[ipfire.org.git] / src / backend / accounts.py

#!/usr/bin/python
# encoding: utf-8

import PIL
import PIL.ImageOps
import datetime
import io
import ldap
import ldap.modlist
import logging
import phonenumbers
import urllib.parse
import urllib.request

from . import util
from .decorators import *
from .misc import Object

class Accounts(Object):
	def __iter__(self):
		# Only return developers (group with ID 1000)
		accounts = self._search("(&(objectClass=posixAccount)(gidNumber=1000))")

		return iter(sorted(accounts))

	@lazy_property
	def ldap(self):
		# Connect to LDAP server
		ldap_uri = self.settings.get("ldap_uri")
		conn = ldap.initialize(ldap_uri)

		# Bind with username and password
		bind_dn = self.settings.get("ldap_bind_dn")
		if bind_dn:
			bind_pw = self.settings.get("ldap_bind_pw", "")
			conn.simple_bind(bind_dn, bind_pw)

		return conn

	def _query(self, query, attrlist=None, limit=0):
		logging.debug("Performing LDAP query: %s" % query)

		search_base = self.settings.get("ldap_search_base")

		try:
			results = self.ldap.search_ext_s(search_base, ldap.SCOPE_SUBTREE,
				query, attrlist=attrlist, sizelimit=limit)
		except:
			# Close current connection
			self.ldap.close()
			del self.ldap

			raise

		return results

	def _search(self, query, attrlist=None, limit=0):
		accounts = []

		for dn, attrs in self._query(query, attrlist=attrlist, limit=limit):
			account = Account(self.backend, dn, attrs)
			accounts.append(account)

		return accounts

	def search(self, query):
		# Search for exact matches
		accounts = self._search("(&(objectClass=posixAccount) \
			(|(uid=%s)(mail=%s)(sipAuthenticationUser=%s)(telephoneNumber=%s)(homePhone=%s)(mobile=%s)))" \
			% (query, query, query, query, query, query))

		# Find accounts by name
		if not accounts:
			for account in self._search("(&(objectClass=posixAccount)(|(cn=*%s*)(uid=*%s*)))" % (query, query)):
				if not account in accounts:
					accounts.append(account)

		return sorted(accounts)

	def _search_one(self, query):
		result = self._search(query, limit=1)
		assert len(result) <= 1

		if result:
			return result[0]

	def get_by_uid(self, uid):
		return self._search_one("(&(objectClass=posixAccount)(uid=%s))" % uid)

	def get_by_mail(self, mail):
		return self._search_one("(&(objectClass=posixAccount)(mail=%s))" % mail)

	find = get_by_uid

	def find_account(self, s):
		account = self.get_by_uid(s)
		if account:
			return account

		return self.get_by_mail(s)

	def get_by_sip_id(self, sip_id):
		return self._search_one("(|(&(objectClass=sipUser)(sipAuthenticationUser=%s)) \
			(&(objectClass=sipRoutingObject)(sipLocalAddress=%s)))" % (sip_id, sip_id))

	def get_by_phone_number(self, number):
		return self._search_one("(&(objectClass=posixAccount) \
			(|(sipAuthenticationUser=%s)(telephoneNumber=%s)(homePhone=%s)(mobile=%s)))" \
			% (number, number, number, number))

	# Session stuff

	def _cleanup_expired_sessions(self):
		self.db.execute("DELETE FROM sessions WHERE time_expires <= NOW()")

	def create_session(self, account, host):
		self._cleanup_expired_sessions()

		res = self.db.get("INSERT INTO sessions(host, uid) VALUES(%s, %s) \
			RETURNING session_id, time_expires", host, account.uid)

		# Session could not be created
		if not res:
			return None, None

		logging.info("Created session %s for %s which expires %s" \
			% (res.session_id, account, res.time_expires))
		return res.session_id, res.time_expires

	def destroy_session(self, session_id, host):
		logging.info("Destroying session %s" % session_id)

		self.db.execute("DELETE FROM sessions \
			WHERE session_id = %s AND host = %s", session_id, host)
		self._cleanup_expired_sessions()

	def get_by_session(self, session_id, host):
		logging.debug("Looking up session %s" % session_id)

		res = self.db.get("SELECT uid FROM sessions WHERE session_id = %s \
			AND host = %s AND NOW() BETWEEN time_created AND time_expires",
			session_id, host)

