Remove service passwords featureremove-service-passwords

10 files changed, 7 insertions, 206 deletions

diff --git a/accounts/__init__.py b/accounts/__init__.py
index c290c3a..2824da7 100644
--- a/accounts/__init__.py
+++ b/accounts/__init__.py
@@ -2,7 +2,6 @@
 import os
 from flask import Flask
 
-from .models import Service
 from .utils import get_backend
 from .utils.confirmation import Confirmation
 from .utils.sessions import EncryptedSessionInterface
@@ -40,11 +39,6 @@ def create_app(config=None) -> Flask:
     app.register_blueprint(admin.bp, url_prefix="/admin")
     app.session_interface = EncryptedSessionInterface()
 
-    app.all_services = list()
-    for name, url in app.config.get("SERVICES", list()):
-        cn = name.lower()
-        app.all_services.append(Service(cn, name, url))
-
     app.username_blacklist = list()
     if app.config.get("USERNAME_BLACKLIST_FILE"):
         with open(app.config["USERNAME_BLACKLIST_FILE"]) as f:
diff --git a/accounts/app.py b/accounts/app.py
index d39ce03..e222788 100644
--- a/accounts/app.py
+++ b/accounts/app.py
@@ -4,11 +4,9 @@ from typing import TYPE_CHECKING, cast
 
 if TYPE_CHECKING:
     from .backend import user, mail
-    from .models import Service
 
 
 class AccountsFlask(Flask):
-    all_services: "list[Service]"
     username_blacklist: list[str]
     user_backend: "user.Backend"
     mail_backend: "mail.Backend"
diff --git a/accounts/backend/user/ldap.py b/accounts/backend/user/ldap.py
index a1ed904..fc16270 100644
--- a/accounts/backend/user/ldap.py
+++ b/accounts/backend/user/ldap.py
@@ -14,7 +14,7 @@ from ldap3.abstract.entry import Entry
 from ldap3 import Connection
 
 from . import Backend, InvalidPasswordError, NoSuchUserError, ShouldNotHappen
-from accounts.models import Account, Service
+from accounts.models import Account
 from accounts import AccountsFlask
 
 from typing import Optional
@@ -54,7 +54,6 @@ class LdapBackend(Backend):
         self.base_dn: list[tuple[str, str]] = self.app.config["LDAP_BASE_DN"]
         self.admin_user: str = self.app.config["LDAP_ADMIN_USER"]
         self.admin_pass: str = self.app.config["LDAP_ADMIN_PASS"]
-        self.services: list[Service] = self.app.all_services
 
         self.admin = False
         self.binded = False
@@ -70,7 +69,6 @@ class LdapBackend(Backend):
         uid = None
         mail = None
         uidNumber = None
-        services = []
         conn.search(
             user_dn,
             "(objectClass=*)",
@@ -82,13 +80,11 @@ class LdapBackend(Backend):
                 uid = entry.uid.value
                 mail = entry.mail.value
                 uidNumber = entry.uidNumber.value
-            elif "servicePassword" in entry.objectClass.value:
-                services.append(entry.cn.value)
 
         if uid is None or mail is None or uidNumber is None:
             raise NoSuchUserError("User not found")
 
-        return Account(uid, mail, services, password, uidNumber=uidNumber)
+        return Account(uid, mail, password, uidNumber=uidNumber)
 
     def find(self, filters: Optional[dict[str, str]] = None, wildcard=False):
         """
@@ -173,10 +169,7 @@ class LdapBackend(Backend):
         else:
             conn = self._connect(account.uid, account.password)
 
-        dns = [
-            [("cn", service), ("uid", account.uid), ("ou", "users")]
-            for service in account.services
-        ] + [[("uid", account.uid), ("ou", "users")]]
+        dns = [[("uid", account.uid), ("ou", "users")]]
 
         for dn in dns:
             conn.delete(self._format_dn(dn))
@@ -219,30 +212,6 @@ class LdapBackend(Backend):
             _, account.password = account.new_password_root
             account.new_password_root = None
 
-        for service, passwords in list(account.new_password_services.items()):
-            service_id = service.lower()
-            service_dn = self._format_dn(
-                [("cn", service_id), ("uid", account.uid), ("ou", "users")]
-            )
-            _, new = passwords
-
-            if new is not None:
-                if service_id not in account.services:
-                    attrs = {
-                        "objectClass": ["top", "servicePassword"],
-                        "cn": _escape(service_id),
-                    }
-                    conn.add(service_dn, attributes=attrs)
-                    account.services.append(service_id)
-
-                _change_password(conn, service_dn, passwords, as_admin)
-            else:
-                if service_id in account.services:
-                    conn.delete(service_dn)
-                    account.services.remove(service_id)
-
-            del account.new_password_services[service]
-
     def _get_last_uidNumber(self, conn: Connection):
         uidNumber_dn = self._format_dn([("cn", "uidMax"), ("ou", "other")])
         conn.search(
diff --git a/accounts/forms.py b/accounts/forms.py
index 01713ad..8c9da03 100644
--- a/accounts/forms.py
+++ b/accounts/forms.py
@@ -7,7 +7,6 @@ from wtforms import (
     StringField,
     PasswordField,
     ValidationError,
-    BooleanField,
     validators,
 )
 from wtforms.form import FormMeta
@@ -129,32 +128,6 @@ class LostPasswordForm(Form):
 
