Alexandre CHAZAL
bcf50ff111
All checks were successful
continuous-integration/drone/push Build is passing
86 lines
3.4 KiB
Python
86 lines
3.4 KiB
Python
from . import ldap_client
|
|
|
|
from flask import (
|
|
Blueprint, render_template, flash,
|
|
current_app
|
|
)
|
|
from flask_wtf import FlaskForm
|
|
from wtforms import (
|
|
StringField, PasswordField,
|
|
SubmitField, EmailField
|
|
)
|
|
from wtforms.validators import (
|
|
ValidationError, DataRequired,
|
|
EqualTo, Length, Regexp, Email
|
|
)
|
|
|
|
bp = Blueprint('password', __name__, url_prefix='/password')
|
|
|
|
class ChangePasswordForm(FlaskForm):
|
|
# Minimal password length
|
|
minlength = 9
|
|
|
|
# Form
|
|
username = StringField(label=('Login'),
|
|
validators=[DataRequired(),
|
|
Length(max=64)],
|
|
render_kw={"onkeyup": "validate_username()"})
|
|
currentpassword = PasswordField(label=('Current password'),
|
|
validators=[DataRequired()])
|
|
newpassword = PasswordField(label=('New password'),
|
|
validators=[DataRequired(),
|
|
Length(min=minlength),
|
|
Regexp("^(?=.*[a-z])"),
|
|
Regexp("^(?=.*[A-Z])"),
|
|
Regexp("^(?=.*\\d)"),
|
|
#Regexp(
|
|
# "(?=.*[@$!%*#?&])", message="Password must contain a special character"
|
|
#),],
|
|
],
|
|
render_kw={"onkeyup": f"validate_username_form({minlength})"})
|
|
confirm_password = PasswordField(
|
|
label=('Confirm Password'),
|
|
validators=[DataRequired(message='* Required'),
|
|
EqualTo('newpassword')],
|
|
render_kw={"onkeyup": f"validate_username_form({minlength})"})
|
|
|
|
submit = SubmitField(label=('Change my password'), render_kw={"disabled": "true",
|
|
"onclick": f"validate_username_form({minlength})"})
|
|
|
|
# Validators
|
|
def validate_username(self, username):
|
|
excluded_chars = " *?!'^+%&/()=}][{$#;\\\""
|
|
for char in self.username.data:
|
|
if char in excluded_chars:
|
|
raise ValidationError(
|
|
f"Character {char} is not allowed in an username.")
|
|
|
|
class ResetPasswordForm(FlaskForm):
|
|
email = EmailField(label=('Email address'),
|
|
validators=[DataRequired(), Email()],
|
|
render_kw={"onkeyup": f"validate_email()"})
|
|
|
|
submit = SubmitField(label=('Change my password'), render_kw={"disabled": "true",
|
|
"onclick": f"validate_email()"})
|
|
|
|
@bp.route('/change', methods=["GET", "POST"])
|
|
def change():
|
|
form = ChangePasswordForm()
|
|
if form.validate_on_submit():
|
|
client = ldap_client.Client(address=current_app.config["LDAP_ADDR"], port=current_app.config["LDAP_PORT"], base_dn=current_app.config["BASE_DN"], tls=current_app.config["LDAP_TLS"])
|
|
|
|
bind_status = client.bind(form.username._value(), form.currentpassword._value())
|
|
if bind_status[0] == False:
|
|
flash(f"Connection failed, are you sure that your login and password are correct ? ({client.link.last_error})")
|
|
elif client.change_pwd(bind_status[1], form.newpassword._value()) == False:
|
|
flash(f"An error occured and your password was not changed, sorry. ({client.link.last_error})")
|
|
client.unbind()
|
|
else:
|
|
flash('Your password has been changed !')
|
|
client.unbind()
|
|
|
|
return render_template('change.html', form=form)
|
|
|
|
@bp.route('/reset', methods=["GET"])
|
|
def reset():
|
|
return render_template('reset.html') |