Zhang Huangbin avatar Zhang Huangbin committed a72a741

Fix password policy while create new mail user.
Code cleanup.

Comments (0)

Files changed (6)

controllers/ldap/admin.py

             return render.admins()
 
 class create(dbinit):
+    @base.check_global_admin
     @base.protected
     def GET(self):
         return render.admin_create(
                 max_passwd_length=cfg.general.get('max_passwd_length'),
                 )
 
+    @base.check_global_admin
     @base.protected
     def POST(self):
         i = web.input()

controllers/ldap/user.py

         i = web.input()
 
         # Get domain name, username, cn.
-        self.domain = i.get('domainName', None)
-        self.username = i.get('username', None)
+        self.domain = web.safestr(i.get('domainName'))
+        self.username = web.safestr(i.get('username'))
 
-        if self.domain is None or self.username is None:
+        result = userLib.add(data=i)
+        if result[0] is True:
+            web.seeother('/profile/user/general/%s?msg=SUCCESS' % (self.username + '@' + self.domain))
+        else:
+            self.cn = i.get('cn', '')
+            self.quota = i.get('quota', domainLib.getDomainDefaultUserQuota(self.domain))
             return render.user_create(
                     domain=self.domain,
+                    username=self.username,
+                    cn=self.cn,
+                    quota=self.quota,
                     allDomains=domainLib.list(),
                     default_quota=domainLib.getDomainDefaultUserQuota(self.domain),
+                    min_passwd_length=cfg.general.get('min_passwd_length'),
+                    max_passwd_length=cfg.general.get('max_passwd_length'),
+                    msg=result[1],
                     )
 
-        cn = i.get('cn')
-        quota = i.get('quota', domainLib.getDomainDefaultUserQuota(self.domain))
-
-        # Check password.
-        newpw = web.safestr(i.get('newpw'))
-        confirmpw = web.safestr(i.get('confirmpw'))
-        if len(newpw) > 0 and len(confirmpw) > 0 and newpw == confirmpw:
-            passwd = ldaputils.generatePasswd(newpw, pwscheme=cfg.general.get('default_pw_scheme', 'SSHA'))
-        else:
-            return render.user_create(
-                    domain=self.domain,
-                    allDomains=domainLib.list(),
-                    username=self.username,
-                    default_quota=domainLib.getDomainDefaultUserQuota(self.domain),
-                    cn=cn,
-                    msg='PW_ERROR',
-                    )
-
-        ldif = iredldif.ldif_mailuser(
-                domain=web.safestr(self.domain),
-                username=web.safestr(self.username),
-                cn=cn,
-                passwd=passwd,
-                quota=quota,
-                )
-
-        dn = ldaputils.convEmailToUserDN(self.username + '@' + self.domain)
-        result = userLib.add(dn, ldif)
-        if result is True:
-            web.seeother('/profile/user/general/' + self.username + '@' + self.domain + '?msg=CREATE_SUCCESS')
-        elif result == 'ALREADY_EXISTS':
-            # TODO redirect to /create/user/DOMAIN
-            web.seeother('/users/' + self.domain + '?msg=ALREADY_EXISTS')
-        else:
-            web.seeother('/users/' + self.domain)
-
 class delete(dbinit):
     @base.protected
     def POST(self):

libs/ldaplib/user.py

 
         return self.user_profile
 
-    def add(self, dn, ldif):
+    @LDAPDecorators.check_global_admin
+    def add(self, data):
+        # Get domain name, username, cn.
+        self.domain = web.safestr(data.get('domainName'))
+        self.username = web.safestr(data.get('username'))
+
+        if self.domain == '' or self.username == '':
+            return (False, 'MISSING_DOMAIN_OR_USERNAME')
+
+        # Check password.
+        self.newpw = web.safestr(data.get('newpw'))
+        self.confirmpw = web.safestr(data.get('confirmpw'))
+
+        result = iredutils.getNewPassword(self.newpw, self.confirmpw)
+        if result[0] is True:
+            self.passwd = ldaputils.generatePasswd(result[1], pwscheme=cfg.general.get('default_pw_scheme', 'SSHA'))
+        else:
+            return result
+
+        self.cn = data.get('cn')
+        self.quota = data.get('quota', domainLib.getDomainDefaultUserQuota(self.domain))
+
+        ldif = iredldif.ldif_mailuser(
+                domain=self.domain,
+                username=self.username,
+                cn=self.cn,
+                passwd=self.passwd,
+                quota=self.quota,
+                )
+
+        self.dn = ldaputils.convEmailToUserDN(self.username + '@' + self.domain)
+
         try:
-            self.conn.add_s(ldap.filter.escape_filter_chars(dn), ldif,)
-            return True
+            self.conn.add_s(ldap.filter.escape_filter_chars(self.dn), ldif,)
+            return (True, 'SUCCESS')
         except ldap.ALREADY_EXISTS:
-            return 'ALREADY_EXISTS'
+            return (False, 'ALREADY_EXISTS')
         except Exception, e:
-            return str(e)
+            return (False, str(e))
 
     @LDAPDecorators.check_global_admin
     def delete(self, mails=[]):

templates/default/ldap/admin_create.html

         {% if msg == 'PW_MISMATCH' %}
             {{ _('Two new passwords are not match.') }}
         {% elif msg == 'PW_EMPTY' %}
-            {{ _('Password is empty.') }}
+            {{ _('EMPTY password is NOT allowed.') }}
         {% elif msg == 'PW_LESS_THAN_MIN_LENGTH' %}
             {{ _('New password must contain at least %s characters.') |format(min_passwd_length) }}
         {% elif msg == 'PW_GREATER_THAN_MAX_LENGTH' %}

templates/default/ldap/user_create.html

     <h2 class="hn"><span>{{ _('Create new mail user') }}</span></h2>
 </div>
 
+{# message #}
+{% if msg is defined and msg is not sameas none %}
+<div class="ct-box info-box">
+    <div class="error">
+        {% if msg == 'PW_MISMATCH' %}
+            {{ _('Two new passwords are not match.') }}
+        {% elif msg == 'PW_EMPTY' %}
+            {{ _('EMPTY password is NOT allowed.') }}
+        {% elif msg == 'PW_LESS_THAN_MIN_LENGTH' %}
+            {{ _('New password must contain at least %s characters.') |format(min_passwd_length) }}
+        {% elif msg == 'PW_GREATER_THAN_MAX_LENGTH' %}
+            {{ _('New password must NOT contain more than %s characters.') |format(max_passwd_length) }}
+        {% else %}
+            {{ msg }}
+        {% endif %}
+    </div>
+</div>
+{% endif %}
+
 {# Display input field for adding new domain. #}
 <div class="main-frm">
     <form class="frm-form" method="post" action="{{ctx.homepath}}/create/user">

templates/default/ldap/user_profile.html

 {# message #}
 {% if msg is defined and msg is not sameas none %}
     <div class="ct-box info-box">
-        {% if msg == 'CREATE_SUCCESS' %}
+        {% if msg == 'SUCCESS' %}
         <div class="success">
             {{ _('User created. Would you like to <a href="%s/create/user/%s">add one more</a>?' |format(ctx.homepath, mail.split('@', 1)[1] )) }}
         </div>
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.