 class SettingsMeta(FormMeta):
     def __call__(cls, *args, **kwargs):
-        for service in accounts_app.all_services:
-            setattr(
-                cls,
-                "password_%s" % service.id,
-                PasswordField(
-                    "Passwort für %s" % service.name,
-                    [
-                        validators.Optional(),
-                        validators.EqualTo(
-                            "password_confirm_%s" % service.id,
-                            message="Passwörter stimmen nicht überein",
-                        ),
-                    ],
-                ),
-            )
-            setattr(
-                cls,
-                "password_confirm_%s" % service.id,
-                PasswordField("Passwort für %s (Bestätigung)" % service.name),
-            )
-            setattr(
-                cls,
-                "delete_%s" % service.id,
-                BooleanField("Passwort für %s löschen" % service.name),
-            )
-
         return super(SettingsMeta, cls).__call__(*args, **kwargs)
 
 
diff --git a/accounts/models.py b/accounts/models.py
index 8b34fab..ac5ce78 100644
--- a/accounts/models.py
+++ b/accounts/models.py
@@ -5,23 +5,6 @@ from typing import Any, Optional
 from accounts.utils.login import create_userid
 
 
-class Service(object):
-    id: str
-    name: str
-    url: str
-
-    def __init__(self, service_id: str, name: str, url: str) -> None:
-        self.id = service_id
-        self.name = name
-        self.url = url
-
-        #: Wether the user has a separate password for this service.
-        self.changed = False
-
-    def __repr__(self):
-        return "<Service %s>" % self.id
-
-
 class Account(UserMixin):
     """
     An Account represents a complex ldap tree entry for spline users.
@@ -31,9 +14,7 @@ class Account(UserMixin):
     _ready = False
 
     uid: str
-    services: list[str]
     password: Optional[str]
-    new_password_services: dict[str, tuple[Optional[str], Optional[str]]]
     attributes: dict[Any, Any]
     new_password_root: Optional[tuple[Optional[str], Optional[str]]]
 
@@ -41,15 +22,12 @@ class Account(UserMixin):
         self,
         uid: str,
         mail: str,
-        services=None,
         password: Optional[str] = None,
         uidNumber=None,
     ):
         self.uid = uid
-        self.services = list() if services is None else services
         self.password = password
         self.new_password_root = None
-        self.new_password_services = {}
         self.attributes = {}
         self.uidNumber = uidNumber
 
@@ -59,22 +37,14 @@ class Account(UserMixin):
     def __repr__(self):
         return "<Account uid=%s>" % self.uid
 
-    def reset_password(self, service: str):
-        self.new_password_services[service] = (None, None)
-
     def change_password(
-        self, new_password: str, old_password="", service=None
+        self, new_password: str, old_password=""
     ):
         """
-        Changes a password for a given service. You have to use the
-        UserBackend to make the changes permanent. If no service is given,
-        the root password will be changed.
+        Changes the password of the account
         """
 
-        if not service:
-            self.new_password_root = (old_password, new_password)
-        else:
-            self.new_password_services[service] = (old_password, new_password)
+        self.new_password_root = (old_password, new_password)
 
     def _set_attribute(self, key: str, value: Any) -> None:
         self.attributes[key] = value
diff --git a/accounts/static/layout.css b/accounts/static/layout.css
index 1d6a3bf..c22c3ea 100644
--- a/accounts/static/layout.css
+++ b/accounts/static/layout.css
@@ -165,40 +165,6 @@ form ul.errors {
   color: red;
 }
 
-.service {
-  padding-top: 15px;
-  margin-left: 30px;
-  clear: both;
-}
-
-.service h3 {
-  float: left;
-  margin: 0;
-  width: 33%;
-}
-
-.service ul {
-  margin: 0px;
-}
-
-.service ul li{
-  float: left;
-  list-style: none;
-  margin: 0px;
-  width: 33%;
-}
-
-.service .form-service {
-  clear: both;
-  padding-top: 10px;
-}
-
-.form-submit-services {
-  margin-left: 30px;
-  padding: 10px 0px;
-  clear: both;
-}
-
 /* flashing */
 
