added ldap modifying for users
This commit is contained in:
parent
c76ed6d6da
commit
16521a60c2
|
@ -70,7 +70,7 @@ class AccesTokenController(metaclass=Singleton):
|
|||
LOGGER.info("Found no valid AccessToken with token: {} and group: {}".format(token, group))
|
||||
return False
|
||||
|
||||
def createAccesToken(self, user):
|
||||
def createAccesToken(self, user, ldap_conn):
|
||||
""" Create an AccessToken
|
||||
|
||||
Create an AccessToken for an User and add it to the tokenList.
|
||||
|
@ -85,7 +85,7 @@ class AccesTokenController(metaclass=Singleton):
|
|||
now = datetime.ctime(datetime.now())
|
||||
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
|
||||
self.checkBar(user)
|
||||
accToken = AccessToken(user, token, datetime.now())
|
||||
accToken = AccessToken(user, token, ldap_conn, datetime.now())
|
||||
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
|
||||
self.tokenList.append(accToken)
|
||||
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))
|
||||
|
|
|
@ -4,6 +4,7 @@ from geruecht import db
|
|||
from geruecht.model.user import User
|
||||
from geruecht.model.creditList import CreditList
|
||||
from datetime import datetime, timedelta
|
||||
from geruecht.exceptions import UsernameExistDB, DatabaseExecption
|
||||
import traceback
|
||||
|
||||
class DatabaseController(metaclass=Singleton):
|
||||
|
@ -152,6 +153,20 @@ class DatabaseController(metaclass=Singleton):
|
|||
except Exception as err:
|
||||
traceback.print_exc()
|
||||
|
||||
def changeUsername(self, user, newUsername):
|
||||
try:
|
||||
cursor= self.db.connection.cursor()
|
||||
cursor.execute("select * from user where uid='{}'".format(newUsername))
|
||||
data = cursor.fetchall()
|
||||
if data:
|
||||
raise UsernameExistDB("Username already exists")
|
||||
else:
|
||||
cursor.execute("update user set uid='{}' where id={}".format(newUsername, user.id))
|
||||
self.db.connection()
|
||||
except Exception as err:
|
||||
traceback.print_exc()
|
||||
raise DatabaseExecption("Something went worng with Datatabase: {}".format(err))
|
||||
|
||||
if __name__ == '__main__':
|
||||
db = DatabaseController()
|
||||
user = db.getUser('jhille')
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
from geruecht import ldap
|
||||
from ldap3 import SUBTREE, Connection
|
||||
from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5
|
||||
from ldap3.utils.hashed import hashed
|
||||
from geruecht.model import MONEY, USER, GASTRO, BAR
|
||||
from geruecht.exceptions import PermissionDenied
|
||||
from . import Singleton
|
||||
from geruecht.exceptions import UsernameExistLDAP, LDAPExcetpion
|
||||
import traceback
|
||||
|
||||
class LDAPController(metaclass=Singleton):
|
||||
|
@ -24,6 +26,10 @@ class LDAPController(metaclass=Singleton):
|
|||
traceback.print_exception(err)
|
||||
raise PermissionDenied("Wrong username or password.")
|
||||
|
||||
def bind(self, user, password):
|
||||
ldap_conn = self.ldap.connect(user.dn, password)
|
||||
return ldap_conn
|
||||
|
||||
def getUserData(self, username):
|
||||
try:
|
||||
self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail'])
|
||||
|
@ -43,6 +49,7 @@ class LDAPController(metaclass=Singleton):
|
|||
try:
|
||||
retVal = []
|
||||
self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['gidNumber'])
|
||||
response = self.ldap.connection.response
|
||||
main_group_number = self.ldap.connection.response[0]['attributes']['gidNumber']
|
||||
if main_group_number:
|
||||
group_data = self.ldap.connection.search('ou=group,{}'.format(self.dn), '(gidNumber={})'.format(main_group_number), attributes=['cn'])
|
||||
|
@ -125,6 +132,31 @@ class LDAPController(metaclass=Singleton):
|
|||
|
||||
return retVal
|
||||
|
||||
def modifyUser(self, user, conn, attributes):
|
||||
try:
|
||||
if 'username' in attributes:
|
||||
conn.search('ou=user,{}'.format(self.dn), '(uid={})'.format(attributes['username']))
|
||||
if conn.entries:
|
||||
raise UsernameExistLDAP("Username already exists in LDAP")
|
||||
#create modifyer
|
||||
mody = {}
|
||||
if 'username' in attributes:
|
||||
mody['uid'] = [(MODIFY_REPLACE, [attributes['username']])]
|
||||
if 'firstname' in attributes:
|
||||
mody['givenName'] = [(MODIFY_REPLACE, [attributes['firstname']])]
|
||||
if 'lastname' in attributes:
|
||||
mody['sn'] = [(MODIFY_REPLACE, [attributes['lastname']])]
|
||||
if 'mail' in attributes:
|
||||
mody['mail'] = [(MODIFY_REPLACE, [attributes['mail']])]
|
||||
if 'password' in attributes:
|
||||
salted_password = hashed(HASHED_SALTED_MD5, attributes['password'])
|
||||
mody['userPassword'] = [(MODIFY_REPLACE, [salted_password])]
|
||||
conn.modify(user.dn, mody)
|
||||
except Exception as err:
