summaryrefslogtreecommitdiff
path: root/index.py
diff options
context:
space:
mode:
Diffstat (limited to 'index.py')
-rwxr-xr-xindex.py38
1 files changed, 33 insertions, 5 deletions
diff --git a/index.py b/index.py
index 3bf8f41..8aa1c35 100755
--- a/index.py
+++ b/index.py
@@ -73,13 +73,16 @@ class SubdapSite(object):
except LoginError, e:
return render(errors = {'password': str(e)})
+ return s.selectpage(l, dn)
+
+ def selectpage(s, l, dn, message = None):
user = ldapobj(l.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', []))
tgts = {}
for site in tgt_sites:
tgts[site] = urllib.urlencode(ticket.tgt_create(site, user['cn']))
- return render('select.html', user = user, tgts = tgts)
+ return render('select.html', user = user, tgts = tgts, message = message)
## x = ''
# for r in data:
@@ -91,12 +94,12 @@ class SubdapSite(object):
# details.append([k, value])
## x += '<tr><td>%s</td><td><pre>%s</pre></td></tr>\n' % (k, "<hr>".join(v))
- def params_validate(s, errors, username, password, password2):
+ def newpass_validate(s, username, password, password2, expectstate):
errors = {}
if username == None or username == '':
errors['username'] = 'please specify an user name'
- elif accountservice.name_valid(username) != 'valid':
- errors['username'] = 'username invalid or taken'
+ elif accountservice.name_valid(username) != expectstate:
+ errors['username'] = 'username invalid'
if password == None or len(password) < 6:
errors['password'] = 'please specify a password of at least 6 characters'
if password2 != password:
@@ -110,13 +113,38 @@ class SubdapSite(object):
if cherrypy.request.method.upper() == 'GET':
return render(errors = {}, username = '')
- errors = s.params_validate(errors, username, password, password2)
+ errors = s.newpass_validate(username, password, password2, 'valid')
if errors is not None:
return render(errors = errors, username = username)
accountservice.name_create(username, password)
return s.login(username, password)
+ @expose('pwchange.html')
+ def pwchange(s, username = None, oldpassword = None, password = None, password2 = None):
+ if cherrypy.request.method.upper() == 'GET':
+ return render(errors = {}, username = username)
+
+ errors = s.newpass_validate(username, password, password2, 'exists')
+ if errors is not None:
+ return render(errors = errors, username = username)
+
+ try: l, dn = s.login_perform(username, oldpassword)
+ except LoginError, e:
+ return render(errors = {'oldpassword': str(e)}, username = username)
+
+ import kerberos
+ try:
+ assert kerberos.changePassword(username + '@SUBLAB.ORG', oldpassword, password) == True
+ except kerberos.PwdChangeError, e:
+ return render(errors = {'password2': str(e.message)}, username = username)
+
+ return s.selectpage(l, dn,
+ '''Your password has been changed --
+ please note that it may take up to 10 minutes for Kerberos to update
+ its three heads. At any moment, either your old password or your new
+ password will work.''')
+
@cherrypy.expose
def kill(s):
import sys