from geruecht import ldap, ldapConfig, getDebugLogger import geruecht.controller.emailController as ec from ldap3.utils.hashed import hashed from ldap3 import HASHED_SALTED_MD5, MODIFY_REPLACE import string import random emailController = ec.EmailController() debug = getDebugLogger() def randomString(stringLength=8): letters = string.ascii_letters + string.digits return ''.join(random.choice(letters) for i in range(stringLength)) class Base: def resetPassword(self, data): debug.info("forgot password {{ {} }}".format(data)) adminConn = ldap.connect(ldapConfig['ADMIN_DN'], ldapConfig['ADMIN_SECRET']) if 'username' in data: search = 'uid={}'.format(data['username'].lower()) elif 'mail' in data: search = 'mail={}'.format(data['mail'].lower()) else: debug.error("username or mail not set") raise Exception('username or mail not set') adminConn.search(ldapConfig['DN'], '(&(objectClass=person)({}))'.format(search), attributes=['cn', 'sn', 'givenName', 'uid', 'mail']) for user in adminConn.response: user_dn = user['dn'] uid = user['attributes']['uid'][0] mail = user['attributes']['mail'][0] mody = {} password = randomString() salted_password = hashed(HASHED_SALTED_MD5, password) mody['userPassword'] = [(MODIFY_REPLACE, [salted_password])] debug.info("reset password for {{ {} }}".format(user_dn)) adminConn.modify(user_dn, mody) emailController.sendMail(self.getUser(uid), type='passwordReset', password=password) return mail