23 |
23 |
from django.core.exceptions import ImproperlyConfigured
|
24 |
24 |
from django.conf import settings
|
25 |
25 |
from django.contrib.auth.models import Group
|
26 |
|
from django.utils.encoding import smart_bytes, smart_text, force_text
|
|
26 |
from django.utils.encoding import force_bytes, force_text
|
27 |
27 |
|
28 |
28 |
from authentic2.a2_rbac.models import Role
|
29 |
29 |
|
... | ... | |
90 |
90 |
decrypted = crypto.aes_base64_decrypt(settings.SECRET_KEY, encrypted_bindpw,
|
91 |
91 |
raise_on_error=False)
|
92 |
92 |
if decrypted:
|
93 |
|
decrypted = smart_text(decrypted)
|
|
93 |
decrypted = force_text(decrypted)
|
94 |
94 |
self.ldap_data['block']['bindpw'] = decrypted
|
95 |
95 |
del self.ldap_data['block']['encrypted_bindpw']
|
96 |
96 |
|
... | ... | |
100 |
100 |
data['block'] = dict(data['block'])
|
101 |
101 |
if data['block'].get('bindpw'):
|
102 |
102 |
data['block']['encrypted_bindpw'] = crypto.aes_base64_encrypt(
|
103 |
|
settings.SECRET_KEY, smart_bytes(data['block']['bindpw']))
|
|
103 |
settings.SECRET_KEY, force_bytes(data['block']['bindpw']))
|
104 |
104 |
del data['block']['bindpw']
|
105 |
105 |
session[self.SESSION_LDAP_DATA_KEY] = data
|
106 |
106 |
|
... | ... | |
133 |
133 |
cache = self.ldap_data.setdefault('password', {})
|
134 |
134 |
if password is not None:
|
135 |
135 |
# Prevent eavesdropping of the password through the session storage
|
136 |
|
password = crypto.aes_base64_encrypt(settings.SECRET_KEY, smart_bytes(password))
|
|
136 |
password = crypto.aes_base64_encrypt(settings.SECRET_KEY, force_bytes(password))
|
137 |
137 |
cache[self.dn] = password
|
138 |
138 |
# ensure session is marked dirty
|
139 |
139 |
self.update_request()
|
... | ... | |
150 |
150 |
self.keep_password_in_session(None)
|
151 |
151 |
password = None
|
152 |
152 |
else:
|
153 |
|
password = smart_text(password)
|
|
153 |
password = force_text(password)
|
154 |
154 |
return password
|
155 |
155 |
else:
|
156 |
156 |
self.keep_password_in_session(None)
|
... | ... | |
159 |
159 |
def check_password(self, raw_password):
|
160 |
160 |
connection = self.ldap_backend.get_connection(self.block)
|
161 |
161 |
try:
|
162 |
|
connection.simple_bind_s(self.dn, smart_bytes(raw_password))
|
|
162 |
connection.simple_bind_s(self.dn, force_bytes(raw_password))
|
163 |
163 |
except ldap.INVALID_CREDENTIALS:
|
164 |
164 |
return False
|
165 |
165 |
except ldap.LDAPError, e:
|
... | ... | |
356 |
356 |
return user
|
357 |
357 |
|
358 |
358 |
def authenticate_block(self, block, username, password):
|
359 |
|
utf8_username = smart_bytes(username)
|
360 |
|
utf8_password = smart_bytes(password)
|
|
359 |
utf8_username = force_bytes(username)
|
|
360 |
utf8_password = force_bytes(password)
|
361 |
361 |
|
362 |
362 |
for conn in self.get_connections(block):
|
363 |
363 |
authz_ids = []
|
... | ... | |
784 |
784 |
if quote:
|
785 |
785 |
decoded.append((attribute, urllib.unquote(value)))
|
786 |
786 |
else:
|
787 |
|
decoded.append((attribute, smart_bytes(value)))
|
|
787 |
decoded.append((attribute, force_bytes(value)))
|
788 |
788 |
filters = [filter_format('(%s=%s)', (a, b)) for a, b in decoded]
|
789 |
789 |
return '(&{0})'.format(''.join(filters))
|
790 |
790 |
|
... | ... | |
802 |
802 |
if isinstance(v, list):
|
803 |
803 |
v = v[0]
|
804 |
804 |
if isinstance(v, unicode):
|
805 |
|
v = smart_bytes(v)
|
|
805 |
v = force_bytes(v)
|
806 |
806 |
if quote:
|
807 |
807 |
v = urllib.quote(v)
|
808 |
808 |
l.append(v)
|
... | ... | |
970 |
970 |
modlist = [(ldap.MOD_REPLACE, key, [value])]
|
971 |
971 |
else:
|
972 |
972 |
key = 'userPassword'
|
973 |
|
value = smart_bytes(new_password)
|
|
973 |
value = force_bytes(new_password)
|
974 |
974 |
modlist = [(ldap.MOD_REPLACE, key, [value])]
|
975 |
975 |
conn.modify_s(dn, modlist)
|
976 |
976 |
log.debug('modified password for dn %r', dn)
|
977 |
|
-
|