add change password
This commit is contained in:
@@ -1,9 +1,12 @@
|
||||
import logging
|
||||
|
||||
from ldap3 import Server, Connection
|
||||
from ldap3 import Server, Connection, HASHED_SALTED_SHA, MODIFY_REPLACE
|
||||
from ldap3.core.exceptions import LDAPBindError
|
||||
from ldap3.utils.hashed import hashed
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
host = "ldap://juri.fet.htu.tuwien.ac.at"
|
||||
port = 389
|
||||
|
||||
|
||||
def authentication(username, password):
|
||||
@@ -11,8 +14,7 @@ def authentication(username, password):
|
||||
if password is None or password.strip() == "":
|
||||
return None
|
||||
|
||||
server_uri = "ldap://juri.fet.htu.tuwien.ac.at"
|
||||
server = Server(server_uri, port=389, use_ssl=True)
|
||||
server = Server(host, port=port, use_ssl=True)
|
||||
userdn = f"uid={username},ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"
|
||||
|
||||
try:
|
||||
@@ -21,9 +23,29 @@ def authentication(username, password):
|
||||
return username
|
||||
|
||||
except LDAPBindError as e:
|
||||
logger.info(f"LDAP Bind Error. Error: {e}")
|
||||
logger.info(f"LDAP Bind error. Error: {e}")
|
||||
except Exception as e:
|
||||
logger.info(f"Auth Exception. Error: {e}")
|
||||
logger.info(f"Auth exception. Error: {e}")
|
||||
|
||||
logger.info(f"This username has been typed: '{username}'")
|
||||
return None
|
||||
|
||||
|
||||
def change_password(username, old_password, new_password):
|
||||
server = Server(host, port=port, use_ssl=True)
|
||||
userdn = f"uid={username},ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"
|
||||
|
||||
try:
|
||||
c = Connection(server, user=userdn, password=old_password, auto_bind=True)
|
||||
|
||||
hashed_password = hashed(HASHED_SALTED_SHA, new_password)
|
||||
c.modify(userdn, {"userPassword": [(MODIFY_REPLACE, [hashed_password])]})
|
||||
|
||||
return username
|
||||
|
||||
except LDAPBindError as e:
|
||||
logger.info(f"LDAP Bind error. Error: {e}")
|
||||
except Exception as e:
|
||||
logger.info(f"Auth change-password exception. Error: {e}")
|
||||
|
||||
return None
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
from django.contrib.auth.forms import AuthenticationForm
|
||||
from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm
|
||||
from django.contrib.auth.models import User
|
||||
from django.core.validators import ValidationError
|
||||
|
||||
from .authentications import authentication
|
||||
from .authentications import authentication, change_password
|
||||
|
||||
|
||||
class LoginForm(AuthenticationForm):
|
||||
@@ -26,3 +27,23 @@ class LoginForm(AuthenticationForm):
|
||||
self.confirm_login_allowed(self.user_cache)
|
||||
|
||||
return self.cleaned_data
|
||||
|
||||
|
||||
class LdapPasswordChangeForm(PasswordChangeForm):
|
||||
def clean_old_password(self):
|
||||
old_password = self.cleaned_data["old_password"]
|
||||
if not authentication(self.user.username, old_password):
|
||||
raise ValidationError(
|
||||
self.error_messages["password_incorrect"],
|
||||
code="password_incorrect",
|
||||
)
|
||||
return old_password
|
||||
|
||||
def clean(self):
|
||||
old_password = self.cleaned_data["old_password"]
|
||||
new_password = self.cleaned_data["new_password1"]
|
||||
if not change_password(self.user, old_password, new_password):
|
||||
raise ValidationError("Passwort im LDAP ändern funktioniert nicht.")
