update authentications

2023-08-01 16:02:01 +00:00
parent 70b017af9e
commit 0d17f30d72
2 changed files with 20 additions and 26 deletions
--- a/fet2020/authentications/authentications.py
+++ b/fet2020/authentications/authentications.py
@@ -18,12 +18,7 @@ def authentication(username, password):
    userdn = f"uid={username},ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"

    try:
-        c = Connection(server, user=userdn, password=password)
-
-        # perform the Bind operation
-        if not c.bind():
-            print("error in bind", c.result)
-
+        c = Connection(server, user=userdn, password=password, auto_bind=True)
        if c.extend.standard.who_am_i():
            return username

--- a/fet2020/authentications/forms.py
+++ b/fet2020/authentications/forms.py
@@ -1,6 +1,6 @@
 from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm
 from django.contrib.auth.models import User
-from django.core.validators import ValidationError
+from django.core.exceptions import ValidationError

 from .authentications import authentication, change_password

@@ -12,18 +12,17 @@ class LoginForm(AuthenticationForm):

        if username is not None and password:
            auth_user = authentication(username, password)
+            if auth_user is None:
+                raise ValidationError(
+                    "Bitte Benutzername und Passwort korrekt eingeben.",
+                    code="invalid_login",
+                )

-            if auth_user:
-                try:
-                    self.user_cache = User.objects.get(username=auth_user.lower())
-                except User.DoesNotExist:
-                    self.user_cache = User.objects.create_user(auth_user.lower())
-            else:
-                raise self.get_invalid_login_error()
-
-            if self.user_cache is None:
-                raise self.get_invalid_login_error()
-            else:
+            try:
+                self.user_cache = User.objects.get(username=auth_user.lower())
+            except User.DoesNotExist:
+                self.user_cache = User.objects.create_user(auth_user.lower())
+            finally:
                self.confirm_login_allowed(self.user_cache)

        return self.cleaned_data
@@ -31,19 +30,19 @@ class LoginForm(AuthenticationForm):

 class LdapPasswordChangeForm(PasswordChangeForm):
    def clean_old_password(self):
-        old_password = self.cleaned_data["old_password"]
-        if not authentication(self.user.username, old_password):
+        old_password = self.cleaned_data.get("old_password")
+        auth_user = authentication(self.user, old_password)
+        if auth_user is None:
            raise ValidationError(
                self.error_messages["password_incorrect"],
                code="password_incorrect",
            )
+
        return old_password

-    def clean(self):
-        old_password = self.cleaned_data["old_password"]
-        new_password = self.cleaned_data["new_password1"]
-        if not change_password(self.user, old_password, new_password):
-            raise ValidationError("Passwort im LDAP ändern funktioniert nicht.")
-
    def save(self):
+        old_password = self.cleaned_data.get("old_password")
+        new_password = self.cleaned_data.get("new_password1")
+        change_password(self.user, old_password, new_password)
+
        return self.user