security-and-privacy/ldapcherry
security-and-privacy
/
ldapcherry
mirror of https://github.com/kakwa/ldapcherry
1
0
Fork 0
Code Releases Activity

Merge 9627789a24 into 53a4b6fd5e

This commit is contained in:
cconnert 2024-03-12 22:36:41 +01:00 committed by GitHub
parent 53a4b6fd5e 9627789a24
commit 03917c4209
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 144 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
ldapcherry/backend/backendLdap.py
View File

@ -460,12 +460,82 @@ class Backend(ldapcherry.backend.Backend):
dn = self._byte_p2(self._get_user(self._byte_p2(username), NO_ATTR))
# delete
if dn is not None:
groups = self.get_groups(username)
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: removing user '%(user)s' from '%(group)s'" % {
'user': username,
'group': groups,
'backend': self.backend_name
}
)
self.del_from_groups(username, groups)
ldap_client.delete_s(dn)
else:
ldap_client.unbind_s()
raise UserDoesntExist(username, self.backend_name)
ldap_client.unbind_s()
def __isModify(self, username, attrs, old_attrs, attr):
modify = True
# early exit
if old_attrs.get(attr) is None:
return modify
# various modification checks
if type(old_attrs[attr]) is list:
if type(attrs[attr]) is list:
if old_attrs[attr] == attrs[attr]:
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: skipping modification of equal-attribute '%(attr)s'"
"/'%(oldAttr)s' for user '%(user)s'" % {
'user': username,
'attr': attrs[attr],
'oldAttr': old_attrs[attr],
'backend': self.backend_name
}
)
modify = False
if attrs[attr] in old_attrs[attr]:
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: skipping modification of attribute '%(attr)s'"
" for user '%(user)s' as it is contained by '%(oldAttr)s'" % {
'user': username,
'attr': attrs[attr],
'oldAttr': old_attrs[attr],
'backend': self.backend_name
}
)
modify = False
else:
if type(attrs[attr]) is list:
if old_attrs[attr] in attrs[attr]:
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: skipping modification of contained-attribute '%(attr)s' "
"for user '%(user)s'" % {
'user': username,
'attr': attrs[attr],
'backend': self.backend_name
}
)
modify = False
else:
if attrs[attr] == old_attrs[attr]:
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: skipping modification of equal-attribute '%(attr)s'"
"/'%(oldAttr)s' for user '%(user)s'" % {
'user': username,
'attr': attrs[attr],
'oldAttr': old_attrs[attr],
'backend': self.backend_name
}
)
modify = False
return modify
def set_attrs(self, username, attrs):
""" set user attributes"""
ldap_client = self._bind()
@ -475,6 +545,20 @@ class Backend(ldapcherry.backend.Backend):
dn = self._byte_p2(tmp[0])
old_attrs = tmp[1]
for attr in attrs:
# skip equal attributes
if not self.__isModify(username, attrs, old_attrs, attr):
continue
else:
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: modifying user '%(user)s':"
" '%(attr)s' vs. '%(oldAttr)s'" % {
'user': username,
'attr': attrs[attr],
'oldAttr': old_attrs.get(attr),
'backend': self.backend_name
}
)
bcontent = self._byte_p2(attrs[attr])
battr = self._byte_p2(attr)
new = {battr: self._modlist(self._byte_p3(bcontent))}