|
||||
|
||||
def save(self):
|
||||
return self.user
|
||||
|
||||
@@ -8,4 +8,14 @@ app_name = apps.AuthenticationsConfig.name
|
||||
urlpatterns = [
|
||||
path("login/", views.AuthLoginView.as_view(), name="login"),
|
||||
path("logout/", views.logoutUser, name="logout"),
|
||||
path(
|
||||
"change-password/",
|
||||
views.LdapPasswordChangeView.as_view(),
|
||||
name="change-password",
|
||||
),
|
||||
path(
|
||||
"change-password/done/",
|
||||
views.LdapPasswordChangeDoneView.as_view(),
|
||||
name="password-change-done",
|
||||
),
|
||||
]
|
||||
|
||||
@@ -1,12 +1,13 @@
|
||||
from django.contrib.auth import logout
|
||||
from django.contrib.auth.views import LoginView
|
||||
from django.contrib.auth.views import LoginView, PasswordChangeDoneView, PasswordChangeView
|
||||
from django.shortcuts import redirect
|
||||
|
||||
from documents.etherpadlib import del_ep_cookie
|
||||
|
||||
from .decorators import authenticated_user
|
||||
from .forms import LoginForm
|
||||
from .forms import LdapPasswordChangeForm, LoginForm
|
||||
|
||||
from django.urls import reverse_lazy, reverse
|
||||
|
||||
class AuthLoginView(LoginView):
|
||||
authentication_form = LoginForm
|
||||
@@ -26,3 +27,13 @@ def logoutUser(request):
|
||||
response = del_ep_cookie(request, response)
|
||||
|
||||
return response
|
||||
|
||||
|
||||
class LdapPasswordChangeView(PasswordChangeView):
|
||||
form_class = LdapPasswordChangeForm
|
||||
success_url = reverse_lazy('authentications:password-change-done')
|
||||
template_name = "authentications/change_password.html"
|
||||
|
||||
|
||||
class LdapPasswordChangeDoneView(PasswordChangeDoneView):
|
||||
template_name = "authentications/change_password_done.html"
|
||||
|
||||
29
fet2020/templates/authentications/change_password.html
Normal file
29
fet2020/templates/authentications/change_password.html
Normal file
@@ -0,0 +1,29 @@
|
||||
{% extends 'base.html' %}
|
||||
|
||||
{% block title %}LDAP Passwort ändern{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<!-- Main Content -->
|
||||
<main class="container mx-auto w-full px-4 my-8 flex-grow flex flex-col">
|
||||
<h1 class="page-title">LDAP Passwort ändern</h1>
|
||||
|
||||
<div class="max-w-4xl mx-auto">
|
||||
<span class="text-gray-700 dark:text-gray-200">Aus Sicherheitsgründen bitte zuerst das alte Passwort und darunter dann zweimal das neue Passwort eingeben, um sicherzustellen, dass es es korrekt eingegeben wurde.</span>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="w-full h-full flex-1 flex justify-center items-center">
|
||||
<form action="{% url 'authentications:change-password' %}" method="POST" class="sm:p-4 sm:w-3/5 md:w-1/2 lg:w-2/5 xl:w-1/3 2xl:w-1/4 grid grid-cols-1 gap-3 sm:gap-6">
|
||||
{% csrf_token %}
|
||||
|
||||
{% include "baseform/non_field_errors.html" %}
|
||||
|
||||
{% include "baseform/password.html" with field=form.old_password %}
|
||||
{% include "baseform/password.html" with field=form.new_password1 %}
|
||||
{% include "baseform/password.html" with field=form.new_password2 %}
|
||||
|
||||
<input type="submit" class="block btn btn-primary" value="Passwort ändern">
|
||||
</form>
|
||||
</div>
|
||||
</main>
|
||||
{% endblock %}
|
||||
15
fet2020/templates/authentications/change_password_done.html
Normal file
15
fet2020/templates/authentications/change_password_done.html
Normal file
@@ -0,0 +1,15 @@
|
||||
{% extends 'base.html' %}
|
||||
|
||||
{% block title %}LDAP Passwort erfolgreich geändert{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<!-- Main Content -->
|
||||
<main class="container mx-auto w-full px-4 my-8 flex-grow flex flex-col">
|
||||
<h1 class="page-title">LDAP Passwort erfolgreich geändert</h1>
|
||||
|
||||
<div class="max-w-4xl mx-auto">
|
||||
<span class="text-gray-700 dark:text-gray-200">Ihr Passwort wurde geändert.</span>
|
||||
</div>
|
||||
|
||||
</main>
|
||||
{% endblock %}
|
||||
Reference in New Issue
Block a user