summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xindex.py38
-rw-r--r--static/app_password.pngbin0 -> 1927 bytes
-rw-r--r--static/info.pngbin0 -> 1933 bytes
-rw-r--r--static/layout.css18
-rw-r--r--templates/layout.xi8
-rw-r--r--templates/pwchange.html23
-rw-r--r--templates/select.html5
7 files changed, 86 insertions, 6 deletions
diff --git a/index.py b/index.py
index 3bf8f41..8aa1c35 100755
--- a/index.py
+++ b/index.py
@@ -73,13 +73,16 @@ class SubdapSite(object):
except LoginError, e:
return render(errors = {'password': str(e)})
+ return s.selectpage(l, dn)
+
+ def selectpage(s, l, dn, message = None):
user = ldapobj(l.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', []))
tgts = {}
for site in tgt_sites:
tgts[site] = urllib.urlencode(ticket.tgt_create(site, user['cn']))
- return render('select.html', user = user, tgts = tgts)
+ return render('select.html', user = user, tgts = tgts, message = message)
## x = ''
# for r in data:
@@ -91,12 +94,12 @@ class SubdapSite(object):
# details.append([k, value])
## x += '<tr><td>%s</td><td><pre>%s</pre></td></tr>\n' % (k, "<hr>".join(v))
- def params_validate(s, errors, username, password, password2):
+ def newpass_validate(s, username, password, password2, expectstate):
errors = {}
if username == None or username == '':
errors['username'] = 'please specify an user name'
- elif accountservice.name_valid(username) != 'valid':
- errors['username'] = 'username invalid or taken'
+ elif accountservice.name_valid(username) != expectstate:
+ errors['username'] = 'username invalid'
if password == None or len(password) < 6:
errors['password'] = 'please specify a password of at least 6 characters'
if password2 != password:
@@ -110,13 +113,38 @@ class SubdapSite(object):
if cherrypy.request.method.upper() == 'GET':
return render(errors = {}, username = '')
- errors = s.params_validate(errors, username, password, password2)
+ errors = s.newpass_validate(username, password, password2, 'valid')
if errors is not None:
return render(errors = errors, username = username)
accountservice.name_create(username, password)
return s.login(username, password)
+ @expose('pwchange.html')
+ def pwchange(s, username = None, oldpassword = None, password = None, password2 = None):
+ if cherrypy.request.method.upper() == 'GET':
+ return render(errors = {}, username = username)
+
+ errors = s.newpass_validate(username, password, password2, 'exists')
+ if errors is not None:
+ return render(errors = errors, username = username)
+
+ try: l, dn = s.login_perform(username, oldpassword)
+ except LoginError, e:
+ return render(errors = {'oldpassword': str(e)}, username = username)
+
+ import kerberos
+ try:
+ assert kerberos.changePassword(username + '@SUBLAB.ORG', oldpassword, password) == True
+ except kerberos.PwdChangeError, e:
+ return render(errors = {'password2': str(e.message)}, username = username)
+
+ return s.selectpage(l, dn,
+ '''Your password has been changed --
+ please note that it may take up to 10 minutes for Kerberos to update
+ its three heads. At any moment, either your old password or your new
+ password will work.''')
+
@cherrypy.expose
def kill(s):
import sys
diff --git a/static/app_password.png b/static/app_password.png
new file mode 100644
index 0000000..f498440
--- /dev/null
+++ b/static/app_password.png
Binary files differ
diff --git a/static/info.png b/static/info.png
new file mode 100644
index 0000000..0bcc358
--- /dev/null
+++ b/static/info.png
Binary files differ
diff --git a/static/layout.css b/static/layout.css
index eb670f5..1b8f0f5 100644
--- a/static/layout.css
+++ b/static/layout.css
@@ -61,6 +61,24 @@ div#creatpw {
input[type=submit] {
margin-top:1em;
}
+
+div#infobox {
+ display:inline-block;
+ max-width:40em;
+ color:#000;
+ background-color:#dde2ff;
+ border:1px solid #bcf;
+ margin:2em 0em -1em 0em;
+}
+div#infobox img {
+ float:left;
+ margin:15px 5px;
+}
+div#infobox p {
+ text-align:left;
+ margin-left:45px;
+}
+
body#error img {
float:left;
margin:2em;
diff --git a/templates/layout.xi b/templates/layout.xi
index 7b59619..e14e21b 100644
--- a/templates/layout.xi
+++ b/templates/layout.xi
@@ -14,8 +14,16 @@
</head>
</py:match>
+ <py:match path="sub:infobox" once="true">
+ <div id="infobox">
+ <img src="static/info.png" alt="info"/>
+ <p>${select('text()')}</p>
+ </div>
+ </py:match>
+
<py:match path="sub:bodyform" once="true">
<body id="formcont" py:attrs="select('@*')">
+ ${select('sub:infobox')}
<div>
<img id="logo" src="static/ldap.png" alt="subdap"/>
${select('*')}
diff --git a/templates/pwchange.html b/templates/pwchange.html
new file mode 100644
index 0000000..a7e0605
--- /dev/null
+++ b/templates/pwchange.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:py="http://genshi.edgewall.org/"
+ xmlns:sub="http://local.sublab.org/subdap/xmlns-templates"
+ xmlns:xi="http://www.w3.org/2001/XInclude">
+ <xi:include href="layout.xi"/>
+ <head>
+ <title>change password</title>
+ </head>
+ <sub:bodyform>
+ <form action='pwchange' method='POST'>
+ <div>uid: <input type='text' name='username' size="10" value="${username}"/></div>
+ <b class="error" py:if="'username' in errors">${errors.username}</b>
+ <div id="creatpw">old password: <input type='password' name='oldpassword' size="10" value=""/></div>
+ <b class="error" py:if="'oldpassword' in errors">${errors.oldpassword}</b>
+ <div id="creatpw">password: <input type='password' name='password' size="10" value=""/></div>
+ <b class="error" py:if="'password' in errors">${errors.password}</b>
+ <div>repeat: <input type='password' name='password2' size="10" value=""/></div>
+ <b class="error" py:if="'password2' in errors">${errors.password2}</b>
+ <input type='submit' value='change password'/>
+ </form>
+ </sub:bodyform>
+</html>
diff --git a/templates/select.html b/templates/select.html
index 8b5e47f..1391431 100644
--- a/templates/select.html
+++ b/templates/select.html
@@ -8,11 +8,14 @@
<head>
<title>login</title>
</head>
+ <sub:infobox py:if="message != None">
+ ${message}
+ </sub:infobox>
<sub:bodyform>
<div class="cont">
Hallo ${user['cn']}!
<p class="app"><a href="https://wiki.sublab.org/auth_subdap.php?${tgts['wiki']}"><img src="${url('static/app_wiki.png')}" alt="wiki"/> sublab.org wiki</a></p>
- <p class="app"><a href=""><img src="${url('static/app_subdap.png')}" alt="wiki"/> Benutzerdaten</a></p>
+ <p class="app"><a href="pwchange?username=${user['cn']}"><img src="${url('static/app_password.png')}" alt="pwchange"/> Passwort ändern</a></p>
</div>
</sub:bodyform>
</html>