7 files changed, 86 insertions, 6 deletions

diff --git a/index.py b/index.py
index 3bf8f41..8aa1c35 100755
--- a/index.py
+++ b/index.py
@@ -73,13 +73,16 @@ class SubdapSite(object):
 		except LoginError, e:
 			return render(errors = {'password': str(e)})
 
+		return s.selectpage(l, dn)
+	
+	def selectpage(s, l, dn, message = None):
 		user = ldapobj(l.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', []))
 
 		tgts = {}
 		for site in tgt_sites:
 			tgts[site] = urllib.urlencode(ticket.tgt_create(site, user['cn']))
 
-		return render('select.html', user = user, tgts = tgts)
+		return render('select.html', user = user, tgts = tgts, message = message)
 
 ##		x = ''
 #		for r in data:
@@ -91,12 +94,12 @@ class SubdapSite(object):
 #					details.append([k, value])
 ##				x += '<tr><td>%s</td><td><pre>%s</pre></td></tr>\n' % (k, "<hr>".join(v))
 
-	def params_validate(s, errors, username, password, password2):
+	def newpass_validate(s, username, password, password2, expectstate):
 		errors = {}
 		if username == None or username == '':
 			errors['username'] = 'please specify an user name'
-		elif accountservice.name_valid(username) != 'valid':
-			errors['username'] = 'username invalid or taken'
+		elif accountservice.name_valid(username) != expectstate:
+			errors['username'] = 'username invalid'
 		if password == None or len(password) < 6:
 			errors['password'] = 'please specify a password of at least 6 characters'
 		if password2 != password:
@@ -110,13 +113,38 @@ class SubdapSite(object):
 		if cherrypy.request.method.upper() == 'GET':
 			return render(errors = {}, username = '')
 
-		errors = s.params_validate(errors, username, password, password2)
+		errors = s.newpass_validate(username, password, password2, 'valid')
 		if errors is not None:
 			return render(errors = errors, username = username)
 
 		accountservice.name_create(username, password)
 		return s.login(username, password)
 
+	@expose('pwchange.html')
+	def pwchange(s, username = None, oldpassword = None, password = None, password2 = None):
+		if cherrypy.request.method.upper() == 'GET':
+			return render(errors = {}, username = username)
+
+		errors = s.newpass_validate(username, password, password2, 'exists')
+		if errors is not None:
+			return render(errors = errors, username = username)
+
+		try:	l, dn = s.login_perform(username, oldpassword)
+		except LoginError, e:
+			return render(errors = {'oldpassword': str(e)}, username = username)
+
+		import kerberos
+		try:
+			assert kerberos.changePassword(username + '@SUBLAB.ORG', oldpassword, password) == True
+		except kerberos.PwdChangeError, e:
+			return render(errors = {'password2': str(e.message)}, username = username)
+
+		return s.selectpage(l, dn,
+			'''Your password has been changed --
+			please note that it may take up to 10 minutes for Kerberos to update
+			its three heads. At any moment, either your old password or your new
+			password will work.''')
+
 	@cherrypy.expose
 	def kill(s):
 		import sys
diff --git a/static/app_password.png b/static/app_password.png
new file mode 100644
index 0000000..f498440
--- /dev/null
+++ b/static/app_password.png
diff --git a/static/info.png b/static/info.png
new file mode 100644
index 0000000..0bcc358
--- /dev/null
+++ b/static/info.png
diff --git a/static/layout.css b/static/layout.css
index eb670f5..1b8f0f5 100644
--- a/static/layout.css
+++ b/static/layout.css
@@ -61,6 +61,24 @@ div#creatpw {
 input[type=submit] {
 	margin-top:1em;
 }
+
+div#infobox {
+	display:inline-block;
+	max-width:40em;
+	color:#000;
+	background-color:#dde2ff;
+	border:1px solid #bcf;
+	margin:2em 0em -1em 0em;
+}
+div#infobox img {
+	float:left;
+	margin:15px 5px;
+}
+div#infobox p {
+	text-align:left;
+	margin-left:45px;
+}
+
 body#error img {
 	float:left;
 	margin:2em;
diff --git a/templates/layout.xi b/templates/layout.xi
index 7b59619..e14e21b 100644
--- a/templates/layout.xi
+++ b/templates/layout.xi
@@ -14,8 +14,16 @@
   </head>
  </py:match>
 
+ <py:match path="sub:infobox" once="true">
+  <div id="infobox">
+   <img src="static/info.png" alt="info"/>
+   <p>${select('text()')}</p>
+  </div>
+ </py:match>
+
  <py:match path="sub:bodyform" once="true">
   <body id="formcont" py:attrs="select('@*')">
+   ${select('sub:infobox')}
    <div>
     <img id="logo" src="static/ldap.png" alt="subdap"/>
     ${select('*')}
diff --git a/templates/pwchange.html b/templates/pwchange.html
new file mode 100644
index 0000000..a7e0605
--- /dev/null
+++ b/templates/pwchange.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html	xmlns="http://www.w3.org/1999/xhtml"
+	xmlns:py="http://genshi.edgewall.org/"
+	xmlns:sub="http://local.sublab.org/subdap/xmlns-templates"
+	xmlns:xi="http://www.w3.org/2001/XInclude">
+ <xi:include href="layout.xi"/>
+ <head>
+  <title>change password</title>
+ </head>
+ <sub:bodyform>
+  <form action='pwchange' method='POST'>
+   <div>uid: <input type='text' name='username' size="10" value="${username}"/></div>
+   <b class="error" py:if="'username' in errors">${errors.username}</b>
+   <div id="creatpw">old password: <input type='password' name='oldpassword' size="10" value=""/></div>
+   <b class="error" py:if="'oldpassword' in errors">${errors.oldpassword}</b>
+   <div id="creatpw">password: <input type='password' name='password' size="10" value=""/></div>
+   <b class="error" py:if="'password' in errors">${errors.password}</b>
+   <div>repeat: <input type='password' name='password2' size="10" value=""/></div>
+   <b class="error" py:if="'password2' in errors">${errors.password2}</b>
+   <input type='submit' value='change password'/>
+  </form>
+ </sub:bodyform>
+</html>
diff --git a/templates/select.html b/templates/select.html
index 8b5e47f..1391431 100644
--- a/templates/select.html
+++ b/templates/select.html
@@ -8,11 +8,14 @@
  <head>
   <title>login</title>
  </head>
+ <sub:infobox py:if="message != None">
+  ${message}
+ </sub:infobox>
  <sub:bodyform>
   <div class="cont">
    Hallo ${user['cn']}!
    <p class="app"><a href="https://wiki.sublab.org/auth_subdap.php?${tgts['wiki']}"><img src="${url('static/app_wiki.png')}" alt="wiki"/> sublab.org wiki</a></p>
-   <p class="app"><a href=""><img src="${url('static/app_subdap.png')}" alt="wiki"/> Benutzerdaten</a></p>
+   <p class="app"><a href="pwchange?username=${user['cn']}"><img src="${url('static/app_password.png')}" alt="pwchange"/> Passwort ändern</a></p>
   </div>
  </sub:bodyform>
 </html>