people: Show last successful/failed authentication attempts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index d36dbafbbc3d50d8dc85101a09699577af72bc10..c310cf5300f8de86b9525016c2fb3890cf87470f 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -485,6 +485,58 @@ class Account(Object):
        def _delete_string(self, key, value):
                return self._delete_strings(key, [value,])
 
+       @lazy_property
+       def kerberos_attributes(self):
+               res = self.backend.accounts._query(
+                       "(&(objectClass=krbPrincipal)(krbPrincipalName=%s@IPFIRE.ORG))" % self.uid,
+                       attrlist=[
+                               "krbLastSuccessfulAuth",
+                               "krbLastPasswordChange",
+                               "krbLastFailedAuth",
+                               "krbLoginFailedCount",
+                       ],
+                       limit=1,
+                       search_base="cn=krb5,%s" % self.backend.accounts.search_base)
+
+               for dn, attrs in res:
+                       return { key : attrs[key][0] for key in attrs }
+
+               return {}
+
+       @staticmethod
+       def _parse_date(s):
+               return datetime.datetime.strptime(s.decode(), "%Y%m%d%H%M%SZ")
+
+       @property
+       def last_successful_authentication(self):
+               try:
+                       s = self.kerberos_attributes["krbLastSuccessfulAuth"]
+               except KeyError:
+                       return None
+
+               return self._parse_date(s)
+
+       @property
+       def last_failed_authentication(self):
+               try:
+                       s = self.kerberos_attributes["krbLastFailedAuth"]
+               except KeyError:
+                       return None
+
+               return self._parse_date(s)
+
+       @property
+       def failed_login_count(self):
+               try:
+                       count = self.kerberos_attributes["krbLoginFailedCount"].decode()
+               except KeyError:
+                       return 0
+
+               try:
+                       return int(count)
+               except ValueError:
+                       return 0
+
        def passwd(self, password):
                """
                        Sets a new password

diff --git a/src/templates/people/user.html b/src/templates/people/user.html
index c50e3fa64eb5a7e1e3145cc92fc49f4e7c182bd1..5597c71d1ea9f60887e9b030dc0fcc18f6f86d50 100644 (file)
--- a/src/templates/people/user.html
+++ b/src/templates/people/user.html
@@ -81,8 +81,26 @@
        </div>
 
        {% if current_user.is_admin() %}
-               <p class="small text-muted">
-                       {{ _("Last Modified %s") % locale.format_date(account.modified_at) }}
-               </p>
+               <ul class="list-unstyled small text-muted">
+                       <li>
+                               {{ _("Last Modified %s") % locale.format_date(account.modified_at) }}
+                       </li>
+
+                       {% if account.last_successful_authentication %}
+                               <li>
+                                       {{ _("Last successful authentication: %s") % locale.format_date(account.last_successful_authentication) }}
+                               </li>
+                       {% end %}
+
+                       {% if account.failed_login_count %}
+                               <li class="text-warning">
+                                       {{ _("One unsuccessful authentication attempt.", "%(num)s unsuccessful authentication attempts.", account.failed_login_count) % { "num" : account.failed_login_count } }}
+
+                                       {% if account.last_failed_authentication %}
+                                               {{ _("Last attempt: %s") % locale.format_date(account.last_failed_authentication) }}
+                                       {% end %}
+                               </li>
+                       {% end %}
+               </ul>
        {% end %}
 {% end block %}