16
resources/static/js/lc-filler.js
View File

@ -7,16 +7,26 @@
*
*/
function normalizeName(name) {
return removeDiacritics(name).toLowerCase().replace(/[^a-z]/g, '');
}
function lcUidExt(firstname, lastname, firstnameEnd, lastnameEnd){
return normalizeName(firstname).substring(0, parseInt(firstnameEnd))+normalizeName(lastname).substring(0,parseInt(lastnameEnd));
}
function lcUid(firstname, lastname){
var ascii_firstname = removeDiacritics(firstname).toLowerCase().replace(/[^a-z]/g, '');
var ascii_lastname = removeDiacritics(lastname).toLowerCase().replace(/[^a-z]/g, '');
return ascii_firstname.charAt(0)+ascii_lastname.substring(0,7);
return lcUidExt(firstname, lastname, 0, 7);
}
function lcDisplayName(firstname, lastname){
return firstname+' '+lastname;
}
function lcMailExt(firstname, lastname, domain, firstnameEnd, lastnameEnd){
return lcUidExt(firstname, lastname, firstnameEnd, lastnameEnd)+domain;
}
function lcMail(firstname, lastname, domain){
return lcUid(firstname, lastname)+domain;
}

2
resources/static/js/ppolicy.js
View File

@ -6,7 +6,7 @@ $('#form').validator({
};
var $ret = 'PPolicy error';
$.ajax({
url: '/checkppolicy',
url: './checkppolicy',
type: 'POST',
dataType: 'json',
async: false,

4
resources/templates/adduser.tmpl
View File

@ -6,7 +6,7 @@
</div>
<div class="col-md-12 column">
<div class="well well-sm">
<form method='POST' autocomplete="off" action='/adduser' role="form" class="form-signin" id="form">
<form method='POST' autocomplete="off" action='./adduser' role="form" class="form-signin" id="form">
<fieldset>
<legend>Fill new user's attributes:</legend>
${form | n}
@ -22,7 +22,7 @@
</div>
</div>
</form>
<script type="text/javascript" src="/static/js/ppolicy.js"></script>
<script type="text/javascript" src="./static/js/ppolicy.js"></script>
</div>
</div>
<div class="col-md-2 column">

54
resources/templates/base.tmpl
View File

@ -8,43 +8,43 @@
<meta name="description" content="directory manager">
<meta name="author" content="kakwa">
<!--link rel="stylesheet/less" href="/static/less/bootstrap.less" type="text/css" /-->
<!--link rel="stylesheet/less" href="/static/less/responsive.less" type="text/css" /-->
<!--script src="/static/js/less-1.3.3.min.js"></script-->
<!--link rel="stylesheet/less" href="./static/less/bootstrap.less" type="text/css" /-->
<!--link rel="stylesheet/less" href="./static/less/responsive.less" type="text/css" /-->
<!--script src="./static/js/less-1.3.3.min.js"></script-->
<!--append #!watch to the browser URL, then refresh the page. -->
<link href="/static/css/bootstrap.min.css" rel="stylesheet">
<link href="/static/css/custom.css" rel="stylesheet">
<link href="/static/css/style.css" rel="stylesheet">
<link href="/static/css/bootstrap-switch.css" rel="stylesheet">
<link href="/static/css/tablesorter-bootstrap.css" rel="stylesheet">
<link href="./static/css/bootstrap.min.css" rel="stylesheet">
<link href="./static/css/custom.css" rel="stylesheet">
<link href="./static/css/style.css" rel="stylesheet">
<link href="./static/css/bootstrap-switch.css" rel="stylesheet">
<link href="./static/css/tablesorter-bootstrap.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="/static/js/html5shiv.js"></script>