		# Session does not exist or has expired
		if not res:
			return

		# Update the session expiration time
		self.db.execute("UPDATE sessions SET time_expires = NOW() + INTERVAL '14 days' \
			WHERE session_id = %s AND host = %s", session_id, host)

		return self.get_by_uid(res.uid)
		

class Account(Object):
	def __init__(self, backend, dn, attrs=None):
		Object.__init__(self, backend)
		self.dn = dn

		self.attributes = attrs or {}

	def __str__(self):
		return self.name

	def __repr__(self):
		return "<%s %s>" % (self.__class__.__name__, self.dn)

	def __eq__(self, other):
		if isinstance(other, self.__class__):
			return self.dn == other.dn

	def __lt__(self, other):
		if isinstance(other, self.__class__):
			return self.name < other.name

	@property
	def ldap(self):
		return self.accounts.ldap

	def _exists(self, key):
		try:
			self.attributes[key]
		except KeyError:
			return False

		return True

	def _get(self, key):
		for value in self.attributes.get(key, []):
			yield value

	def _get_bytes(self, key, default=None):
		for value in self._get(key):
			return value

		return default

	def _get_strings(self, key):
		for value in self._get(key):
			yield value.decode()

	def _get_string(self, key, default=None):
		for value in self._get_strings(key):
			return value

		return default

	def _get_phone_numbers(self, key):
		for value in self._get_strings(key):
			yield phonenumbers.parse(value, None)

	def _modify(self, modlist):
		logging.debug("Modifying %s: %s" % (self.dn, modlist))

		# Run modify operation
		self.ldap.modify_s(self.dn, modlist)

	def _set(self, key, values):
		current = self._get(key)

		# Don't do anything if nothing has changed
		if list(current) == values:
			return

		# Remove all old values and add all new ones
		modlist = []

		if self._exists(key):
			modlist.append((ldap.MOD_DELETE, key, None))

		# Add new values
		modlist.append((ldap.MOD_ADD, key, values))

		# Run modify operation
		self._modify(modlist)

		# Update cache
		self.attributes.update({ key : values })

	def _set_bytes(self, key, values):
		return self._set(key, values)

	def _set_strings(self, key, values):
		return self._set(key, [e.encode() for e in values])

	def _set_string(self, key, value):
		return self._set_strings(key, [value,])

	def passwd(self, new_password):
		"""
			Sets a new password
		"""
		self.ldap.passwd_s(self.dn, None, new_password)

	def check_password(self, password):
		"""
			Bind to the server with given credentials and return
			true if password is corrent and false if not.

			Raises exceptions from the server on any other errors.
		"""
		logging.debug("Checking credentials for %s" % self.dn)

		# Create a new LDAP connection
		ldap_uri = self.backend.settings.get("ldap_uri")
		conn = ldap.initialize(ldap_uri)

		try:
			conn.simple_bind_s(self.dn, password.encode("utf-8"))
		except ldap.INVALID_CREDENTIALS:
			logging.debug("Account credentials are invalid for %s" % self)
			return False

		logging.info("Successfully authenticated %s" % self)

		return True

	def is_admin(self):
		return "wheel" in self.groups

	def is_talk_enabled(self):
		return "sipUser" in self.classes or "sipRoutingObject" in self.classes \
			or self.telephone_numbers or self.address

	def can_be_managed_by(self, account):
		"""
			Returns True if account is allowed to manage this account
		"""
		# Admins can manage all accounts
		if account.is_admin():
			return True

		# Users can manage themselves
		return self == account

	@property
	def classes(self):
		return self._get_strings("objectClass")

	@property
	def uid(self):
		return self._get_string("uid")

	@property
	def name(self):
		return self._get_string("cn")

	# First Name

	def get_first_name(self):
		return self._get_string("givenName")

	def set_first_name(self, first_name):
		self._set_string("givenName", first_name)

		# Update Common Name
		self._set_string("cn", "%s %s" % (first_name, self.last_name))

	first_name = property(get_first_name, set_first_name)

	# Last Name

	def get_last_name(self):
		return self._get_string("sn")

	def set_last_name(self, last_name):
		self._set_string("sn", last_name)

		# Update Common Name
		self._set_string("cn", "%s %s" % (self.first_name, last_name))

	last_name = property(get_last_name, set_last_name)

	@lazy_property
	def groups(self):
		groups = []

		res = self.accounts._query("(&(objectClass=posixGroup) \
			(memberUid=%s))" % self.uid, ["cn"])

		for dn, attrs in res:
			cns = attrs.get("cn")
			if cns:
				groups.append(cns[0].decode())

		return groups

	# Address

	def get_address(self):
		address = self._get_string("homePostalAddress")

		if address:
			return (line.strip() for line in address.split(","))

		return []

	def set_address(self, address):
		data = ", ".join(address.splitlines())

		self._set_bytes("homePostalAddress", data.encode())

	address = property(get_address, set_address)

