]> git.ipfire.org Git - people/shoehn/ipfire.org.git/blob - webapp/backend/accounts.py
projects / people / shoehn / ipfire.org.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
added background to support section
[people/shoehn/ipfire.org.git] / webapp / backend / accounts.py
1 #!/usr/bin/python
2 # encoding: utf-8
3
4 import PIL
5 import StringIO
6 import hashlib
7 import ldap
8 import logging
9 import urllib
10
11 from misc import Object
12
13 class Accounts(Object):
14 @property
15 def ldap(self):
16 if not hasattr(self, "_ldap"):
17 # Connect to LDAP server
18 ldap_uri = self.settings.get("ldap_uri")
19 self._ldap = ldap.initialize(ldap_uri)
20
21 # Bind with username and password
22 bind_dn = self.settings.get("ldap_bind_dn")
23 if bind_dn:
24 bind_pw = self.settings.get("ldap_bind_pw", "")
25 self._ldap.simple_bind(bind_dn, bind_pw)
26
27 return self._ldap
28
29 def _search(self, query, attrlist=None, limit=0):
30 logging.debug("Performing LDAP query: %s" % query)
31
32 search_base = self.settings.get("ldap_search_base")
33 results = self.ldap.search_ext_s(search_base, ldap.SCOPE_SUBTREE,
34 query, attrlist=attrlist, sizelimit=limit)
35
36 return results
37
38 def search(self, query, limit=0):
39 results = self._search(query, limit=limit)
40
41 accounts = []
42 for dn, attrs in results:
43 account = Account(self.backend, dn, attrs)
44 accounts.append(account)
45
46 return sorted(accounts)
47
48 def search_one(self, query):
49 result = self.search(query, limit=1)
50 assert len(result) <= 1
51
52 if result:
53 return result[0]
54
55 def get_all(self):
56 # Only return developers (group with ID 500)
57 return self.search("(&(objectClass=posixAccount)(gidNumber=500))")
58
59 list = get_all
60
61 def get_by_uid(self, uid):
62 return self.search_one("(&(objectClass=posixAccount)(uid=%s))" % uid)
63
64 def get_by_mail(self, mail):
65 return self.search_one("(&(objectClass=posixAccount)(mail=%s))" % mail)
66
67 find = get_by_uid
68
69 def find_account(self, s):
70 account = self.get_by_uid(s)
71 if account:
72 return account
73
74 return self.get_by_mail(s)
75
76 def get_by_sip_id(self, sip_id):
77 return self.search_one("(|(&(objectClass=sipUser)(sipAuthenticationUser=%s)) \
78 (&(objectClass=sipRoutingObject)(sipLocalAddress=%s)))" % (sip_id, sip_id))
79
80 # Session stuff
81
82 def _cleanup_expired_sessions(self):
83 self.db.execute("DELETE FROM sessions WHERE time_expires <= NOW()")
84
85 def create_session(self, account, host):
86 self._cleanup_expired_sessions()
87
88 res = self.db.get("INSERT INTO sessions(host, uid) VALUES(%s, %s) \
89 RETURNING session_id, time_expires", host, account.uid)
90
91 # Session could not be created
92 if not res:
93 return None, None
94
95 logging.info("Created session %s for %s which expires %s" \
96 % (res.session_id, account, res.time_expires))
97 return res.session_id, res.time_expires
98
99 def destroy_session(self, session_id, host):
100 logging.info("Destroying session %s" % session_id)
101
102 self.db.execute("DELETE FROM sessions \
103 WHERE session_id = %s AND host = %s", session_id, host)
104 self._cleanup_expired_sessions()
105
106 def get_by_session(self, session_id, host):
107 logging.debug("Looking up session %s" % session_id)
108
109 res = self.db.get("SELECT uid FROM sessions WHERE session_id = %s \
110 AND host = %s AND NOW() BETWEEN time_created AND time_expires",
111 session_id, host)
112
113 # Session does not exist or has expired
114 if not res:
115 return
116
117 # Update the session expiration time
118 self.db.execute("UPDATE sessions SET time_expires = NOW() + INTERVAL '14 days' \
119 WHERE session_id = %s AND host = %s", session_id, host)
120
121 return self.get_by_uid(res.uid)
122
123
124 class Account(Object):
125 def __init__(self, backend, dn, attrs=None):
126 Object.__init__(self, backend)
127 self.dn = dn
128
129 self.__attrs = attrs or {}
130
131 def __repr__(self):
132 return "<%s %s>" % (self.__class__.__name__, self.dn)
133
134 def __cmp__(self, other):
135 return cmp(self.name, other.name)
136
137 @property
138 def ldap(self):
139 return self.accounts.ldap
140
141 @property
142 def attributes(self):
143 return self.__attrs
144
145 def _get_first_attribute(self, attr, default=None):
146 if not self.attributes.has_key(attr):
147 return default
148
149 res = self.attributes.get(attr, [])
150 if res:
151 return res[0]
152
153 def get(self, key):
154 try:
155 attribute = self.attributes[key]
156 except KeyError:
157 raise AttributeError(key)
158
159 if len(attribute) == 1:
160 return attribute[0]
161
162 return attribute
163
164 def check_password(self, password):
165 """
166 Bind to the server with given credentials and return
167 true if password is corrent and false if not.
