diff options
author | Jonah BrĂ¼chert <jbb@kaidan.im> | 2024-04-02 23:46:00 +0200 |
---|---|---|
committer | Jonah BrĂ¼chert <jbb@kaidan.im> | 2024-05-07 13:51:25 +0200 |
commit | 52edda02e6fee2c8122fac71c49ea711672b4d92 (patch) | |
tree | 51523124e041bb27f89e27cf7d4606c8ddefd41c /accounts/backend/user/ldap.py | |
parent | 17f8ee678cbc4dafbef53ce1b9a852728955fd3e (diff) | |
download | web-remove-service-passwords.tar.gz web-remove-service-passwords.tar.bz2 web-remove-service-passwords.zip |
Remove service passwords featureremove-service-passwords
Diffstat (limited to 'accounts/backend/user/ldap.py')
-rw-r--r-- | accounts/backend/user/ldap.py | 37 |
1 files changed, 3 insertions, 34 deletions
diff --git a/accounts/backend/user/ldap.py b/accounts/backend/user/ldap.py index a1ed904..fc16270 100644 --- a/accounts/backend/user/ldap.py +++ b/accounts/backend/user/ldap.py @@ -14,7 +14,7 @@ from ldap3.abstract.entry import Entry from ldap3 import Connection from . import Backend, InvalidPasswordError, NoSuchUserError, ShouldNotHappen -from accounts.models import Account, Service +from accounts.models import Account from accounts import AccountsFlask from typing import Optional @@ -54,7 +54,6 @@ class LdapBackend(Backend): self.base_dn: list[tuple[str, str]] = self.app.config["LDAP_BASE_DN"] self.admin_user: str = self.app.config["LDAP_ADMIN_USER"] self.admin_pass: str = self.app.config["LDAP_ADMIN_PASS"] - self.services: list[Service] = self.app.all_services self.admin = False self.binded = False @@ -70,7 +69,6 @@ class LdapBackend(Backend): uid = None mail = None uidNumber = None - services = [] conn.search( user_dn, "(objectClass=*)", @@ -82,13 +80,11 @@ class LdapBackend(Backend): uid = entry.uid.value mail = entry.mail.value uidNumber = entry.uidNumber.value - elif "servicePassword" in entry.objectClass.value: - services.append(entry.cn.value) if uid is None or mail is None or uidNumber is None: raise NoSuchUserError("User not found") - return Account(uid, mail, services, password, uidNumber=uidNumber) + return Account(uid, mail, password, uidNumber=uidNumber) def find(self, filters: Optional[dict[str, str]] = None, wildcard=False): """ @@ -173,10 +169,7 @@ class LdapBackend(Backend): else: conn = self._connect(account.uid, account.password) - dns = [ - [("cn", service), ("uid", account.uid), ("ou", "users")] - for service in account.services - ] + [[("uid", account.uid), ("ou", "users")]] + dns = [[("uid", account.uid), ("ou", "users")]] for dn in dns: conn.delete(self._format_dn(dn)) @@ -219,30 +212,6 @@ class LdapBackend(Backend): _, account.password = account.new_password_root account.new_password_root = None - for service, passwords in list(account.new_password_services.items()): - service_id = service.lower() - service_dn = self._format_dn( - [("cn", service_id), ("uid", account.uid), ("ou", "users")] - ) - _, new = passwords - - if new is not None: - if service_id not in account.services: - attrs = { - "objectClass": ["top", "servicePassword"], - "cn": _escape(service_id), - } - conn.add(service_dn, attributes=attrs) - account.services.append(service_id) - - _change_password(conn, service_dn, passwords, as_admin) - else: - if service_id in account.services: - conn.delete(service_dn) - account.services.remove(service_id) - - del account.new_password_services[service] - def _get_last_uidNumber(self, conn: Connection): uidNumber_dn = self._format_dn([("cn", "uidMax"), ("ou", "other")]) conn.search( |