find_device

This commit is contained in:
aitzol 2023-04-11 18:19:16 +02:00
parent 3b8582a7df
commit f8ed4e028a
2 changed files with 55 additions and 52 deletions

49
app.py
View File

@ -396,10 +396,6 @@ def login_user_ldap(conf, username, password):
#with connect_ldap(conf) as c:
with connect_ldap(conf, user=superUser.readonly_dn, password=superUser.readonly_pwd) as c:
user_dn = find_user_dn(conf, c, username)
cur_dev = get_dev()
known_device = find_device(conf, c, cur_dev)
print('KNOWN DEVICE:',known_device)
print(request.environ.get('HTTP_X_REAL_IP', request.remote_addr))
# Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
with connect_ldap(conf, authentication=SIMPLE, user=user_dn, password=password) as c:
c.bind()
@ -521,10 +517,10 @@ def register(conf, username, firstname, surname, password, email, isFake, device
uidNumber = find_uid_number(conf,c)+1
directory = 'home/user/'+to_ascii(username)
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
ts = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
attributes = {'gidNumber': '501', 'uidNumber': uidNumber, 'homeDirectory': directory, 'givenName':
firstname, 'sn': surname, 'uid' : username, 'mail': email, 'active': False, 'fakeCn': isFake,
'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': t}
'devices':device, 'ip':request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'lastLogin': ts}
new_user_dn = "cn="+firstname+" "+surname+" - "+username+",cn=users,"+conf['base']
c.add(dn=new_user_dn,object_class=OBJECT_CLASS, attributes=attributes)
#create/change user password
@ -774,16 +770,16 @@ def find_email(conf, conn, email):
return False
#find devices
def find_device(conf, conn, device):
search_filter = '(uid=*)'
if conn.search(conf['base'], search_filter, attributes=['devices']):
#find device
def find_device(user_dn, conn, device):
search_filter = '(objectClass=*)'
if conn.search(user_dn, search_filter, attributes=['devices']):
for i in conn.response:
for j in i['attributes']['devices']:
if(j == device):
return True
return False
return False
#find highest uidNumber
def find_uid_number(conf, conn):
@ -860,22 +856,29 @@ def is_trusted_device(conf, user_dn):
superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
d = get_dev()
if not find_device(conf, c, d):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
c.unbind()
return True
try:
if not find_device(user_dn, c, d):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
'''
if find_device(user_dn, c, 'unknown'):
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_REPLACE, d )] })
else:
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
'''
c.unbind()
return True
except Exception as e:
print(e)
return True
def update_login_info(conf, user_dn):
superUser = SuperUsers(conf)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
t = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, t )] })
#d = get_dev()
#if not find_device(conf, c, d):
#OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
#c.modify(user_dn, {'devices': [( MODIFY_ADD, d )] })
ts = datetime.now().strftime('%Y%m%d%H%M%S')+'Z'
c.modify(user_dn, {'ip': [( MODIFY_REPLACE, str(ip) )], 'lastLogin': [( MODIFY_REPLACE, ts )] })
c.unbind()
class Error(Exception):

View File

@ -5,42 +5,42 @@ import re
class Tools():
def __init__(self):
self.username = ''
def __init__(self):
self.username = ''
#check code
def code_is_valid(self, code, db):
con = sqlite3.connect(db)
cur = con.cursor()
#check code
def code_is_valid(self, code, db):
con = sqlite3.connect(db)
cur = con.cursor()
codes=[]
for row in cur.execute('SELECT * FROM codes WHERE valid = 1'):
codes.append(row[0])
return(bool(code in codes))
codes=[]
for row in cur.execute('SELECT * FROM codes WHERE valid = 1'):
codes.append(row[0])
return(bool(code in codes))
def mark_code_as_used(self, code, db):
con = sqlite3.connect(db)
cur = con.cursor()
def mark_code_as_used(self, code, db):
con = sqlite3.connect(db)
cur = con.cursor()
cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code))
con.commit()
cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code))
con.commit()
#form validation
#form validation
def input_validation(self, e, ws=None):
if ws:
#accepts whitespaces
regex = r'^\w+( \w+)*$'
else:
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
def input_validation(self, e, ws=None):
if ws:
#accepts whitespaces
regex = r'^\w+( \w+)*$'
else:
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
def email_validation(self, e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def email_validation(self, e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def pwd_validation(self, e):
regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$'
return(bool(re.fullmatch(regex, e)))
def pwd_validation(self, e):
regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$'
return(bool(re.fullmatch(regex, e)))
tools = Tools()