| |
@@ -161,9 +161,9 @@
|
| |
inst = _get_ds_instance(CONFIG['ldapurl'], dn, token)
|
| |
try:
|
| |
inst.open()
|
| |
- # except Exception as e:
|
| |
- # app.logger.debug(e)
|
| |
- # return '', 500
|
| |
+ except Exception as e:
|
| |
+ app.logger.debug(e)
|
| |
+ return '', 500
|
| |
finally:
|
| |
pass
|
| |
|
| |
@@ -171,14 +171,93 @@
|
| |
nsaccts = nsUserAccounts(inst, CONFIG['basedn'], rdn=None)
|
| |
acct = nsaccts.get(dn=req_dn)
|
| |
acct.ensure_attr_state(state)
|
| |
- # except Exception as e:
|
| |
- # app.logger.debug(e)
|
| |
- # return '', 500
|
| |
+ except Exception as e:
|
| |
+ app.logger.debug(e)
|
| |
+ return '', 500
|
| |
+ finally:
|
| |
+ inst.unbind_s()
|
| |
+
|
| |
+ return '', 200
|
| |
+
|
| |
+ @app.route('/account/<req_dn>/_password', methods=['PUT'])
|
| |
+ def account_dn_password_update(req_dn):
|
| |
+ try:
|
| |
+ dn = session['dn']
|
| |
+ enc_token = session['token']
|
| |
+ app.logger.debug(f'{enc_token}')
|
| |
+ token = FERNET.decrypt(enc_token).decode()
|
| |
+ except Exception as e:
|
| |
+ app.logger.debug(e)
|
| |
+ app.logger.error('Failed to decrypt auth token or get account details.')
|
| |
+ # TODO: Put a session invalid message here.
|
| |
+ return redirect(url_for('login'))
|
| |
+
|
| |
+ # Extract the content
|
| |
+ cur_pw = None
|
| |
+ new_pw = None
|
| |
+ conf_new_pw = None
|
| |
+ for val in request.json:
|
| |
+ if val["name"] == "currentpassword":
|
| |
+ cur_pw = val["value"]
|
| |
+ elif val["name"] == "newpassword":
|
| |
+ new_pw = val["value"]
|
| |
+ elif val["name"] == "confirmnewpassword":
|
| |
+ conf_new_pw = val["value"]
|
| |
+ else:
|
| |
+ pass
|
| |
+
|
| |
+ # Check the content for basic sanity.
|
| |
+ if cur_pw is None or new_pw is None or conf_new_pw is None:
|
| |
+ return '', 500
|
| |
+
|
| |
+ if new_pw != conf_new_pw:
|
| |
+ return '', 500
|
| |
+
|
| |
+ # Seems okay, lets do it.
|
| |
+ inst = _get_ds_instance(CONFIG['ldapurl'], dn, token)
|
| |
+ try:
|
| |
+ inst.open()
|
| |
+ except Exception as e:
|
| |
+ app.logger.debug(e)
|
| |
+ return '', 500
|
| |
+ finally:
|
| |
+ pass
|
| |
+
|
| |
+ try:
|
| |
+ nsaccts = nsUserAccounts(inst, CONFIG['basedn'], rdn=None)
|
| |
+ acct = nsaccts.get(dn=req_dn)
|
| |
+ acct.change_password(cur_pw, new_pw)
|
| |
+
|
| |
+ # WARNING: Because we current have the pw in the token, we need to re-issue it here else
|
| |
+ # we'd log the user out. In the futur version when fernet comes from 389-ds, this won't
|
| |
+ # be needed!
|
| |
+ token = FERNET.encrypt(str.encode(new_pw))
|
| |
+ session['token'] = token
|
| |
+
|
| |
+ except Exception as e:
|
| |
+ app.logger.debug(e)
|
| |
+ return '', 500
|
| |
finally:
|
| |
inst.unbind_s()
|
| |
|
| |
return '', 200
|
| |
|
| |
+ @app.route('/_password', methods=['GET'])
|
| |
+ def index_password():
|
| |
+ try:
|
| |
+ dn = session['dn']
|
| |
+ enc_token = session['token']
|
| |
+ app.logger.debug(f'{enc_token}')
|
| |
+ token = FERNET.decrypt(enc_token).decode()
|
| |
+ except Exception as e:
|
| |
+ app.logger.debug(e)
|
| |
+ app.logger.error('Failed to decrypt auth token or get account details.')
|
| |
+ # TODO: Put a session invalid message here.
|
| |
+ return redirect(url_for('login'))
|
| |
+
|
| |
+ app.logger.debug(f'{dn}, {token}')
|
| |
+ return render_template('password.html', dn=dn)
|
| |
+
|
| |
@app.route('/', methods=['GET'])
|
| |
def index():
|
| |
# Are they authenticated?
|
| |
This adds most of the core mechanism, the webui is a little unpolished, but it works.