<script src="./static/js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/static/img/apple-touch-icon-144-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="114x114" href="/static/img/apple-touch-icon-114-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="72x72" href="/static/img/apple-touch-icon-72-precomposed.png">
<link rel="apple-touch-icon-precomposed" href="/static/img/apple-touch-icon-57-precomposed.png">
<link rel="icon" type="image/png" href="/static/img/favicon.png">
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="./static/img/apple-touch-icon-144-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="114x114" href="./static/img/apple-touch-icon-114-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="72x72" href="./static/img/apple-touch-icon-72-precomposed.png">
<link rel="apple-touch-icon-precomposed" href="./static/img/apple-touch-icon-57-precomposed.png">
<link rel="icon" type="image/png" href="./static/img/favicon.png">
<script type="text/javascript" src="/static/js/jquery.min.js"></script>
<script type="text/javascript" src="/static/js/bootstrap.min.js"></script>
<script type="text/javascript" src="/static/js/scripts.js"></script>
<script type="text/javascript" src="/static/js/validator.js"></script>
<script type="text/javascript" src="/static/js/bootstrap-notify.js"></script>
<script type="text/javascript" src="/static/js/jquery.tablesorter.min.js"></script>
<script type="text/javascript" src="/static/js/bootstrap-switch.js"></script>
<script type="text/javascript" src="/static/js/jquery.popconfirm.js"></script>
<script type="text/javascript" src="/static/js/removediacritic.js"></script>
<script type="text/javascript" src="/static/js/lc-filler.js"></script>
<script type="text/javascript" src="/static/js/sha1.js"></script>
<script type="text/javascript" src="./static/js/jquery.min.js"></script>
<script type="text/javascript" src="./static/js/bootstrap.min.js"></script>
<script type="text/javascript" src="./static/js/scripts.js"></script>
<script type="text/javascript" src="./static/js/validator.js"></script>
<script type="text/javascript" src="./static/js/bootstrap-notify.js"></script>
<script type="text/javascript" src="./static/js/jquery.tablesorter.min.js"></script>
<script type="text/javascript" src="./static/js/bootstrap-switch.js"></script>
<script type="text/javascript" src="./static/js/jquery.popconfirm.js"></script>
<script type="text/javascript" src="./static/js/removediacritic.js"></script>
<script type="text/javascript" src="./static/js/lc-filler.js"></script>
<script type="text/javascript" src="./static/js/sha1.js"></script>
% if custom_js:
% for js in custom_js:
<script type="text/javascript" src="/custom/${js}"></script>
<script type="text/javascript" src="./custom/${js}"></script>
% endfor
%endif
@ -70,6 +70,6 @@
<p class="muted credit"><a href="http://ldapcherry.readthedocs.org" target="_blank">LdapCherry</a> • © 2016 • Pierre-François Carpentier • Released under the MIT License</p>
</div>
</div>
<script type="text/javascript" src="/static/js/alignforms.js"></script>
<script type="text/javascript" src="./static/js/alignforms.js"></script>
</body>
</html>

