flaschengeist/geruecht/controller/mainController/mainPasswordReset.py

from geruecht import ldap, ldapConfig, getDebugLogger
import geruecht.controller.emailController as ec
from ldap3.utils.hashed import hashed
from ldap3 import HASHED_SALTED_MD5, MODIFY_REPLACE
import string
import random

emailController = ec.EmailController()
debug = getDebugLogger()

def randomString(stringLength=8):
    letters = string.ascii_letters + string.digits
    return ''.join(random.choice(letters) for i in range(stringLength))

class Base:
    def resetPassword(self, data):
        debug.info("forgot password {{ {} }}".format(data))
        adminConn = ldap.connect(ldapConfig['ADMIN_DN'], ldapConfig['ADMIN_SECRET'])
        if 'username' in data:
            search = 'uid={}'.format(data['username'].lower())
        elif 'mail' in data:
            search = 'mail={}'.format(data['mail'].lower())
        else:
            debug.error("username or mail not set")
            raise Exception('username or mail not set')
        adminConn.search(ldapConfig['DN'], '(&(objectClass=person)({}))'.format(search),
                         attributes=['cn', 'sn', 'givenName', 'uid', 'mail'])
        for user in adminConn.response:
            user_dn = user['dn']
            uid = user['attributes']['uid'][0]
            mail = user['attributes']['mail'][0]
            mody = {}
            password = randomString()
            salted_password = hashed(HASHED_SALTED_MD5, password)
            mody['userPassword'] = [(MODIFY_REPLACE, [salted_password])]
            debug.info("reset password for {{ {} }}".format(user_dn))
            adminConn.modify(user_dn, mody)
            emailController.sendMail(self.getUser(uid), type='passwordReset', password=password)
            return mail