Major update of the webapp.

[people/shoehn/ipfire.org.git] / webapp / backend / accounts.py

#!/usr/bin/python
# encoding: utf-8

import hashlib
import ldap
import logging
import urllib

from misc import Object

class Accounts(Object):
	def __init__(self, backend):
		Object.__init__(self, backend)
		self.__db = None

		self._init()

	@property
	def search_base(self):
		return self.settings.get("ldap_search_base")

	@property
	def db(self):
		if not self.__db:
			ldap_uri = self.settings.get("ldap_uri")

			self.__db = ldap.initialize(ldap_uri)
			
			bind_dn = self.settings.get("ldap_bind_dn")

			if bind_dn:
				bind_pw = self.settings.get("ldap_bind_pw", "")

				self.__db.simple_bind(bind_dn, bind_pw)

		return self.__db

	def get(self, dn):
		return self._accounts[dn]

	def _init(self):
		self._accounts = {}
		results = self.db.search_s(self.search_base, ldap.SCOPE_SUBTREE,
			"(objectClass=posixAccount)", ["loginShell"])

		for dn, attrs in results:
			#if attrs["loginShell"] == ["/bin/bash"]:
			self._accounts[dn] = Account(self.backend, dn)

	def list(self):
		return sorted(self._accounts.values())

	def find(self, uid):
		for account in self.list():
			if account.uid == uid:
				return account

	def delete(self, uid):
		account = self.find(uid)
		# XXX

	search = find


class Account(Object):
	def __init__(self, backend, dn):
		Object.__init__(self, backend)
		self.dn = dn

		self.__attributes = {}

	def __repr__(self):
		return "<%s %s>" % (self.__class__.__name__, self.dn)

	def __cmp__(self, other):
		return cmp(self.cn, other.cn)

	@property
	def db(self):
		return self.accounts.db

	@property
	def attributes(self):
		if not self.__attributes:
			self.fetch_attributes()

		return self.__attributes

	def fetch_attributes(self):
		result = self.db.search_ext_s(self.dn, ldap.SCOPE_SUBTREE, sizelimit=1)
		dn, self.__attributes = result[0]

	def get(self, key):
		try:
			attribute = self.attributes[key]
		except KeyError:
			raise AttributeError(key)

		if len(attribute) == 1:
			return attribute[0]

		return attribute

	__getattr__ = get

	def set(self, key, value):
		mod_op = ldap.MOD_ADD
		if self.attributes.has_key(key):
			mod_op = ldap.MOD_REPLACE

		self._modify(mod_op, key, value)

	def _modify(self, op, key, value):
		modlist = [(op, key, value)]

		self.db.modify_s(self.dn, modlist)

		# Update local cache of attributes
		self.fetch_attributes()

	def delete(self, key, value=None):
		self._modify(ldap.MOD_DELETE, key, value)

	def check_password(self, password):
		"""
			Bind to the server with given credentials and return
			true if password is corrent and false if not.

			Raises exceptions from the server on any other errors.
		"""

		logging.debug("Checking credentials for %s" % self.dn)
		try:
			self.db.simple_bind_s(self.dn, password.encode("utf-8"))
		except ldap.INVALID_CREDENTIALS:
			logging.debug("Account credentials are invalid.")
			return False

		logging.debug("Successfully authenticated.")
		return True

	@property
	def is_admin(self):
		return True # XXX todo

	@property
	def name(self):
		return self.cn

	@property
	def email(self):
		name = self.cn.lower()
		name = name.replace(" ", ".")
		name = name.replace("Ä", "Ae")
		name = name.replace("Ö", "Oe")
		name = name.replace("Ü", "Ue")
		name = name.replace("ä", "ae")
		name = name.replace("ö", "oe")
		name = name.replace("ü", "ue")

		for mail in self.mail:
			if mail.startswith("%s@ipfire.org" % name):
				return mail

		raise Exception, "Cannot figure out email address"

	def gravatar_icon(self, size=128):
		# construct the url
		gravatar_url = "http://www.gravatar.com/avatar/" + \
			hashlib.md5(self.email.lower()).hexdigest() + "?"	
		gravatar_url += urllib.urlencode({'d': "mm", 's': str(size)})

		return gravatar_url


if __name__ == "__main__":
	a = Accounts()

	print a.list()