 ul.flashes {
diff --git a/accounts/templates/about.html b/accounts/templates/about.html
index 2ae1936..5c7143d 100644
--- a/accounts/templates/about.html
+++ b/accounts/templates/about.html
@@ -36,9 +36,4 @@
   <a href="mailto:accounts@spline.de">Mail</a> mit!
 </p>
 <h2>Welche Dienste sind bisher dabei?</h2>
-<ul>
-{%- for service in app.all_services %}
-  <li><a href="{{ service.url}}">{{ service.name }}</a></li>
-{%- endfor %}
-</ul>
 {%- endblock %}
diff --git a/accounts/templates/index.html b/accounts/templates/index.html
index 7d9fd83..51a338c 100644
--- a/accounts/templates/index.html
+++ b/accounts/templates/index.html
@@ -11,49 +11,6 @@
   {{ render_field(form.password_confirm) }}
   {{ render_field(form.csrf_token) }}
   {{ render_submit(value='Speichern',name='submit_main') }}
-
-  <h2>Dienste verwalten</h2>
-  <p>
-    Standardmäßig kannst du dich auf allen teilnehmenden Diensten mit dem
-    oben konfigurierten allgemeinen Passwort einloggen.
-  </p>
-  <p>
-    Du kannst für jeden Dienst ein eigenes Passwort setzen. Das empfiehlt
-    sich zum Beispiel, wenn du einen der Dienste oft unterwegs an fremden
-    Rechnern nutzt.
-  </p>
-
-  {%- for service in services %}
-  <div class="service">
-    <h3>
-      {% if service.changed %}
-        {{ form.get_servicedelete(service.id)(class_="form-check-input") }}
-      {% else %}
-        {{ form.get_servicedelete(service.id)(disabled=True, class_="form-check-input") }}
-      {% endif %}
-      {{ service.name }}
-    </h3>
-
-    <ul>
-      {%- if service.changed %}
-      <li class="active">eigenes Passwort</li>
-      </li>
-      {%- else %}
-      <li class="inactive">allgemeines Passwort</li>
-      {%- endif %}
-    </ul>
-
-    <div class="form-service">
-      <p>Neues Passwort setzen:</p>
-      {{ render_field(form.get_servicepassword(service.id)) }}
-      {{ render_field(form.get_servicepasswordconfirm(service.id)) }}
-      {{ render_submit(value='Speichern',name='submit_main') }}
-    </div>
-  </div>
-  {%- endfor %}
-  <div class="form-submit-services">
-    <input class="btn btn-outline-secondary mt-4" type="submit" value="selektierte Passwörter zurücksetzen" name="submit_services" />
-  </div>
 </form>
 {%- endblock %}
 
diff --git a/accounts/views/admin/__init__.py b/accounts/views/admin/__init__.py
index 92dbf22..18b9de4 100644
--- a/accounts/views/admin/__init__.py
+++ b/accounts/views/admin/__init__.py
@@ -70,8 +70,6 @@ def disable_account():
     if form.validate_on_submit() and form.user:
         random_pw = str(uuid4())
         form.user.change_password(random_pw)
-        for service in accounts_app.all_services:
-            form.user.reset_password(service.id)
 
         oldmail = form.user.mail
         mail = (
diff --git a/accounts/views/default/__init__.py b/accounts/views/default/__init__.py
index b5c9298..a007ef9 100644
--- a/accounts/views/default/__init__.py
+++ b/accounts/views/default/__init__.py
@@ -2,7 +2,6 @@
 
 import sys
 import traceback
-from copy import deepcopy
 from flask import Blueprint
 from flask import redirect, render_template, request, flash, url_for
 from flask_login import login_required, login_user, current_user
@@ -149,14 +148,7 @@ def index() -> Union[Response, dict]:
     if form.validate_on_submit():
         changed = False
 
-        if request.form.get("submit_services"):
-            for service in accounts_app.all_services:
-                field = form.get_servicedelete(service.id)
-                if field.data:
-                    current_user.reset_password(service.id)
-                    changed = True
-
-        elif request.form.get("submit_main"):
+        if request.form.get("submit_main"):
             if form.mail.data and form.mail.data != current_user.mail:
                 accounts_app.mail_backend.send(
                     form.mail.data,
@@ -179,12 +171,6 @@ def index() -> Union[Response, dict]:
                 flash("Passwort geändert", "success")
                 changed = True
 
-            for service in accounts_app.all_services:
-                field = form.get_servicepassword(service.id)
-                if field.data:
-                    changed = True
-                    current_user.change_password(field.data, None, service.id)
-
         if changed:
             accounts_app.user_backend.update(current_user)
             login_user(current_user)
@@ -192,13 +178,8 @@ def index() -> Union[Response, dict]:
         else:
             flash("Nichts geändert.")
 
-    services = deepcopy(accounts_app.all_services)
-    for s in services:
-        s.changed = s.id in current_user.services
-
     return {
         "form": form,
-        "services": services,
     }