55 lines
1.5 KiB
Python
55 lines
1.5 KiB
Python
import ldap
|
|
import kerberos
|
|
import flask
|
|
import flask_wtf
|
|
|
|
from webapp import app, context, config
|
|
from webapp.auth import login_required
|
|
|
|
bp = flask.Blueprint('passwd', __name__)
|
|
|
|
@bp.route('/passwd', methods=["GET"])
|
|
@login_required
|
|
def passwd_form():
|
|
return flask.render_template('passwd.html')
|
|
|
|
def _passwd_ldap(current, new):
|
|
conn = context.get_connection()
|
|
dn = context.get_dn()
|
|
try:
|
|
conn.passwd_s(dn, current. new)
|
|
return True
|
|
except ldap.LDAPError as e:
|
|
print('LDAP error:', e)
|
|
return False
|
|
|
|
def _passwd_kadmin(current, new):
|
|
username = flask.session.get('username')
|
|
try:
|
|
principal_name = config.kadmin_principal_map.format(username)
|
|
return kerberos.changePassword(principal_name, current, new)
|
|
except Exception as e:
|
|
print('Kerberos error:', e)
|
|
logging.exception('kpasswd failed')
|
|
return False
|
|
|
|
@bp.route('/passwd', methods=["POST"])
|
|
@login_required
|
|
def passwd_action():
|
|
current, new, confirm = (flask.request.form[n] for n in ('current', 'new', 'confirm'))
|
|
if new != confirm:
|
|
flask.flash(u"New passwords don't match", category='danger')
|
|
return flask.render_template('passwd.html')
|
|
|
|
result = False
|
|
if config.kadmin_passwd:
|
|
result = _passwd_kadmin(current, new)
|
|
else:
|
|
result = _passwd_ldap(current, new)
|
|
|
|
if result:
|
|
flask.flash(u'Password changed', category='info')
|
|
else:
|
|
flask.flash(u'Wrong password', category='danger')
|
|
return flask.render_template('passwd.html')
|