Commits

Fweddit committed 55ad733

Allow users to update their api through their account settings

Comments (0)

Files changed (3)

pizza_auth/main.py

 from ldap import MOD_ADD, MOD_DELETE, MOD_REPLACE
 import string, random
 import redis_wrap
+from updateaccounts import update_characters
 
 app = Flask(__name__)
 
 @login_required
 def update_account():
 	email = request.form["email"]
-	password = request.form["password"]
-	if "oldpassword" in request.form:
-		oldpassword = request.form["oldpassword"]
-		if not ldaptools.check_credentials(current_user.get_id(), oldpassword):
-			flash("You must confirm your old password to update your account.", "danger")
-			return redirect("/account")
+	oldpassword = request.form["oldpassword"]
+	api_id = request.form["api_id"]
+	api_key = request.form["api_key"]
+	update_needed = False
+	if api_id != current_user.keyID[0] or api_key != current_user.vCode[0]:
+		update_needed = True
+	if not ldaptools.check_credentials(current_user.get_id(), oldpassword):
+		flash("You must confirm your old password to update your account.", "danger")
+		return redirect("/account")
 	try:
+		if all(x in request.form for x in ["password", "password_confirm", "oldpassword"]):
+			if request.form["password"] != request.form["password_confirm"]:
+				flash("Password confirmation mismatch.", "danger")
+				return redirect("/account")
+			result = ldaptools.modattr(current_user.get_id(), MOD_REPLACE, "userPassword", ldaptools.makeSecret(request.form["password"]))
+			assert(result)
 		result = ldaptools.modattr(current_user.get_id(), MOD_REPLACE, "email", email)
 		assert(result)
-		result = ldaptools.modattr(current_user.get_id(), MOD_REPLACE, "userPassword", ldaptools.makeSecret(password))
+		result = ldaptools.modattr(current_user.get_id(), MOD_REPLACE, "keyID", api_id)
+		assert(result)
+		result = ldaptools.modattr(current_user.get_id(), MOD_REPLACE, "vCode", api_key)
 		assert(result)
 		flash("Account updated", "success")
 	except Exception:
 		flash("Update failed", "danger")
+	if update_needed is True:
+		update_characters([current_user.get_id()])
+	app.logger.info('User account {0} infos changed'.format(current_user.get_id()))
 	return redirect("/account")
 
 @app.route("/groups")

pizza_auth/templates/account.html

 						<tr>
 							<th>Confirm Old Password</th><td><input type="password" name="oldpassword" id="oldpassword" /></td>
 						</tr>
+						<tr>
+							<th>Key ID</th><td><input name="api_id" value="{{ current_user.keyID[0] }}" required/></td>
+						</tr>
+						<tr>
+							<th>vCode</th><td><input name="api_key" value="{{ current_user.vCode[0] }}" required/></td>
+						</tr>
 					</table>
 				<button type="submit" class="btn btn-default">Update</button>
 				</form>
 							email: {
 								required: true,
 								email: true
-							},
-							password: "required",
-							password_confirm: {
-								equalTo: "#password"
 							}
 						}
 					});

pizza_auth/updateaccounts.py

 import logging
 import time
 from logging import handlers
-from ldap import MOD_ADD, MOD_DELETE, MOD_REPLACE
+from ldap import MOD_ADD, MOD_DELETE, MOD_REPLACE, TYPE_OR_VALUE_EXISTS
 
 # Load configuration
 with open("config.json") as fh:
 
 safecharacters = ["twistedbot", "pingbot", "root", "deszra", "dimethus", "webchat"]
 
-if __name__ == "__main__":
+def update_characters(characters=None):
 	logger = logging.getLogger("updateusers")
 	logger.setLevel(logging.DEBUG)
 	fh = logging.FileHandler("./logs/updateusers_%d.log" % time.time())
 	fh.setFormatter(formatter)
 	logger.addHandler(fh)
 
-	for character in ldaptools.getusers("objectclass=xxPilot"):
+	ldap_characters = []
+	if characters is not None:
+		for character in characters:
+			ldap_characters.append(ldaptools.getuser(character))
+	else:
+		ldap_characters = ldaptools.getusers("objectclass=xxPilot")
+
+	for character in ldap_characters:
 		try:
 			characters = keytools.getcharacters(character.keyID, character.vCode)
 			characters = json.dumps(characters, default=lambda x:x.__dict__)
 				results[r["name"]] = r
 			assert(character.characterName[0] in results)
 			newcharacter = results[character.characterName[0]]
-			if (character.accountStatus[0] != newcharacter["result"]) and (character.get_id() not in safecharacters):
+			if character.accountStatus[0] != newcharacter["result"]:
 				logger.info( "%s status update \t %s -> %s" % ( character.get_id(), character.accountStatus[0], newcharacter["result"]) )
 				ldaptools.modattr(character.get_id(), MOD_REPLACE, "accountStatus", newcharacter["result"])
 
 					try:
 						ldaptools.modattr(character.get_id(), MOD_ADD, "alliance", newcharacter["allianceName"])
 
-					except ldap.TYPE_OR_VALUE_EXISTS:
+					except TYPE_OR_VALUE_EXISTS:
 						# Sneaky devil
 						# alliances can change
 						ldaptools.modattr(character.get_id(), MOD_REPLACE, "alliance", newcharacter["allianceName"])
-
 				else:
 					ldaptools.modattr(character.get_id(), MOD_REPLACE, "alliance", newcharacter["allianceName"])
 			if character.corporation[0] != newcharacter["corporationName"]:
 				logger.info( "%s corp update \t %s -> %s" % ( character.get_id(), character.corporation[0], newcharacter["corporationName"]) )
 				ldaptools.modattr(character.get_id(), MOD_REPLACE, "corporation", newcharacter["corporationName"])
-		
-
 
 		except RuntimeError:
 			if ("Expired" not in character.accountStatus) and (character.get_id() not in safecharacters):
 				ldaptools.modattr(character.get_id(), MOD_REPLACE, "accountStatus", "Expired")
 		except AssertionError:
 			logger.error("%s is not on this account" % character.characterName[0])
+
+
+if __name__ == "__main__":
+	update_characters()