	@property
	def email(self):
		name = self.name.lower()
		name = name.replace(" ", ".")
		name = name.replace("Ä", "Ae")
		name = name.replace("Ö", "Oe")
		name = name.replace("Ü", "Ue")
		name = name.replace("ä", "ae")
		name = name.replace("ö", "oe")
		name = name.replace("ü", "ue")

		for mail in self.attributes.get("mail", []):
			if mail.decode().startswith("%s@ipfire.org" % name):
				return mail

		# If everything else fails, we will go with the UID
		return "%s@ipfire.org" % self.uid

	# Mail Routing Address

	def get_mail_routing_address(self):
		return self._get_string("mailRoutingAddress", None)

	def set_mail_routing_address(self, address):
		self._set_string("mailRoutingAddress", address)

	mail_routing_address = property(get_mail_routing_address, set_mail_routing_address)

	@property
	def sip_id(self):
		if "sipUser" in self.classes:
			return self._get_string("sipAuthenticationUser")

		if "sipRoutingObject" in self.classes:
			return self._get_string("sipLocalAddress")

	@property
	def sip_password(self):
		return self._get_string("sipPassword")

	@staticmethod
	def _generate_sip_password():
		return util.random_string(8)

	@property
	def sip_url(self):
		return "%s@ipfire.org" % self.sip_id

	def uses_sip_forwarding(self):
		if self.sip_routing_address:
			return True

		return False

	# SIP Routing

	def get_sip_routing_address(self):
		if "sipRoutingObject" in self.classes:
			return self._get_string("sipRoutingAddress")

	def set_sip_routing_address(self, address):
		if not address:
			address = None

		# Don't do anything if nothing has changed
		if self.get_sip_routing_address() == address:
			return

		if address:
			modlist = [
				# This is no longer a SIP user any more
				(ldap.MOD_DELETE, "objectClass", b"sipUser"),
				(ldap.MOD_DELETE, "sipAuthenticationUser", None),
				(ldap.MOD_DELETE, "sipPassword", None),

				(ldap.MOD_ADD, "objectClass", b"sipRoutingObject"),
				(ldap.MOD_ADD, "sipLocalAddress", self.sip_id.encode()),
				(ldap.MOD_ADD, "sipRoutingAddress", address.encode()),
			]
		else:
			modlist = [
				(ldap.MOD_DELETE, "objectClass", b"sipRoutingObject"),
				(ldap.MOD_DELETE, "sipLocalAddress", None),
				(ldap.MOD_DELETE, "sipRoutingAddress", None),

				(ldap.MOD_ADD, "objectClass", b"sipUser"),
				(ldap.MOD_ADD, "sipAuthenticationUser", self.sip_id.encode()),
				(ldap.MOD_ADD, "sipPassword", self._generate_sip_password().encode()),
			]

		# Run modification
		self._modify(modlist)

		# XXX Cache is invalid here

	sip_routing_address = property(get_sip_routing_address, set_sip_routing_address)

	@lazy_property
	def sip_registrations(self):
		sip_registrations = []

		for reg in self.backend.talk.freeswitch.get_sip_registrations(self.sip_url):
			reg.account = self

			sip_registrations.append(reg)

		return sip_registrations

	def get_cdr(self, date=None, limit=None):
		return self.backend.talk.freeswitch.get_cdr_by_account(self, date=date, limit=limit)

	# Phone Numbers

	def get_phone_numbers(self):
		ret = []

		for field in ("telephoneNumber", "homePhone", "mobile"):
			for number in self._get_phone_numbers(field):
				ret.append(number)

		return ret

	def set_phone_numbers(self, phone_numbers):
		# Sort phone numbers by landline and mobile
		_landline_numbers = []
		_mobile_numbers = []

		for number in phone_numbers:
			try:
				number = phonenumbers.parse(number, None)
			except phonenumbers.phonenumberutil.NumberParseException:
				continue

			# Convert to string (in E.164 format)
			s = phonenumbers.format_number(number, phonenumbers.PhoneNumberFormat.E164)

			# Separate mobile numbers
			if phonenumbers.number_type(number) == phonenumbers.PhoneNumberType.MOBILE:
				_mobile_numbers.append(s)
			else:
				_landline_numbers.append(s)

		# Save
		self._set_strings("telephoneNumber", _landline_numbers)
		self._set_strings("mobile", _mobile_numbers)

	phone_numbers = property(get_phone_numbers, set_phone_numbers)

