| 23 |
23 |
from django.core.exceptions import ImproperlyConfigured
|
| 24 |
24 |
from django.conf import settings
|
| 25 |
25 |
from django.contrib.auth.models import Group
|
| 26 |
|
from django.utils.encoding import smart_bytes, smart_text, force_text
|
|
26 |
from django.utils.encoding import force_bytes, force_text
|
| 27 |
27 |
|
| 28 |
28 |
from authentic2.a2_rbac.models import Role
|
| 29 |
29 |
|
| ... | ... | |
| 90 |
90 |
decrypted = crypto.aes_base64_decrypt(settings.SECRET_KEY, encrypted_bindpw,
|
| 91 |
91 |
raise_on_error=False)
|
| 92 |
92 |
if decrypted:
|
| 93 |
|
decrypted = smart_text(decrypted)
|
|
93 |
decrypted = force_text(decrypted)
|
| 94 |
94 |
self.ldap_data['block']['bindpw'] = decrypted
|
| 95 |
95 |
del self.ldap_data['block']['encrypted_bindpw']
|
| 96 |
96 |
|
| ... | ... | |
| 100 |
100 |
data['block'] = dict(data['block'])
|
| 101 |
101 |
if data['block'].get('bindpw'):
|
| 102 |
102 |
data['block']['encrypted_bindpw'] = crypto.aes_base64_encrypt(
|
| 103 |
|
settings.SECRET_KEY, smart_bytes(data['block']['bindpw']))
|
|
103 |
settings.SECRET_KEY, force_bytes(data['block']['bindpw']))
|
| 104 |
104 |
del data['block']['bindpw']
|
| 105 |
105 |
session[self.SESSION_LDAP_DATA_KEY] = data
|
| 106 |
106 |
|
| ... | ... | |
| 133 |
133 |
cache = self.ldap_data.setdefault('password', {})
|
| 134 |
134 |
if password is not None:
|
| 135 |
135 |
# Prevent eavesdropping of the password through the session storage
|
| 136 |
|
password = crypto.aes_base64_encrypt(settings.SECRET_KEY, smart_bytes(password))
|
|
136 |
password = crypto.aes_base64_encrypt(settings.SECRET_KEY, force_bytes(password))
|
| 137 |
137 |
cache[self.dn] = password
|
| 138 |
138 |
# ensure session is marked dirty
|
| 139 |
139 |
self.update_request()
|
| ... | ... | |
| 150 |
150 |
self.keep_password_in_session(None)
|
| 151 |
151 |
password = None
|
| 152 |
152 |
else:
|
| 153 |
|
password = smart_text(password)
|
|
153 |
password = force_text(password)
|
| 154 |
154 |
return password
|
| 155 |
155 |
else:
|
| 156 |
156 |
self.keep_password_in_session(None)
|
| ... | ... | |
| 159 |
159 |
def check_password(self, raw_password):
|
| 160 |
160 |
connection = self.ldap_backend.get_connection(self.block)
|
| 161 |
161 |
try:
|
| 162 |
|
connection.simple_bind_s(self.dn, smart_bytes(raw_password))
|
|
162 |
connection.simple_bind_s(self.dn, force_bytes(raw_password))
|
| 163 |
163 |
except ldap.INVALID_CREDENTIALS:
|
| 164 |
164 |
return False
|
| 165 |
165 |
except ldap.LDAPError, e:
|
| ... | ... | |
| 356 |
356 |
return user
|
| 357 |
357 |
|
| 358 |
358 |
def authenticate_block(self, block, username, password):
|
| 359 |
|
utf8_username = smart_bytes(username)
|
| 360 |
|
utf8_password = smart_bytes(password)
|
|
359 |
utf8_username = force_bytes(username)
|
|
360 |
utf8_password = force_bytes(password)
|
| 361 |
361 |
|
| 362 |
362 |
for conn in self.get_connections(block):
|
| 363 |
363 |
authz_ids = []
|
| ... | ... | |
| 784 |
784 |
if quote:
|
| 785 |
785 |
decoded.append((attribute, urllib.unquote(value)))
|
| 786 |
786 |
else:
|
| 787 |
|
decoded.append((attribute, smart_bytes(value)))
|
|
787 |
decoded.append((attribute, force_bytes(value)))
|
| 788 |
788 |
filters = [filter_format('(%s=%s)', (a, b)) for a, b in decoded]
|
| 789 |
789 |
return '(&{0})'.format(''.join(filters))
|
| 790 |
790 |
|
| ... | ... | |
| 802 |
802 |
if isinstance(v, list):
|
| 803 |
803 |
v = v[0]
|
| 804 |
804 |
if isinstance(v, unicode):
|
| 805 |
|
v = smart_bytes(v)
|
|
805 |
v = force_bytes(v)
|
| 806 |
806 |
if quote:
|
| 807 |
807 |
v = urllib.quote(v)
|
| 808 |
808 |
l.append(v)
|
| ... | ... | |
| 970 |
970 |
modlist = [(ldap.MOD_REPLACE, key, [value])]
|
| 971 |
971 |
else:
|
| 972 |
972 |
key = 'userPassword'
|
| 973 |
|
value = smart_bytes(new_password)
|
|
973 |
value = force_bytes(new_password)
|
| 974 |
974 |
modlist = [(ldap.MOD_REPLACE, key, [value])]
|
| 975 |
975 |
conn.modify_s(dn, modlist)
|
| 976 |
976 |
log.debug('modified password for dn %r', dn)
|
| 977 |
|
-
|