.search(user_dn, search_filter, attributes=['devices']):
for i in conn.response: for i in conn.response:
for j in i['attributes']['devices']: for j in i['attributes']['devices']:
if(j == device): if(j == device):
return True return True
return False return False
#find highest uidNumber #find highest uidNumber
def find_uid_number(conf, conn): def find_uid_number(conf, conn):
@ -860,22 +856,29 @@ def is_trusted_device(conf, user_dn):
superUser = SuperUsers(conf) superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
d = get_dev() d = get_dev()
if not find_device(conf, c, d): try:
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] if not find_device(user_dn, c, d):
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] }) OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.unbind() c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
return True '''
if find_device(user_dn, c, 'unknown'):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_REPLACE, d )] })
else:
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
'''
c.unbind()
return True
except Exception as e:
print(e)
return True
def update_login_info(conf, user_dn): def update_login_info(conf, user_dn):
superUser = SuperUsers(conf) superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr) ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z' ts = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] }) c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, ts )] })
#d = get_dev()
#if not find_device(conf, c, d):
#OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
#c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
c.unbind() c.unbind()
class Error(Exception): class Error(Exception):

58
libs/helper.py
View File

@ -5,42 +5,42 @@ import re
class Tools(): class Tools():
def __init__(self): def __init__(self):
self.username = '' self.username = ''
#check code #check code
def code_is_valid(self, code, db): def code_is_valid(self, code, db):
con = sqlite3.connect(db) con = sqlite3.connect(db)
cur = con.cursor() cur = con.cursor()
codes=[] codes=[]
for row in cur.execute('SELECT * FROM codes WHERE valid = 1'): for row in cur.execute('SELECT * FROM codes WHERE valid = 1'):
codes.append(row[0]) codes.append(row[0])
return(bool(code in codes)) return(bool(code in codes))
def mark_code_as_used(self, code, db): def mark_code_as_used(self, code, db):
con = sqlite3.connect(db) con = sqlite3.connect(db)
cur = con.cursor() cur = con.cursor()
cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code)) cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code))
con.commit() con.commit()
#form validation #form validation
def input_validation(self, e, ws=None): def input_validation(self, e, ws=None):
if ws: if ws:
#accepts whitespaces #accepts whitespaces
regex = r'^\w+( \w+)*$' regex = r'^\w+( \w+)*$'
else: else:
regex = r'^\w+$' regex = r'^\w+$'
return(bool(re.fullmatch(regex, e))) return(bool(re.fullmatch(regex, e)))
def email_validation(self, e): def email_validation(self, e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b' regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e))) return(bool(re.fullmatch(regex, e)))
def pwd_validation(self, e): def pwd_validation(self, e):
regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$' regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$'
return(bool(re.fullmatch(regex, e))) return(bool(re.fullmatch(regex, e)))
tools = Tools() tools = Tools()