|
||||
traceback.print_exc()
|
||||
raise LDAPExcetpion("Something went wrong in LDAP: {}".format(err))
|
||||
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
a = LDAPController()
|
||||
|
|
|
@ -5,6 +5,7 @@ import geruecht.controller.emailController as ec
|
|||
from geruecht.model.user import User
|
||||
from geruecht.exceptions import PermissionDenied
|
||||
from datetime import datetime, timedelta
|
||||
from geruecht.exceptions import UsernameExistLDAP, UsernameExistDB, DatabaseExecption, LDAPExcetpion
|
||||
|
||||
db = dc.DatabaseController()
|
||||
ldap = lc.LDAPController(ldapConfig['dn'])
|
||||
|
@ -128,10 +129,31 @@ class UserController(metaclass=Singleton):
|
|||
retVal.append(self.sendMail(user))
|
||||
return retVal
|
||||
|
||||
def modifyUser(self, user, ldap_conn, attributes):
|
||||
try:
|
||||
if 'username' in attributes:
|
||||
db.changeUsername(user, attributes['username'])
|
||||
ldap.modifyUser(user, ldap_conn, attributes)
|
||||
if 'username' in attributes:
|
||||
return self.getUser(attributes['username'])
|
||||
else:
|
||||
return self.getUser(user.uid)
|
||||
except UsernameExistLDAP as err:
|
||||
db.changeUsername(user, user.uid)
|
||||
raise Exception(err)
|
||||
except LDAPExcetpion as err:
|
||||
if 'username' in attributes:
|
||||
db.changeUsername(user, user.uid)
|
||||
raise Exception(err)
|
||||
except Exception as err:
|
||||
raise Exception(err)
|
||||
|
||||
def loginUser(self, username, password):
|
||||
try:
|
||||
user = self.getUser(username)
|
||||
user.password = password
|
||||
ldap.login(username, password)
|
||||
return user
|
||||
ldap_conn = ldap.bind(user, password)
|
||||
return user, ldap_conn
|
||||
except PermissionDenied as err:
|
||||
raise err
|
||||
|
|
|
@ -1,2 +1,10 @@
|
|||
class PermissionDenied(Exception):
|
||||
pass
|
||||
class UsernameExistDB(Exception):
|
||||
pass
|
||||
class UsernameExistLDAP(Exception):
|
||||
pass
|
||||
class DatabaseExecption(Exception):
|
||||
pass
|
||||
class LDAPExcetpion(Exception):
|
||||
pass
|
|
@ -4,6 +4,7 @@ from datetime import datetime
|
|||
import geruecht.controller.userController as uc
|
||||
from geruecht.model import MONEY
|
||||
from geruecht.decorator import login_required
|
||||
import time
|
||||
|
||||
finanzer = Blueprint("finanzer", __name__)
|
||||
|
||||
|
|
|
@ -15,8 +15,9 @@ class AccessToken():
|
|||
timestamp = None
|
||||
user = None
|
||||
token = None
|
||||
ldap_conn = None
|
||||
|
||||
def __init__(self, user, token, timestamp=datetime.now()):
|
||||
def __init__(self, user, token, ldap_conn, timestamp=datetime.now()):
|
||||
""" Initialize Class AccessToken
|
||||
|
||||
No more to say.
|
||||
|
@ -30,6 +31,7 @@ class AccessToken():
|
|||
self.user = user
|
||||
self.timestamp = timestamp
|
||||
self.token = token
|
||||
self.ldap_conn = ldap_conn
|
||||
|
||||
def updateTimestamp(self):
|
||||
""" Update the Timestamp
|
||||
|
|
|
@ -49,6 +49,7 @@ class User():
|
|||
self.group = data['gruppe'].split(',')
|
||||
if 'creditLists' in data:
|
||||
self.geruechte = data['creditLists']
|
||||
self.password = ''
|
||||
|
||||
def updateData(self, data):
|
||||
if 'dn' in data:
|
||||
|
@ -204,7 +205,8 @@ class User():
|
|||
"username": self.uid,
|
||||
"locked": self.locked,
|
||||
"autoLock": self.autoLock,
|
||||
"limit": self.limit
|
||||
"limit": self.limit,
|
||||
"mail": self.mail
|
||||
}
|
||||
return dic
|
||||
|
||||
|
|
|
@ -48,9 +48,9 @@ def _login():
|
|||
password = data['password']
|
||||
LOGGER.info("search {} in database".format(username))
|
||||
try:
|
||||
user = userController.loginUser(username, password)
|
||||
user, ldap_conn = userController.loginUser(username, password)
|
||||
user.password = password
|
||||
token = accesTokenController.createAccesToken(user)
|
||||
token = accesTokenController.createAccesToken(user, ldap_conn)
|
||||
dic = accesTokenController.validateAccessToken(token, [USER]).user.toJSON()
|
||||
dic["token"] = token
|
||||
dic["accessToken"] = token
|
||||
|
|
|
@ -34,3 +34,15 @@ def _addAmount(**kwargs):
|
|||
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
|
||||
return jsonify(retVal)
|
||||
return jsonify({"error": "something went wrong"}), 500
|
||||
|
||||
@user.route("/user/saveConfig", methods=['POST'])
|
||||
@login_required(groups=[USER])
|
||||
def _saveConfig(**kwargs):
|
||||
try:
|
||||
if 'accToken' in kwargs:
|
||||
accToken = kwargs['accToken']
|
||||
data = request.get_json()
|
||||
accToken.user = userController.modifyUser(accToken.user, accToken.ldap_conn, data)
|
||||
return jsonify(data)
|
||||
except Exception as err:
|
||||
return jsonify("error", err), 409
|
Loading…
Reference in New Issue