	@property
	def _all_telephone_numbers(self):
		ret = [ self.sip_id, ]

		for number in self.phone_numbers:
			s = phonenumbers.format_number(number, phonenumbers.PhoneNumberFormat.E164)
			ret.append(s)

		return ret

	def avatar_url(self, size=None):
		if self.backend.debug:
			hostname = "http://people.dev.ipfire.org"
		else:
			hostname = "https://people.ipfire.org"

		url = "%s/users/%s.jpg" % (hostname, self.uid)

		if size:
			url += "?size=%s" % size

		return url

	def get_avatar(self, size=None):
		avatar = self._get_bytes("jpegPhoto")
		if not avatar:
			return

		if not size:
			return avatar

		return self._resize_avatar(avatar, size)

	def _resize_avatar(self, image, size):
		image = PIL.Image.open(io.BytesIO(image))

		# Convert RGBA images into RGB because JPEG doesn't support alpha-channels
		if image.mode == "RGBA":
			image = image.convert("RGB")

		# Resize the image to the desired resolution (and make it square)
		thumbnail = PIL.ImageOps.fit(image, (size, size), PIL.Image.ANTIALIAS)

		with io.BytesIO() as f:
			# If writing out the image does not work with optimization,
			# we try to write it out without any optimization.
			try:
				thumbnail.save(f, "JPEG", optimize=True, quality=98)
			except:
				thumbnail.save(f, "JPEG", quality=98)

			return f.getvalue()

	def upload_avatar(self, avatar):
		self._set("jpegPhoto", avatar)


if __name__ == "__main__":
	a = Accounts()

