bofh/fet2020
8
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add change password

Browse Source
This commit is contained in:
Patrick Mayr
2023-01-06 16:03:33 +00:00
parent 0ee942e296
commit a2ae24d0ae
6 changed files with 117 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
fet2020/authentications/authentications.py
View File

@@ -1,9 +1,12 @@
import logging import logging
from ldap3 import Server, Connection from ldap3 import Server, Connection, HASHED_SALTED_SHA, MODIFY_REPLACE
from ldap3.core.exceptions import LDAPBindError from ldap3.core.exceptions import LDAPBindError
from ldap3.utils.hashed import hashed
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
host = "ldap://juri.fet.htu.tuwien.ac.at"
port = 389
def authentication(username, password): def authentication(username, password):
@@ -11,8 +14,7 @@ def authentication(username, password):
if password is None or password.strip() == "": if password is None or password.strip() == "":
return None return None
server_uri = "ldap://juri.fet.htu.tuwien.ac.at" server = Server(host, port=port, use_ssl=True)
server = Server(server_uri, port=389, use_ssl=True)
userdn = f"uid={username},ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at" userdn = f"uid={username},ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"
try: try:
@@ -21,9 +23,29 @@ def authentication(username, password):
return username return username
except LDAPBindError as e: except LDAPBindError as e:
logger.info(f"LDAP Bind Error. Error: {e}") logger.info(f"LDAP Bind error. Error: {e}")
except Exception as e: except Exception as e:
logger.info(f"Auth Exception. Error: {e}") logger.info(f"Auth exception. Error: {e}")
logger.info(f"This username has been typed: '{username}'") logger.info(f"This username has been typed: '{username}'")
return None return None
def change_password(username, old_password, new_password):
server = Server(host, port=port, use_ssl=True)
userdn = f"uid={username},ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"
try:
c = Connection(server, user=userdn, password=old_password, auto_bind=True)
hashed_password = hashed(HASHED_SALTED_SHA, new_password)
c.modify(userdn, {"userPassword": [(MODIFY_REPLACE, [hashed_password])]})
return username
except LDAPBindError as e:
logger.info(f"LDAP Bind error. Error: {e}")
except Exception as e:
logger.info(f"Auth change-password exception. Error: {e}")
return None

25
fet2020/authentications/forms.py
View File

@@ -1,7 +1,8 @@
from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.core.validators import ValidationError
from .authentications import authentication from .authentications import authentication, change_password
class LoginForm(AuthenticationForm): class LoginForm(AuthenticationForm):
@@ -26,3 +27,23 @@ class LoginForm(AuthenticationForm):
self.confirm_login_allowed(self.user_cache) self.confirm_login_allowed(self.user_cache)
return self.cleaned_data return self.cleaned_data
class LdapPasswordChangeForm(PasswordChangeForm):
def clean_old_password(self):
old_password = self.cleaned_data["old_password"]
if not authentication(self.user.username, old_password):
raise ValidationError(
self.error_messages["password_incorrect"],
code="password_incorrect",
)
return old_password
def clean(self):
old_password = self.cleaned_data["old_password"]
new_password = self.cleaned_data["new_password1"]
if not change_password(self.user, old_password, new_password):
raise ValidationError("Passwort im LDAP ändern funktioniert nicht.")
def save(self):
return self.user

10
fet2020/authentications/urls.py
View File

@@ -8,4 +8,14 @@ app_name = apps.AuthenticationsConfig.name
urlpatterns = [ urlpatterns = [
path("login/", views.AuthLoginView.as_view(), name="login"), path("login/", views.AuthLoginView.as_view(), name="login"),
path("logout/", views.logoutUser, name="logout"), path("logout/", views.logoutUser, name="logout"),
path(
"change-password/",
views.LdapPasswordChangeView.as_view(),
name="change-password",
),
path(
"change-password/done/",
views.LdapPasswordChangeDoneView.as_view(),
name="password-change-done",
),
] ]

15
fet2020/authentications/views.py
View File

@@ -1,12 +1,13 @@
from django.contrib.auth import logout from django.contrib.auth import logout
from django.contrib.auth.views import LoginView from django.contrib.auth.views import LoginView, PasswordChangeDoneView, PasswordChangeView
from django.shortcuts import redirect from django.shortcuts import redirect
from documents.etherpadlib import del_ep_cookie from documents.etherpadlib import del_ep_cookie
from .decorators import authenticated_user from .decorators import authenticated_user
from .forms import LoginForm from .forms import LdapPasswordChangeForm, LoginForm
from django.urls import reverse_lazy, reverse
class AuthLoginView(LoginView): class AuthLoginView(LoginView):
authentication_form = LoginForm authentication_form = LoginForm
@@ -26,3 +27,13 @@ def logoutUser(request):
response = del_ep_cookie(request, response) response = del_ep_cookie(request, response)
return response return response
class LdapPasswordChangeView(PasswordChangeView):
form_class = LdapPasswordChangeForm
success_url = reverse_lazy('authentications:password-change-done')
template_name = "authentications/change_password.html"
class LdapPasswordChangeDoneView(PasswordChangeDoneView):
template_name = "authentications/change_password_done.html"

29
fet2020/templates/authentications/change_password.html Normal file
View File

@@ -0,0 +1,29 @@
{% extends 'base.html' %}
{% block title %}LDAP Passwort ändern{% endblock %}
{% block content %}
<!-- Main Content -->
<main class="container mx-auto w-full px-4 my-8 flex-grow flex flex-col">
<h1 class="page-title">LDAP Passwort ändern</h1>
<div class="max-w-4xl mx-auto">
<span class="text-gray-700 dark:text-gray-200">Aus Sicherheitsgründen bitte zuerst das alte Passwort und darunter dann zweimal das neue Passwort eingeben, um sicherzustellen, dass es es korrekt eingegeben wurde.</span>
</div>
<div class="w-full h-full flex-1 flex justify-center items-center">
<form action="{% url 'authentications:change-password' %}" method="POST" class="sm:p-4 sm:w-3/5 md:w-1/2 lg:w-2/5 xl:w-1/3 2xl:w-1/4 grid grid-cols-1 gap-3 sm:gap-6">
{% csrf_token %}
{% include "baseform/non_field_errors.html" %}
{% include "baseform/password.html" with field=form.old_password %}
{% include "baseform/password.html" with field=form.new_password1 %}
{% include "baseform/password.html" with field=form.new_password2 %}
<input type="submit" class="block btn btn-primary" value="Passwort ändern">
</form>
</div>
</main>
{% endblock %}

15
fet2020/templates/authentications/change_password_done.html Normal file
View File

@@ -0,0 +1,15 @@
{% extends 'base.html' %}
{% block title %}LDAP Passwort erfolgreich geändert{% endblock %}
{% block content %}
<!-- Main Content -->
<main class="container mx-auto w-full px-4 my-8 flex-grow flex flex-col">
<h1 class="page-title">LDAP Passwort erfolgreich geändert</h1>
<div class="max-w-4xl mx-auto">
<span class="text-gray-700 dark:text-gray-200">Ihr Passwort wurde geändert.</span>
</div>
</main>
{% endblock %}