From 57934b421ef3d2b28ab0b5f96328e2053123728b Mon Sep 17 00:00:00 2001 From: William Brown Date: Oct 04 2019 01:23:58 +0000 Subject: 6-password-change: Added self-service pw change --- diff --git a/server.py b/server.py index 4934467..e5c20bb 100644 --- a/server.py +++ b/server.py @@ -161,9 +161,9 @@ def account_dn_update(req_dn): inst = _get_ds_instance(CONFIG['ldapurl'], dn, token) try: inst.open() - # except Exception as e: - # app.logger.debug(e) - # return '', 500 + except Exception as e: + app.logger.debug(e) + return '', 500 finally: pass @@ -171,14 +171,93 @@ def account_dn_update(req_dn): nsaccts = nsUserAccounts(inst, CONFIG['basedn'], rdn=None) acct = nsaccts.get(dn=req_dn) acct.ensure_attr_state(state) - # except Exception as e: - # app.logger.debug(e) - # return '', 500 + except Exception as e: + app.logger.debug(e) + return '', 500 + finally: + inst.unbind_s() + + return '', 200 + +@app.route('/account//_password', methods=['PUT']) +def account_dn_password_update(req_dn): + try: + dn = session['dn'] + enc_token = session['token'] + app.logger.debug(f'{enc_token}') + token = FERNET.decrypt(enc_token).decode() + except Exception as e: + app.logger.debug(e) + app.logger.error('Failed to decrypt auth token or get account details.') + # TODO: Put a session invalid message here. + return redirect(url_for('login')) + + # Extract the content + cur_pw = None + new_pw = None + conf_new_pw = None + for val in request.json: + if val["name"] == "currentpassword": + cur_pw = val["value"] + elif val["name"] == "newpassword": + new_pw = val["value"] + elif val["name"] == "confirmnewpassword": + conf_new_pw = val["value"] + else: + pass + + # Check the content for basic sanity. + if cur_pw is None or new_pw is None or conf_new_pw is None: + return '', 500 + + if new_pw != conf_new_pw: + return '', 500 + + # Seems okay, lets do it. + inst = _get_ds_instance(CONFIG['ldapurl'], dn, token) + try: + inst.open() + except Exception as e: + app.logger.debug(e) + return '', 500 + finally: + pass + + try: + nsaccts = nsUserAccounts(inst, CONFIG['basedn'], rdn=None) + acct = nsaccts.get(dn=req_dn) + acct.change_password(cur_pw, new_pw) + + # WARNING: Because we current have the pw in the token, we need to re-issue it here else + # we'd log the user out. In the futur version when fernet comes from 389-ds, this won't + # be needed! + token = FERNET.encrypt(str.encode(new_pw)) + session['token'] = token + + except Exception as e: + app.logger.debug(e) + return '', 500 finally: inst.unbind_s() return '', 200 +@app.route('/_password', methods=['GET']) +def index_password(): + try: + dn = session['dn'] + enc_token = session['token'] + app.logger.debug(f'{enc_token}') + token = FERNET.decrypt(enc_token).decode() + except Exception as e: + app.logger.debug(e) + app.logger.error('Failed to decrypt auth token or get account details.') + # TODO: Put a session invalid message here. + return redirect(url_for('login')) + + app.logger.debug(f'{dn}, {token}') + return render_template('password.html', dn=dn) + @app.route('/', methods=['GET']) def index(): # Are they authenticated? diff --git a/templates/password.html b/templates/password.html new file mode 100644 index 0000000..6a47a50 --- /dev/null +++ b/templates/password.html @@ -0,0 +1,91 @@ + +{% extends "base.html" %} + + +{% block content %} +
+
+
+ +
+
+
+
+

Account: {{ dn }}

+ + + +
+
+ + + + +
+
+ + + + +
+
+ + + + +
+ + + +
+ + + +
+ + + +
+
+ +
+
+
+
+
+
+

Password Change

+

+ Whargarbel +

+
+
+
+ + + +{% endblock %} + diff --git a/templates/portal.html b/templates/portal.html index 5bfad1f..d39ffcf 100644 --- a/templates/portal.html +++ b/templates/portal.html @@ -78,6 +78,15 @@ {% endfor %} + + + + + + Change Password + + +