diff options
| author | equinox <equinox@diac24.net> | 2011-09-27 02:09:53 +0200 |
|---|---|---|
| committer | equinox <equinox@diac24.net> | 2011-09-27 02:09:53 +0200 |
| commit | 8d2b75d61631e0794d436eefefb25644de1d2de4 (patch) | |
| tree | 01193f125c25b3f1068ae4638a002aedb5387c01 /index.py | |
| parent | ed927fd7ccafebfa68dc327c7389876131a9a870 (diff) | |
password change application
Diffstat (limited to 'index.py')
| -rwxr-xr-x | index.py | 38 |
1 files changed, 33 insertions, 5 deletions
@@ -73,13 +73,16 @@ class SubdapSite(object): except LoginError, e: return render(errors = {'password': str(e)}) + return s.selectpage(l, dn) + + def selectpage(s, l, dn, message = None): user = ldapobj(l.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', [])) tgts = {} for site in tgt_sites: tgts[site] = urllib.urlencode(ticket.tgt_create(site, user['cn'])) - return render('select.html', user = user, tgts = tgts) + return render('select.html', user = user, tgts = tgts, message = message) ## x = '' # for r in data: @@ -91,12 +94,12 @@ class SubdapSite(object): # details.append([k, value]) ## x += '<tr><td>%s</td><td><pre>%s</pre></td></tr>\n' % (k, "<hr>".join(v)) - def params_validate(s, errors, username, password, password2): + def newpass_validate(s, username, password, password2, expectstate): errors = {} if username == None or username == '': errors['username'] = 'please specify an user name' - elif accountservice.name_valid(username) != 'valid': - errors['username'] = 'username invalid or taken' + elif accountservice.name_valid(username) != expectstate: + errors['username'] = 'username invalid' if password == None or len(password) < 6: errors['password'] = 'please specify a password of at least 6 characters' if password2 != password: @@ -110,13 +113,38 @@ class SubdapSite(object): if cherrypy.request.method.upper() == 'GET': return render(errors = {}, username = '') - errors = s.params_validate(errors, username, password, password2) + errors = s.newpass_validate(username, password, password2, 'valid') if errors is not None: return render(errors = errors, username = username) accountservice.name_create(username, password) return s.login(username, password) + @expose('pwchange.html') + def pwchange(s, username = None, oldpassword = None, password = None, password2 = None): + if cherrypy.request.method.upper() == 'GET': + return render(errors = {}, username = username) + + errors = s.newpass_validate(username, password, password2, 'exists') + if errors is not None: + return render(errors = errors, username = username) + + try: l, dn = s.login_perform(username, oldpassword) + except LoginError, e: + return render(errors = {'oldpassword': str(e)}, username = username) + + import kerberos + try: + assert kerberos.changePassword(username + '@SUBLAB.ORG', oldpassword, password) == True + except kerberos.PwdChangeError, e: + return render(errors = {'password2': str(e.message)}, username = username) + + return s.selectpage(l, dn, + '''Your password has been changed -- + please note that it may take up to 10 minutes for Kerberos to update + its three heads. At any moment, either your old password or your new + password will work.''') + @cherrypy.expose def kill(s): import sys |