added ldap modifying for users

This commit is contained in:
Tim Gröger 2020-01-26 23:31:22 +01:00
parent c76ed6d6da
commit 16521a60c2
10 changed files with 103 additions and 9 deletions

View File

@ -70,7 +70,7 @@ class AccesTokenController(metaclass=Singleton):
LOGGER.info("Found no valid AccessToken with token: {} and group: {}".format(token, group))
return False
def createAccesToken(self, user):
def createAccesToken(self, user, ldap_conn):
""" Create an AccessToken
Create an AccessToken for an User and add it to the tokenList.
@ -85,7 +85,7 @@ class AccesTokenController(metaclass=Singleton):
now = datetime.ctime(datetime.now())
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
self.checkBar(user)
accToken = AccessToken(user, token, datetime.now())
accToken = AccessToken(user, token, ldap_conn, datetime.now())
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
self.tokenList.append(accToken)
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))

View File

@ -4,6 +4,7 @@ from geruecht import db
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from datetime import datetime, timedelta
from geruecht.exceptions import UsernameExistDB, DatabaseExecption
import traceback
class DatabaseController(metaclass=Singleton):
@ -152,6 +153,20 @@ class DatabaseController(metaclass=Singleton):
except Exception as err:
traceback.print_exc()
def changeUsername(self, user, newUsername):
try:
cursor= self.db.connection.cursor()
cursor.execute("select * from user where uid='{}'".format(newUsername))
data = cursor.fetchall()
if data:
raise UsernameExistDB("Username already exists")
else:
cursor.execute("update user set uid='{}' where id={}".format(newUsername, user.id))
self.db.connection()
except Exception as err:
traceback.print_exc()
raise DatabaseExecption("Something went worng with Datatabase: {}".format(err))
if __name__ == '__main__':
db = DatabaseController()
user = db.getUser('jhille')

View File

@ -1,8 +1,10 @@
from geruecht import ldap
from ldap3 import SUBTREE, Connection
from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5
from ldap3.utils.hashed import hashed
from geruecht.model import MONEY, USER, GASTRO, BAR
from geruecht.exceptions import PermissionDenied
from . import Singleton
from geruecht.exceptions import UsernameExistLDAP, LDAPExcetpion
import traceback
class LDAPController(metaclass=Singleton):
@ -24,6 +26,10 @@ class LDAPController(metaclass=Singleton):
traceback.print_exception(err)
raise PermissionDenied("Wrong username or password.")
def bind(self, user, password):
ldap_conn = self.ldap.connect(user.dn, password)
return ldap_conn
def getUserData(self, username):
try:
self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail'])
@ -43,6 +49,7 @@ class LDAPController(metaclass=Singleton):
try:
retVal = []
self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['gidNumber'])
response = self.ldap.connection.response
main_group_number = self.ldap.connection.response[0]['attributes']['gidNumber']
if main_group_number:
group_data = self.ldap.connection.search('ou=group,{}'.format(self.dn), '(gidNumber={})'.format(main_group_number), attributes=['cn'])
@ -125,6 +132,31 @@ class LDAPController(metaclass=Singleton):
return retVal
def modifyUser(self, user, conn, attributes):
try:
if 'username' in attributes:
conn.search('ou=user,{}'.format(self.dn), '(uid={})'.format(attributes['username']))
if conn.entries:
raise UsernameExistLDAP("Username already exists in LDAP")
#create modifyer
mody = {}
if 'username' in attributes:
mody['uid'] = [(MODIFY_REPLACE, [attributes['username']])]
if 'firstname' in attributes:
mody['givenName'] = [(MODIFY_REPLACE, [attributes['firstname']])]
if 'lastname' in attributes:
mody['sn'] = [(MODIFY_REPLACE, [attributes['lastname']])]
if 'mail' in attributes:
mody['mail'] = [(MODIFY_REPLACE, [attributes['mail']])]
if 'password' in attributes:
salted_password = hashed(HASHED_SALTED_MD5, attributes['password'])
mody['userPassword'] = [(MODIFY_REPLACE, [salted_password])]
conn.modify(user.dn, mody)
except Exception as err:
traceback.print_exc()
raise LDAPExcetpion("Something went wrong in LDAP: {}".format(err))
if __name__ == '__main__':
a = LDAPController()

