Commits

Zhang Huangbin committed c2e114d

Ability to reset user password now.

Comments (0)

Files changed (6)

controllers/ldap/user.py

 class profile(dbinit):
     @base.protected
     def GET(self, profile_type, mail):
-        i = web.input(enabledService=[],)
+        i = web.input(enabledService=[], telephoneNumber=[],)
         self.mail = web.safestr(mail)
         self.profile_type = web.safestr(profile_type)
 
                         profile_type=self.profile_type,
                         mail=self.mail,
                         user_profile=self.profile,
+                        min_passwd_length=cfg.general.get('min_passwd_length'),
+                        max_passwd_length=cfg.general.get('max_passwd_length'),
                         msg=i.get('msg', None)
                         )
             else:
 
     @base.protected
     def POST(self, profile_type, mail):
-        i = web.input()
+        i = web.input(enabledService=[], telephoneNumber=[],)
         self.profile_type = web.safestr(profile_type)
         self.mail = web.safestr(mail)
 
                 mail=self.mail,
                 data=i,
                 )
-        if self.result:
+        if self.result is True:
             web.seeother('/profile/user/%s/%s?msg=UPDATED_SUCCESS' % (self.profile_type, self.mail))
-        else:
-            web.seeother('/profile/user/%s/%s?msg=UPDATED_FAILED' % (self.profile_type, self.mail))
+        elif self.result[0] is False:
+            web.seeother('/profile/user/%s/%s?msg=%s' % (self.profile_type, self.mail, self.result[1]))
 
 class create(dbinit):
     def __init__(self):

libs/iredutils.py

      seconds = int( total_seconds % MINUTE )
 
      return (days, hours, minutes)
+
+def getNewPassword(newpw, confirmpw):
+    # Get new passwords from user input.
+    newpw = str(newpw)
+    confirmpw = str(confirmpw)
+
+    # Empty password is not allowed.
+    if newpw == confirmpw:
+        passwd = newpw
+    else:
+        return (False, 'PW_MISMATCH')
+
+    if not len(passwd) > 0:
+        return (False, 'PW_EMPTY')
+
+    # Check password length.
+    min_passwd_length = cfg.general.get('min_passwd_length', 1)
+    max_passwd_length = cfg.general.get('max_passwd_length', 0)
+
+    if not len(passwd) >= int(min_passwd_length):
+        return (False, 'PW_LESS_THAN_MIN_LENGTH')
+
+    if int(max_passwd_length) != 0:
+        if not len(passwd) <= int(max_passwd_length):
+            return (False, 'PW_GREATER_THAN_MAX_LENGTH')
+
+    return (True, passwd)

libs/ldaplib/user.py

 import sys
 import ldap, ldap.filter
 import web
+from libs import iredutils
 from libs.ldaplib import core, attrs, ldaputils, deltree
 
+cfg = web.iredconfig
 session = web.config.get('_session')
 LDAPDecorators = core.LDAPDecorators()
 
         self.mail = web.safestr(mail)
         self.domain = self.mail.split('@', 1)[1]
 
+        mod_attrs = []
         if self.profile_type == 'general':
             # Get cn.
             cn = data.get('cn', None)
                 mod_attrs = [ ( ldap.MOD_DELETE, 'cn', None) ]
 
             # Get mail address.
+
             # Get mailQuota.
             mailQuota = web.safestr(data.get('mailQuota', None))
             if mailQuota == '':
                 accountStatus = 'active'
 
             mod_attrs += [ (ldap.MOD_REPLACE, 'accountStatus', accountStatus) ]
-
-            print >> sys.stderr, mod_attrs
+        elif self.profile_type == 'password':
+            # Get new passwords from user input.
+            self.newpw = str(data.get('newpw', None))
+            self.confirmpw = str(data.get('confirmpw', None))
+             
+            self.result = iredutils.getNewPassword(newpw=self.newpw, confirmpw=self.confirmpw,)
+            if self.result[0] is True:
+                self.passwd = ldaputils.generatePasswd(self.result[1], pwscheme=cfg.general.get('default_pw_scheme', 'SSHA'))
+                mod_attrs += [ (ldap.MOD_REPLACE, 'userPassword', self.passwd) ]
+            else:
+                return self.result
 