2
resources/templates/error.tmpl
View File

@ -9,7 +9,7 @@
${message}
</h4>
</div>
<a class="btn btn-default blue" href='/'><span class="glyphicon glyphicon-home"></span> Return</a>
<a class="btn btn-default blue" href='./'><span class="glyphicon glyphicon-home"></span> Return</a>
</div>
</div>
</%block>

4
resources/templates/modify.tmpl
View File

@ -6,7 +6,7 @@
</div>
<div class="col-md-12 column">
<div class="well well-sm">
<form method='POST' action='/modify' role="form" class="form-signin" id="form">
<form method='POST' action='./modify' role="form" class="form-signin" id="form">
<fieldset>
<legend>Modify user's attributes:</legend>
${form | n}
@ -62,7 +62,7 @@
</div>
</div>
</form>
<script type="text/javascript" src="/static/js/ppolicy.js"></script>
<script type="text/javascript" src="./static/js/ppolicy.js"></script>
</div>
</div>
<div class="col-md-2 column">

14
resources/templates/navbar.tmpl
View File

@ -6,19 +6,19 @@
<nav class="navbar navbar-inverse" role="navigation">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> <span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button>
<a class="navbar-brand" href="/"><img src="/static/img/icon.png" alt="LdapCherry" height="22" width="22"></a>
<a class="navbar-brand" href="/selfmodify">Self Modify</a>
<a class="navbar-brand" href="./"><img src="./static/img/icon.png" alt="LdapCherry" height="22" width="22"></a>
<a class="navbar-brand" href="./selfmodify">Self Modify</a>
% if is_admin:
<a class="navbar-brand" href="/adduser">Add User</a>
<a class="navbar-brand" href="/searchadmin">Delete/Modify User</a>
<a class="navbar-brand" href="./adduser">Add User</a>
<a class="navbar-brand" href="./searchadmin">Delete/Modify User</a>
% endif
</div>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<a class="navbar-brand navbar-right" href='/logout'><span class="glyphicon glyphicon-off"></span> Logout</a>
<a class="navbar-brand navbar-right" href='./logout'><span class="glyphicon glyphicon-off"></span> Logout</a>
% if is_admin:
<form method='GET' action='/searchadmin' class="navbar-form navbar-right" role="search" data-toggle="validator">
<form method='GET' action='./searchadmin' class="navbar-form navbar-right" role="search" data-toggle="validator">
% else:
<form method='GET' action='/searchuser' class="navbar-form navbar-right" role="search" data-toggle="validator">
<form method='GET' action='./searchuser' class="navbar-form navbar-right" role="search" data-toggle="validator">
% endif
<div class="form-group">
% if is_admin:

6
resources/templates/searchadmin.tmpl
View File

@ -3,7 +3,7 @@
<%block name="core">
<div class="row clearfix">
<div class="col-md-12 column">
<form method='get' action='/searchadmin' role="form" class="form-inline" data-toggle="validator">
<form method='get' action='./searchadmin' role="form" class="form-inline" data-toggle="validator">
<div class="form-group">
<label for="searchstring">Search user to modify/delete</label>
<input type="text" class="form-control" id="searchstring" name="searchstring" placeholder="Search User">
@ -52,10 +52,10 @@
</td>
% endfor
<td>
<a href="/modify?user=${user | n,u}" class="btn btn-xs blue pad" ><span class="glyphicon glyphicon-cog"></span> Modify</a>
<a href="./modify?user=${user | n,u}" class="btn btn-xs blue pad" ><span class="glyphicon glyphicon-cog"></span> Modify</a>
</td>
<td>
<a href="/delete?user=${user | n,u}" data-toggle='confirmation-delete' class="btn btn-xs red pad"><span class="glyphicon glyphicon-remove-sign"></span> Delete</a>
<a href="./delete?user=${user | n,u}" data-toggle='confirmation-delete' class="btn btn-xs red pad"><span class="glyphicon glyphicon-remove-sign"></span> Delete</a>
</td>
</tr>
% endfor

2
resources/templates/searchuser.tmpl
View File

@ -3,7 +3,7 @@
<%block name="core">
<div class="row clearfix">
<div class="col-md-12 column">
<form method='get' action='/searchuser' role="form" class="form-inline" data-toggle="validator">
<form method='get' action='./searchuser' role="form" class="form-inline" data-toggle="validator">
<div class="form-group">
<label for="searchstring">Search user</label>
<input type="text" id="searchstring" data-minlength="3" data-error="Too short" class="form-control" name="searchstring" placeholder="Search User" required>

4
resources/templates/selfmodify.tmpl
View File

@ -6,7 +6,7 @@
</div>
<div class="col-md-12 column">
<div class="well well-sm">
<form method='POST' action='/selfmodify' autocomplete="off" role="form" class="form-signin" id="form">
<form method='POST' action='./selfmodify' autocomplete="off" role="form" class="form-signin" id="form">
<legend>Modify your attributes:</legend>
${form | n}
</fieldset>
@ -17,7 +17,7 @@
</div>
</div>
</form>
<script type="text/javascript" src="/static/js/ppolicy.js"></script>
<script type="text/javascript" src="./static/js/ppolicy.js"></script>
</div>
</div>
<div class="col-md-2 column">

2
resources/templates/service_unavailable.tmpl
View File

@ -9,7 +9,7 @@
Service Unavailable
</h4>
</div>
<a class="btn btn-default blue" href='/signin'><span class="glyphicon glyphicon-home"></span> Return</a>
<a class="btn btn-default blue" href='./signin'><span class="glyphicon glyphicon-home"></span> Return</a>
</div>
<div class="col-md-4 column"></div>
</div>