	print(a.list())
Commit	Line	Data
940227cb	1	#!/usr/bin/python
78fdedae	2	# encoding: utf-8
940227cb	3
2cd9af74	4	import PIL
22153577	5	import PIL.ImageOps
3ea97943	6	import datetime
11347e46	7	import io
940227cb	8	import ldap
e96e445b	9	import ldap.modlist
27066195	10	import logging
e96e445b	11	import phonenumbers
eea71144 MT	12	import urllib.parse
eea71144 MT	13	import urllib.request
940227cb	14
e96e445b	15	from . import util
917434b8	16	from .decorators import *
11347e46	17	from .misc import Object
940227cb	18
a6dc0bad	19	class Accounts(Object):
9f05796c MT	20	def __iter__(self):
9f05796c MT	21	# Only return developers (group with ID 1000)
1bae74c7	22	accounts = self._search("(&(objectClass=posixAccount)(gidNumber=1000))")
9f05796c	23
1bae74c7	24	return iter(sorted(accounts))
9f05796c	25
0ab42c1d	26	@lazy_property
66862195	27	def ldap(self):
0ab42c1d MT	28	# Connect to LDAP server
	29	ldap_uri = self.settings.get("ldap_uri")
	30	conn = ldap.initialize(ldap_uri)
940227cb	31
0ab42c1d MT	32	# Bind with username and password
	33	bind_dn = self.settings.get("ldap_bind_dn")
	34	if bind_dn:
	35	bind_pw = self.settings.get("ldap_bind_pw", "")
	36	conn.simple_bind(bind_dn, bind_pw)
66862195	37
0ab42c1d	38	return conn
940227cb	39
1bae74c7	40	def _query(self, query, attrlist=None, limit=0):
66862195	41	logging.debug("Performing LDAP query: %s" % query)
940227cb	42
66862195	43	search_base = self.settings.get("ldap_search_base")
a395634c	44
a69e87a1 MT	45	try:
	46	results = self.ldap.search_ext_s(search_base, ldap.SCOPE_SUBTREE,
	47	query, attrlist=attrlist, sizelimit=limit)
	48	except:
	49	# Close current connection
0ab42c1d MT	50	self.ldap.close()
0ab42c1d MT	51	del self.ldap
a69e87a1 MT	52
a69e87a1 MT	53	raise
940227cb	54
66862195	55	return results
940227cb	56
1bae74c7	57	def _search(self, query, attrlist=None, limit=0):
66862195	58	accounts = []
1bae74c7 MT	59
1bae74c7 MT	60	for dn, attrs in self._query(query, attrlist=attrlist, limit=limit):
66862195 MT	61	account = Account(self.backend, dn, attrs)
	62	accounts.append(account)
	63
1bae74c7 MT	64	return accounts
	65
	66	def search(self, query):
	67	# Search for exact matches
	68	accounts = self._search("(&(objectClass=posixAccount) \
	69	(\|(uid=%s)(mail=%s)(sipAuthenticationUser=%s)(telephoneNumber=%s)(homePhone=%s)(mobile=%s)))" \
	70	% (query, query, query, query, query, query))
	71
	72	# Find accounts by name
	73	if not accounts:
69b63fce	74	for account in self._search("(&(objectClass=posixAccount)(\|(cn=%s)(uid=%s)))" % (query, query)):
1bae74c7 MT	75	if not account in accounts:
	76	accounts.append(account)
	77
66862195 MT	78	return sorted(accounts)
66862195 MT	79
1bae74c7 MT	80	def _search_one(self, query):
1bae74c7 MT	81	result = self._search(query, limit=1)
66862195 MT	82	assert len(result) <= 1
	83
	84	if result:
	85	return result[0]
	86
66862195	87	def get_by_uid(self, uid):
1bae74c7	88	return self._search_one("(&(objectClass=posixAccount)(uid=%s))" % uid)
66862195 MT	89
66862195 MT	90	def get_by_mail(self, mail):
1bae74c7	91	return self._search_one("(&(objectClass=posixAccount)(mail=%s))" % mail)
66862195 MT	92
	93	find = get_by_uid
	94
	95	def find_account(self, s):
	96	account = self.get_by_uid(s)
	97	if account:
	98	return account
	99
	100	return self.get_by_mail(s)
940227cb	101
66862195	102	def get_by_sip_id(self, sip_id):
1bae74c7	103	return self._search_one("(\|(&(objectClass=sipUser)(sipAuthenticationUser=%s)) \
66862195	104	(&(objectClass=sipRoutingObject)(sipLocalAddress=%s)))" % (sip_id, sip_id))
940227cb	105
525c01f7 MT	106	def get_by_phone_number(self, number):
	107	return self._search_one("(&(objectClass=posixAccount) \
	108	(\|(sipAuthenticationUser=%s)(telephoneNumber=%s)(homePhone=%s)(mobile=%s)))" \
	109	% (number, number, number, number))
	110
66862195	111	# Session stuff
940227cb	112
66862195 MT	113	def _cleanup_expired_sessions(self):
66862195 MT	114	self.db.execute("DELETE FROM sessions WHERE time_expires <= NOW()")
940227cb	115
66862195 MT	116	def create_session(self, account, host):
66862195 MT	117	self._cleanup_expired_sessions()
940227cb	118
66862195 MT	119	res = self.db.get("INSERT INTO sessions(host, uid) VALUES(%s, %s) \
	120	RETURNING session_id, time_expires", host, account.uid)
	121
	122	# Session could not be created
	123	if not res:
	124	return None, None
	125
	126	logging.info("Created session %s for %s which expires %s" \
	127	% (res.session_id, account, res.time_expires))
	128	return res.session_id, res.time_expires
	129
	130	def destroy_session(self, session_id, host):
