user kann ab jetzt sein password ändern

geruecht/controller/mainController/mainUserController.py

@@ -1,3 +1,5 @@
+from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
+
 from geruecht.exceptions import UsernameExistLDAP, LDAPExcetpion, PermissionDenied
 import geruecht.controller.databaseController as dc
 import geruecht.controller.ldapController as lc
@@ -114,22 +116,27 @@ class Base:
         debug.debug("user is {{ {} }}".format(user))
         return user
 
-    def modifyUser(self, user, ldap_conn, attributes):
-        debug.info("modify user {{ {} }} with attributes {{ {} }} with ldap_conn {{ {} }}".format(
-            user, attributes, ldap_conn))
+    def modifyUser(self, user, attributes, password):
+        debug.info("modify user {{ {} }} with attributes {{ {} }}".format(
+            user, attributes))
+
         try:
-            if 'username' in attributes:
-                debug.debug("change username, so change first in database")
-                db.changeUsername(user, attributes['username'])
-            ldap.modifyUser(user, ldap_conn, attributes)
-            if 'username' in attributes:
-                retVal = self.getUser(attributes['username'])
-                debug.debug("user is {{ {} }}".format(retVal))
-                return retVal
-            else:
-                retVal = self.getUser(user.uid)
-                debug.debug("user is {{ {} }}".format(retVal))
-                return retVal
+            ldap_conn = ldap.bind(user, password)
+            if attributes:
+                if 'username' in attributes:
+                    debug.debug("change username, so change first in database")
+                    db.changeUsername(user, attributes['username'])
+                ldap.modifyUser(user, ldap_conn, attributes)
+                if 'username' in attributes:
+                    retVal = self.getUser(attributes['username'])
+                    debug.debug("user is {{ {} }}".format(retVal))
+                    return retVal
+                else:
+                    retVal = self.getUser(user.uid)
+                    debug.debug("user is {{ {} }}".format(retVal))
+                    return retVal
+            return self.getUser(user.uid)
+
         except UsernameExistLDAP as err:
             debug.debug(
                 "username exists on ldap, rechange username on database", exc_info=True)
@@ -139,6 +146,10 @@ class Base:
             if 'username' in attributes:
                 db.changeUsername(user, user.uid)
                 raise Exception(err)
+        except LDAPPasswordIsMandatoryError as err:
+            raise Exception('Password wurde nicht gesetzt!!')
+        except LDAPBindError as err:
+            raise Exception('Password ist falsch')
         except Exception as err:
             raise Exception(err)
 

geruecht/user/routes.py

@@ -69,8 +69,10 @@ def _saveConfig(**kwargs):
         if 'accToken' in kwargs:
             accToken = kwargs['accToken']
             data = request.get_json()
+            password = data['acceptedPassword']
+            data.pop('acceptedPassword')
             accToken.user = mainController.modifyUser(
-                accToken.user, accToken.ldap_conn, data)
+                accToken.user, data, password)
             retVal = accToken.user.toJSON()
             retVal['creditList'] = {credit.year: credit.toJSON()
                                     for credit in accToken.user.geruechte}