1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
from django.contrib.auth.decorators import login_required
from apps.changepw.models import ChangePasswordForm
from apps.fedlogin.views import fedlogin
from django.http import HttpResponse
from django.shortcuts import render
import random
import nordunet_change_password as pw
def _change_password(pwtype, user, new_password):
'''
Use this to call your change password function.
'''
if pwtype == 'sso':
ret = pw.change_nordunet_sso_pw(user, new_password)
elif pwtype == 'ppp':
ret = pw.change_nordunet_ppp_pw(user, new_password)
elif pwtype == 'net':
ret = pw.change_nordunet_net_pw(user, new_password)
elif pwtype == 'vpn':
ret = pw.change_nordunet_vpn_pw(user, new_password)
else:
ret = 'Could not change that password type.'
return ret
def _change_other(request, *args):
'''
Use this to call your change function.
'''
user = request.user
ssh_key = request.POST.get('ssh_key', None)
if ssh_key:
ret = pw.set_public_ssh_key(user, ssh_key)
else:
return 1
return ret
def _get_username(request):
'''
Returns the actual username from the Shibboleth uid.
request.user.username == username@domain.com
'''
return request.user.username.split('@')[0]
def _generate_password(n, z=3):
'''
Returns a psudo random string of lenght n in accordance to the NORDUnet
security standard. z is the number of non-letters to include.
'''
letters = 'abcdefghijklmnopqrstuvwxyz'
others = '1234567890!#%&?+*-_.<>'
pw = []
for i in range(0, n//2):
pw.append(random.choice(letters))
pw.append(random.choice(letters.upper()))
random.shuffle(pw)
pw = pw[:n]
for i in random.sample(range(0, n-1), z):
pw[i] = random.choice(others)
return ''.join(pw)
@login_required()
def index(request):
'''
Greets the user and presents the choices available.
'''
fedlogin(request) # XXX Hack to force db update
username = _get_username(request)
try:
full_name = request.user.get_full_name()
except AttributeError:
full_name = username
return render(request,
'changepw/index.html',
{'full_name': full_name, 'username': username})
@login_required()
def change_password(request, pwtype):
'''
If the user is authenticated and the form is valid the password
changing script will be run with the username and new password.
The function that changes the password has to be provided as func.
'''
username = _get_username(request)
form = ChangePasswordForm(request.POST or None)
return_value = -1
if request.method == 'POST':
if form.is_valid():
new_password = form.cleaned_data['new_password']
return_value = _change_password(pwtype, request.user, new_password)
form = None
return render(request,
'changepw/change_password.html',
{'form': form,
'username': username,
'pwtype': pwtype,
'return_value': return_value})
@login_required()
def change_other(request, *args):
'''
Just passes along the request so that something can be done for that user.
'''
username = _get_username(request)
return_value = None
if request.method == 'POST':
return_value = _change_other(request, *args)
return render(request,
'changepw/change_other.html',
{'username': username, 'return_value': return_value})
@login_required()
def change_public_ssh_keys(request):
"""
Lets the user remove or add public SSH keys.
"""
if request.POST:
ssh_key = request.POST.get('ssh_key', None)
if ssh_key:
ret = pw.set_public_ssh_key(request.user, ssh_key)
else:
ret = 'No SSH key to add.'
ssh_keys = pw.get_public_ssh_keys(request.user)
return render(request,
'changepw/change_public_ssh_key.html',
{'username': request.user.username,
'ssh_keys': ssh_keys,
'return_value': ret})
else:
ssh_keys = pw.get_public_ssh_keys(request.user)
return render(request,
'changepw/change_public_ssh_key.html',
{'username': request.user.username,
'ssh_keys': ssh_keys,
'return_value': None})
@login_required()
def delete_public_ssh_key(request, key_number):
"""
Delete a public SSH key.
"""
ssh_keys = pw.get_public_ssh_keys(request.user)
ret = pw.del_public_ssh_key(request.user, ssh_keys[int(key_number)])
ssh_keys = pw.get_public_ssh_keys(request.user)
return render(request,
'changepw/change_public_ssh_key.html',
{
'username': request.user.username,
'ssh_keys': ssh_keys,
'return_value': ret})
def _create_ieduroam_conf(user):
"""
Creates an xml config (http://www.apple.com/DTDs/PropertyList-1.0.dtd) for
iPhone, iPod Touch or Ipad that can be set by surfing to the URL.
Should ultimately returned with
HttpResponse(conf, mimetype='application/x-apple-aspen-config')
"""
try:
f = open('/var/lib/django/sso/apps/changepw/eduroam.mobileconfig')
except IOError:
return 'Could not open boilerplate configuration.'
uid = user.username.split('@')[0]
s = ''.join(f.readlines())
s = s.replace('nordu-user', '%s-pwman' % uid)
conf = s.replace('eduroam-user', '%s/ppp' % uid)
return conf
def ideviceconf(request):
"""
HACK
"""
user = request.user
conf = _create_ieduroam_conf(user)
return HttpResponse(conf, content_type='application/x-apple-aspen-config')
|