	131	logging.info("Destroying session %s" % session_id)
	132
	133	self.db.execute("DELETE FROM sessions \
	134	WHERE session_id = %s AND host = %s", session_id, host)
	135	self._cleanup_expired_sessions()
	136
	137	def get_by_session(self, session_id, host):
	138	logging.debug("Looking up session %s" % session_id)
	139
	140	res = self.db.get("SELECT uid FROM sessions WHERE session_id = %s \
	141	AND host = %s AND NOW() BETWEEN time_created AND time_expires",
	142	session_id, host)
	143
	144	# Session does not exist or has expired
	145	if not res:
	146	return
	147
	148	# Update the session expiration time
	149	self.db.execute("UPDATE sessions SET time_expires = NOW() + INTERVAL '14 days' \
	150	WHERE session_id = %s AND host = %s", session_id, host)
	151
	152	return self.get_by_uid(res.uid)
	153
940227cb	154
a6dc0bad	155	class Account(Object):
66862195	156	def __init__(self, backend, dn, attrs=None):
a6dc0bad	157	Object.__init__(self, backend)
940227cb MT	158	self.dn = dn
940227cb MT	159
e96e445b	160	self.attributes = attrs or {}
940227cb	161
917434b8 MT	162	def __str__(self):
	163	return self.name
	164
940227cb MT	165	def __repr__(self):
	166	return "<%s %s>" % (self.__class__.__name__, self.dn)
	167
541c952b MT	168	def __eq__(self, other):
	169	if isinstance(other, self.__class__):
	170	return self.dn == other.dn
	171
	172	def __lt__(self, other):
	173	if isinstance(other, self.__class__):
	174	return self.name < other.name
940227cb MT	175
940227cb MT	176	@property
66862195 MT	177	def ldap(self):
66862195 MT	178	return self.accounts.ldap
940227cb	179
e96e445b MT	180	def _exists(self, key):
	181	try:
	182	self.attributes[key]
	183	except KeyError:
	184	return False
940227cb	185
e96e445b	186	return True
940227cb	187
e96e445b MT	188	def _get(self, key):
	189	for value in self.attributes.get(key, []):
	190	yield value
940227cb	191
e96e445b MT	192	def _get_bytes(self, key, default=None):
	193	for value in self._get(key):
	194	return value
	195
	196	return default
	197
	198	def _get_strings(self, key):
	199	for value in self._get(key):
	200	yield value.decode()
	201
	202	def _get_string(self, key, default=None):
	203	for value in self._get_strings(key):
	204	return value
	205
	206	return default
	207
	208	def _get_phone_numbers(self, key):
	209	for value in self._get_strings(key):
	210	yield phonenumbers.parse(value, None)
	211
	212	def _modify(self, modlist):
	213	logging.debug("Modifying %s: %s" % (self.dn, modlist))
	214
	215	# Run modify operation
	216	self.ldap.modify_s(self.dn, modlist)
	217
	218	def _set(self, key, values):
	219	current = self._get(key)
	220
	221	# Don't do anything if nothing has changed
	222	if list(current) == values:
	223	return
	224
	225	# Remove all old values and add all new ones
	226	modlist = []
940227cb	227
e96e445b MT	228	if self._exists(key):
e96e445b MT	229	modlist.append((ldap.MOD_DELETE, key, None))
940227cb	230
e96e445b MT	231	# Add new values
	232	modlist.append((ldap.MOD_ADD, key, values))
	233
	234	# Run modify operation
	235	self._modify(modlist)
	236
	237	# Update cache
	238	self.attributes.update({ key : values })
	239
	240	def _set_bytes(self, key, values):
	241	return self._set(key, values)
	242
	243	def _set_strings(self, key, values):
	244	return self._set(key, [e.encode() for e in values])
	245
	246	def _set_string(self, key, value):
	247	return self._set_strings(key, [value,])
940227cb	248
3ea97943 MT	249	def passwd(self, new_password):
	250	"""
	251	Sets a new password
	252	"""
	253	self.ldap.passwd_s(self.dn, None, new_password)
	254
940227cb MT	255	def check_password(self, password):
	256	"""
	257	Bind to the server with given credentials and return
	258	true if password is corrent and false if not.
	259
	260	Raises exceptions from the server on any other errors.
	261	"""
940227cb	262	logging.debug("Checking credentials for %s" % self.dn)
3ea97943 MT	263
	264	# Create a new LDAP connection
	265	ldap_uri = self.backend.settings.get("ldap_uri")
	266	conn = ldap.initialize(ldap_uri)
	267
940227cb	268	try:
3ea97943	269	conn.simple_bind_s(self.dn, password.encode("utf-8"))
940227cb	270	except ldap.INVALID_CREDENTIALS:
3ea97943	271	logging.debug("Account credentials are invalid for %s" % self)
940227cb MT	272	return False
940227cb MT	273
3ea97943 MT	274	logging.info("Successfully authenticated %s" % self)
3ea97943 MT	275
940227cb MT	276	return True
940227cb MT	277
940227cb	278	def is_admin(self):
d82bc8e3	279	return "wheel" in self.groups
66862195 MT	280
66862195 MT	281	def is_talk_enabled(self):