168
169 Raises exceptions from the server on any other errors.
170 """
171
172 logging.debug("Checking credentials for %s" % self.dn)
173 try:
174 self.ldap.simple_bind_s(self.dn, password.encode("utf-8"))
175 except ldap.INVALID_CREDENTIALS:
176 logging.debug("Account credentials are invalid.")
177 return False
178
179 logging.debug("Successfully authenticated.")
180 return True
181
182 def is_admin(self):
183 return "admins" in self.groups
184
185 def is_talk_enabled(self):
186 return "sipUser" in self.classes or "sipRoutingObject" in self.classes \
187 or self.telephone_numbers or self.address
188
189 @property
190 def classes(self):
191 return self.attributes.get("objectClass", [])
192
193 @property
194 def uid(self):
195 return self._get_first_attribute("uid")
196
197 @property
198 def name(self):
199 return self._get_first_attribute("cn")
200
201 @property
202 def first_name(self):
203 return self._get_first_attribute("givenName")
204
205 @property
206 def groups(self):
207 if not hasattr(self, "_groups"):
208 self._groups = []
209
210 res = self.accounts._search("(&(objectClass=posixGroup) \
211 (memberUid=%s))" % self.uid, ["cn"])
212
213 for dn, attrs in res:
214 cns = attrs.get("cn")
215 if cns:
216 self._groups.append(cns[0])
217
218 return self._groups
219
220 @property
221 def address(self):
222 address = self._get_first_attribute("homePostalAddress", "")
223 address = address.replace(", ", "\n")
224
225 return address
226
227 @property
228 def email(self):
229 name = self.name.lower()
230 name = name.replace(" ", ".")
231 name = name.replace("Ä", "Ae")
232 name = name.replace("Ö", "Oe")
233 name = name.replace("Ü", "Ue")
234 name = name.replace("ä", "ae")
235 name = name.replace("ö", "oe")
236 name = name.replace("ü", "ue")
237
238 for mail in self.attributes.get("mail", []):
239 if mail.startswith("%s@ipfire.org" % name):
240 return mail
241
242 # If everything else fails, we will go with the UID
243 return "%s@ipfire.org" % self.uid
244
245 @property
246 def sip_id(self):
247 if "sipUser" in self.classes:
248 return self._get_first_attribute("sipAuthenticationUser")
249
250 if "sipRoutingObject" in self.classes:
251 return self._get_first_attribute("sipLocalAddress")
252
253 @property
254 def sip_password(self):
255 return self._get_first_attribute("sipPassword")
256
257 @property
258 def sip_url(self):
259 return "%s@ipfire.org" % self.sip_id
260
261 def uses_sip_forwarding(self):
262 if self.sip_routing_url:
263 return True
264
265 return False
266
267 @property
268 def sip_routing_url(self):
269 if "sipRoutingObject" in self.classes:
270 return self._get_first_attribute("sipRoutingAddress")
271
272 def sip_is_online(self):
273 assert self.sip_id
274
275 if not hasattr(self, "_is_online"):
276 self._is_online = self.backend.talk.user_is_online(self.sip_id)
277
278 return self._is_online
279
280 @property
281 def telephone_numbers(self):
282 return self._telephone_numbers + self.mobile_telephone_numbers \
283 + self.home_telephone_numbers
284
285 @property
286 def _telephone_numbers(self):
287 return self.attributes.get("telephoneNumber") or []
288
289 @property
290 def home_telephone_numbers(self):
291 return self.attributes.get("homePhone") or []
292
293 @property
294 def mobile_telephone_numbers(self):
295 return self.attributes.get("mobile") or []
296
297 def avatar_url(self, size=None):
298 if self.backend.debug:
299 hostname = "accounts.dev.ipfire.org"
300 else:
301 hostname = "accounts.ipfire.org"
302
303 url = "http://%s/avatar/%s.jpg" % (hostname, self.uid)
304
305 if size:
306 url += "?size=%s" % size
307
308 return url
309
310 gravatar_icon = avatar_url
311
312 def get_avatar(self, size=None):
313 avatar = self._get_first_attribute("jpegPhoto")
314 if not avatar:
315 return
316
317 if not size:
318 return avatar
319
320 return self._resize_avatar(avatar, size)
321
322 def _resize_avatar(self, image, size):
323 image = StringIO.StringIO(image)
324 image = PIL.Image.open(image)
325
326 # Resize the image to the desired resolution
327 image.thumbnail((size, size), PIL.Image.ANTIALIAS)
328
329 f = StringIO.StringIO()
330
331 # If writing out the image does not work with optimization,
332 # we try to write it out without any optimization.
333 try:
334 image.save(f, "JPEG", optimize=True)
335 except:
336 image.save(f, "JPEG")
337
338 return f.getvalue()
339
340 def get_gravatar_url(self, size=128):
341 try:
342 gravatar_email = self.email.lower()
343 except:
344 gravatar_email = "nobody@ipfire.org"
345
346 # construct the url
347 gravatar_url = "http://www.gravatar.com/avatar/" + \
348 hashlib.md5(gravatar_email).hexdigest() + "?"
349 gravatar_url += urllib.urlencode({'d': "mm", 's': str(size)})
350
351 return gravatar_url
352
353
354 if __name__ == "__main__":
355 a = Accounts()
356
357 print a.list()
Sven's copy of the ipfire.org website