View File

@ -5,6 +5,7 @@ import geruecht.controller.emailController as ec
from geruecht.model.user import User
from geruecht.exceptions import PermissionDenied
from datetime import datetime, timedelta
from geruecht.exceptions import UsernameExistLDAP, UsernameExistDB, DatabaseExecption, LDAPExcetpion
db = dc.DatabaseController()
ldap = lc.LDAPController(ldapConfig['dn'])
@ -128,10 +129,31 @@ class UserController(metaclass=Singleton):
retVal.append(self.sendMail(user))
return retVal
def modifyUser(self, user, ldap_conn, attributes):
try:
if 'username' in attributes:
db.changeUsername(user, attributes['username'])
ldap.modifyUser(user, ldap_conn, attributes)
if 'username' in attributes:
return self.getUser(attributes['username'])
else:
return self.getUser(user.uid)
except UsernameExistLDAP as err:
db.changeUsername(user, user.uid)
raise Exception(err)
except LDAPExcetpion as err:
if 'username' in attributes:
db.changeUsername(user, user.uid)
raise Exception(err)
except Exception as err:
raise Exception(err)
def loginUser(self, username, password):
try:
user = self.getUser(username)
user.password = password
ldap.login(username, password)
return user
ldap_conn = ldap.bind(user, password)
return user, ldap_conn
except PermissionDenied as err:
raise err

View File

@ -1,2 +1,10 @@
class PermissionDenied(Exception):
pass
class UsernameExistDB(Exception):
pass
class UsernameExistLDAP(Exception):
pass
class DatabaseExecption(Exception):
pass
class LDAPExcetpion(Exception):
pass

View File

@ -4,6 +4,7 @@ from datetime import datetime
import geruecht.controller.userController as uc
from geruecht.model import MONEY
from geruecht.decorator import login_required
import time
finanzer = Blueprint("finanzer", __name__)

View File

@ -15,8 +15,9 @@ class AccessToken():
timestamp = None
user = None
token = None
ldap_conn = None
def __init__(self, user, token, timestamp=datetime.now()):
def __init__(self, user, token, ldap_conn, timestamp=datetime.now()):
""" Initialize Class AccessToken
No more to say.
@ -30,6 +31,7 @@ class AccessToken():
self.user = user
self.timestamp = timestamp
self.token = token
self.ldap_conn = ldap_conn
def updateTimestamp(self):
""" Update the Timestamp

View File

@ -49,6 +49,7 @@ class User():
self.group = data['gruppe'].split(',')
if 'creditLists' in data:
self.geruechte = data['creditLists']
self.password = ''
def updateData(self, data):
if 'dn' in data:
@ -204,7 +205,8 @@ class User():
"username": self.uid,
"locked": self.locked,
"autoLock": self.autoLock,
"limit": self.limit
"limit": self.limit,
"mail": self.mail
}
return dic

View File

@ -48,9 +48,9 @@ def _login():
password = data['password']
LOGGER.info("search {} in database".format(username))
try:
user = userController.loginUser(username, password)
user, ldap_conn = userController.loginUser(username, password)
user.password = password
token = accesTokenController.createAccesToken(user)
token = accesTokenController.createAccesToken(user, ldap_conn)
dic = accesTokenController.validateAccessToken(token, [USER]).user.toJSON()
dic["token"] = token
dic["accessToken"] = token

View File

@ -34,3 +34,15 @@ def _addAmount(**kwargs):
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
return jsonify(retVal)
return jsonify({"error": "something went wrong"}), 500
@user.route("/user/saveConfig", methods=['POST'])
@login_required(groups=[USER])
def _saveConfig(**kwargs):
try:
if 'accToken' in kwargs:
accToken = kwargs['accToken']
data = request.get_json()
accToken.user = userController.modifyUser(accToken.user, accToken.ldap_conn, data)
return jsonify(data)
except Exception as err:
return jsonify("error", err), 409