06c1d39c MT	282	return "sipUser" in self.classes or "sipRoutingObject" in self.classes \
06c1d39c MT	283	or self.telephone_numbers or self.address
66862195	284
e96e445b MT	285	def can_be_managed_by(self, account):
	286	"""
	287	Returns True if account is allowed to manage this account
	288	"""
	289	# Admins can manage all accounts
	290	if account.is_admin():
	291	return True
	292
	293	# Users can manage themselves
	294	return self == account
	295
66862195 MT	296	@property
66862195 MT	297	def classes(self):
e96e445b	298	return self._get_strings("objectClass")
66862195 MT	299
	300	@property
	301	def uid(self):
e96e445b	302	return self._get_string("uid")
940227cb	303
a6dc0bad MT	304	@property
a6dc0bad MT	305	def name(self):
e96e445b	306	return self._get_string("cn")
66862195	307
e96e445b MT	308	# First Name
	309
	310	def get_first_name(self):
	311	return self._get_string("givenName")
	312
	313	def set_first_name(self, first_name):
	314	self._set_string("givenName", first_name)
	315
	316	# Update Common Name
	317	self._set_string("cn", "%s %s" % (first_name, self.last_name))
	318
	319	first_name = property(get_first_name, set_first_name)
	320
	321	# Last Name
	322
	323	def get_last_name(self):
	324	return self._get_string("sn")
	325
	326	def set_last_name(self, last_name):
	327	self._set_string("sn", last_name)
	328
	329	# Update Common Name
	330	self._set_string("cn", "%s %s" % (self.first_name, last_name))
	331
	332	last_name = property(get_last_name, set_last_name)
66862195	333
1bae74c7	334	@lazy_property
66862195	335	def groups(self):
1bae74c7	336	groups = []
66862195	337
1bae74c7 MT	338	res = self.accounts._query("(&(objectClass=posixGroup) \
1bae74c7 MT	339	(memberUid=%s))" % self.uid, ["cn"])
66862195	340
1bae74c7 MT	341	for dn, attrs in res:
	342	cns = attrs.get("cn")
	343	if cns:
	344	groups.append(cns[0].decode())
66862195	345
1bae74c7	346	return groups
66862195	347
e96e445b MT	348	# Address
	349
	350	def get_address(self):
	351	address = self._get_string("homePostalAddress")
	352
	353	if address:
	354	return (line.strip() for line in address.split(","))
66862195	355
e96e445b MT	356	return []
	357
	358	def set_address(self, address):
	359	data = ", ".join(address.splitlines())
	360
	361	self._set_bytes("homePostalAddress", data.encode())
	362
	363	address = property(get_address, set_address)
a6dc0bad	364
940227cb MT	365	@property
940227cb MT	366	def email(self):
66862195	367	name = self.name.lower()
940227cb	368	name = name.replace(" ", ".")
78fdedae MT	369	name = name.replace("Ä", "Ae")
	370	name = name.replace("Ö", "Oe")
	371	name = name.replace("Ü", "Ue")
	372	name = name.replace("ä", "ae")
	373	name = name.replace("ö", "oe")
	374	name = name.replace("ü", "ue")
940227cb	375
66862195	376	for mail in self.attributes.get("mail", []):
7aee4b8d	377	if mail.decode().startswith("%s@ipfire.org" % name):
940227cb MT	378	return mail
940227cb MT	379
2cd9af74 MT	380	# If everything else fails, we will go with the UID
2cd9af74 MT	381	return "%s@ipfire.org" % self.uid
940227cb	382
e96e445b MT	383	# Mail Routing Address
	384
	385	def get_mail_routing_address(self):
	386	return self._get_string("mailRoutingAddress", None)
	387
	388	def set_mail_routing_address(self, address):
	389	self._set_string("mailRoutingAddress", address)
	390
	391	mail_routing_address = property(get_mail_routing_address, set_mail_routing_address)
	392
66862195 MT	393	@property
	394	def sip_id(self):
	395	if "sipUser" in self.classes:
e96e445b	396	return self._get_string("sipAuthenticationUser")
66862195 MT	397
66862195 MT	398	if "sipRoutingObject" in self.classes:
e96e445b	399	return self._get_string("sipLocalAddress")
66862195	400
2f51147a MT	401	@property
2f51147a MT	402	def sip_password(self):
e96e445b MT	403	return self._get_string("sipPassword")
	404
	405	@staticmethod
	406	def _generate_sip_password():
	407	return util.random_string(8)
2f51147a	408
66862195 MT	409	@property
	410	def sip_url(self):
	411	return "%s@ipfire.org" % self.sip_id
	412
	413	def uses_sip_forwarding(self):
e96e445b	414	if self.sip_routing_address:
66862195 MT	415	return True
	416
	417	return False
	418
e96e445b MT	419	# SIP Routing
	420
	421	def get_sip_routing_address(self):
66862195	422	if "sipRoutingObject" in self.classes:
e96e445b MT	423	return self._get_string("sipRoutingAddress")
	424
	425	def set_sip_routing_address(self, address):
	426	if not address:
	427	address = None
	428
	429	# Don't do anything if nothing has changed
	430	if self.get_sip_routing_address() == address:
	431	return
	432