         try:
             dn = ldaputils.convEmailToUserDN(self.mail)
             self.conn.modify_s(dn, mod_attrs)
             return True
         except Exception, e:
-            return False
+            return (False, str(e))

settings.ini.sample

 # Default mta transport.
 mtaTransport = dovecot
 
+# Min/Max password length.
+#   - min_passwd_length: 0 means unlimited, but at least 1 character.
+#   - max_passwd_length: 0 means unlimited.
+min_passwd_length = 6
+max_passwd_length = 0
+
 [iredadmin]
 # Database used to store iRedAdmin data. e.g. sessions, log.
 dbn = mysql

templates/default/ldap/macros.html

     </fieldset>
 {%- endmacro %}
 
-{% macro display_reset_password(oldpw='', newpw='', confirmpw='', show_oldpw='no', show_confirmpw='yes', firstitem='yes') -%}
+{% macro display_reset_password(oldpw='', newpw='', confirmpw='', show_oldpw='no', show_confirmpw='yes', min_passwd_length='0', max_passwd_length='0', firstitem='yes') -%}
+    {% if min_passwd_length != '0' or max_passwd_length != '0' %}
+    <div class="ct-box info-box">
+        <ul class="info-list">
+            {% if min_passwd_length != '0' %}
+            <li><span>{{ _('New password must contain at least %s characters.') |format(min_passwd_length) }}</span><br />
+            {% endif %}
+
+            {% if max_passwd_length != '0' %}
+            <li><span>{{ _('New password must <strong>NOT</strong> contain more than %s characters.') |format(max_passwd_length) }}</span><br />
+            {% endif %}
+        </ul>
+    </div>
+    {% endif %}
+
     <fieldset class="frm-group {%if firstitem == 'yes' %}group1{%endif%}">
         <legend class="group-legend"><strong>Required information</strong></legend>
         {% if show_oldpw == 'yes' %}

templates/default/ldap/user_profile.html

         <div class="error">
             {{ _('Profile updated failed.') }}
         </div>
+        {% else %}
+            {# Password #}
+            {% if profile_type == 'password' %}
+            <div class="error">
+                {% if msg == 'PW_MISMATCH' %}
+                    {{ _('Two new passwords are not match.') }}
+                {% elif msg == 'PW_EMPTY' %}
+                    {{ _('Password is empty.') }}
+                {% elif msg == 'PW_LESS_THAN_MIN_LENGTH' %}
+                    {{ _('New password must contain at least %s characters.') |format(min_passwd_length) }}
+                {% elif msg == 'PW_GREATER_THAN_MAX_LENGTH' %}
+                    {{ _('New password must NOT contain more than %s characters.') |format(max_passwd_length) }}
+                {% endif %}
+            </div>
+            {% endif %}
         {% endif %}
     </div>
 {% endif %}
                 <label><span>{{ _('Username') }}</span></label>
                 <span class="fld-input"><input type="text" name="cn" value="{{cn}}" size="25" /></span>
             </div>
+            {#
             <div class="sf-box text">
                 <label><span>{{ _('Mail address') }}</span>{% if session.get('domainGlobalAdmin') == 'yes' %}<small>{{ _("Warning: Change mail address won't cause mailbox location changed.") }}</small>{%endif%}</label>
                 <span class="fld-input"><input type="text" name="username" value="{{username}}" size="25" />@{{domain}}</span>
             </div>
+            #}
         </div>
     </fieldset>
 
     {% endif %}
 
     {% if profile_type == 'password' %}
-    {{ display_reset_password(show_confirmpw='yes') }}
+    {{ display_reset_password(
+            show_confirmpw='yes',
+            min_passwd_length=min_passwd_length,
+            max_passwd_length=max_passwd_length)
+            }}
     {% endif %}
 
 </table>