	433	if address:
	434	modlist = [
	435	# This is no longer a SIP user any more
	436	(ldap.MOD_DELETE, "objectClass", b"sipUser"),
	437	(ldap.MOD_DELETE, "sipAuthenticationUser", None),
	438	(ldap.MOD_DELETE, "sipPassword", None),
	439
	440	(ldap.MOD_ADD, "objectClass", b"sipRoutingObject"),
	441	(ldap.MOD_ADD, "sipLocalAddress", self.sip_id.encode()),
	442	(ldap.MOD_ADD, "sipRoutingAddress", address.encode()),
	443	]
	444	else:
	445	modlist = [
	446	(ldap.MOD_DELETE, "objectClass", b"sipRoutingObject"),
	447	(ldap.MOD_DELETE, "sipLocalAddress", None),
	448	(ldap.MOD_DELETE, "sipRoutingAddress", None),
	449
	450	(ldap.MOD_ADD, "objectClass", b"sipUser"),
	451	(ldap.MOD_ADD, "sipAuthenticationUser", self.sip_id.encode()),
	452	(ldap.MOD_ADD, "sipPassword", self._generate_sip_password().encode()),
	453	]
	454
	455	# Run modification
	456	self._modify(modlist)
	457
	458	# XXX Cache is invalid here
	459
	460	sip_routing_address = property(get_sip_routing_address, set_sip_routing_address)
66862195	461
917434b8 MT	462	@lazy_property
	463	def sip_registrations(self):
	464	sip_registrations = []
	465
	466	for reg in self.backend.talk.freeswitch.get_sip_registrations(self.sip_url):
	467	reg.account = self
	468
	469	sip_registrations.append(reg)
	470
	471	return sip_registrations
	472
bdaf6b46 MT	473	def get_cdr(self, date=None, limit=None):
bdaf6b46 MT	474	return self.backend.talk.freeswitch.get_cdr_by_account(self, date=date, limit=limit)
525c01f7	475
e96e445b	476	# Phone Numbers
6ff61434	477
e96e445b MT	478	def get_phone_numbers(self):
e96e445b MT	479	ret = []
6ff61434	480
e96e445b MT	481	for field in ("telephoneNumber", "homePhone", "mobile"):
	482	for number in self._get_phone_numbers(field):
	483	ret.append(number)
6ff61434	484
e96e445b MT	485	return ret
	486
	487	def set_phone_numbers(self, phone_numbers):
	488	# Sort phone numbers by landline and mobile
	489	_landline_numbers = []
	490	_mobile_numbers = []
	491
	492	for number in phone_numbers:
	493	try:
	494	number = phonenumbers.parse(number, None)
	495	except phonenumbers.phonenumberutil.NumberParseException:
	496	continue
	497
	498	# Convert to string (in E.164 format)
	499	s = phonenumbers.format_number(number, phonenumbers.PhoneNumberFormat.E164)
	500
	501	# Separate mobile numbers
	502	if phonenumbers.number_type(number) == phonenumbers.PhoneNumberType.MOBILE:
	503	_mobile_numbers.append(s)
	504	else:
	505	_landline_numbers.append(s)
	506
	507	# Save
	508	self._set_strings("telephoneNumber", _landline_numbers)
	509	self._set_strings("mobile", _mobile_numbers)
	510
	511	phone_numbers = property(get_phone_numbers, set_phone_numbers)
8476e80f MT	512
	513	@property
	514	def _all_telephone_numbers(self):
6ccc8acb MT	515	ret = [ self.sip_id, ]
	516
	517	for number in self.phone_numbers:
	518	s = phonenumbers.format_number(number, phonenumbers.PhoneNumberFormat.E164)
	519	ret.append(s)
	520
	521	return ret
66862195	522
2cd9af74 MT	523	def avatar_url(self, size=None):
2cd9af74 MT	524	if self.backend.debug:
03706893	525	hostname = "http://people.dev.ipfire.org"
2cd9af74	526	else:
03706893	527	hostname = "https://people.ipfire.org"
2cd9af74	528
03706893	529	url = "%s/users/%s.jpg" % (hostname, self.uid)
2cd9af74 MT	530
	531	if size:
	532	url += "?size=%s" % size
	533
	534	return url
	535
2cd9af74	536	def get_avatar(self, size=None):
e96e445b	537	avatar = self._get_bytes("jpegPhoto")
2cd9af74 MT	538	if not avatar:
	539	return
	540
	541	if not size:
	542	return avatar
	543
	544	return self._resize_avatar(avatar, size)
	545
	546	def _resize_avatar(self, image, size):
1a226c83 MT	547	image = PIL.Image.open(io.BytesIO(image))
	548
	549	# Convert RGBA images into RGB because JPEG doesn't support alpha-channels
	550	if image.mode == "RGBA":
	551	image = image.convert("RGB")
	552
22153577 MT	553	# Resize the image to the desired resolution (and make it square)
22153577 MT	554	thumbnail = PIL.ImageOps.fit(image, (size, size), PIL.Image.ANTIALIAS)
1a226c83 MT	555
	556	with io.BytesIO() as f:
	557	# If writing out the image does not work with optimization,
	558	# we try to write it out without any optimization.
	559	try:
22153577	560	thumbnail.save(f, "JPEG", optimize=True, quality=98)
1a226c83	561	except:
22153577	562	thumbnail.save(f, "JPEG", quality=98)
1a226c83 MT	563
1a226c83 MT	564	return f.getvalue()
2cd9af74	565
5cc10421 MT	566	def upload_avatar(self, avatar):
	567	self._set("jpegPhoto", avatar)
	568
60024cc8	569
940227cb MT	570	if __name__ == "__main__":
	571	a = Accounts()
	572
11347e46	573	print(a.list())