From 856631cdb0687c179d85f44d9624e5ca1c4c5bd8 Mon Sep 17 00:00:00 2001
From: Christian Dresen <c.dresen@fh-muenster.de>
Date: Sun, 18 Sep 2016 15:54:42 +0200
Subject: [PATCH] [Security] Added password change notifications
---
www/web/warpauth/util.py | 6 ++++++
www/web/warpauth/views/profile.py | 1 +
www/web/warpauth/views/reset_password.py | 10 ++++++----
www/web/warpzone/{utils.py => util.py} | 4 +++-
4 files changed, 16 insertions(+), 5 deletions(-)
rename www/web/warpzone/{utils.py => util.py} (94%)
diff --git a/www/web/warpauth/util.py b/www/web/warpauth/util.py
index 628d52a..95af73d 100644
--- a/www/web/warpauth/util.py
+++ b/www/web/warpauth/util.py
@@ -1,4 +1,10 @@
+from django.utils.translation import ugettext as _
+from warpzone.util import send_email
+
pages = {'pages': [
{"link": "pizza", "name": "PizzaSheet"},
{"link": "about", "name": "About"},
]}
+
+def send_password_change_notification(user):
+ send_email(user.email, _("Your password was changed"),_("Password changed recently"))
diff --git a/www/web/warpauth/views/profile.py b/www/web/warpauth/views/profile.py
index dc9aab8..1c81ed7 100644
--- a/www/web/warpauth/views/profile.py
+++ b/www/web/warpauth/views/profile.py
@@ -90,6 +90,7 @@ def change_password(request):
if ret == -1:
pages["error_passwd"] = "Old password did not match"
else:
+ send_password_change_notification(request.user.ldap_user)
pages["success_passwd"] = True
pages['ldap_groups'] = request.user.ldap_user.group_names
pages['ldap_user_form'] = LdapUserForm(instance=LdapUser.objects.get(uid=str(request.user)))
diff --git a/www/web/warpauth/views/reset_password.py b/www/web/warpauth/views/reset_password.py
index 7dad01c..fb6f806 100644
--- a/www/web/warpauth/views/reset_password.py
+++ b/www/web/warpauth/views/reset_password.py
@@ -3,11 +3,13 @@ import hashlib
import logging
import datetime
+from django.utils.translation import ugettext as _
+
from django.core.exceptions import ObjectDoesNotExist, ValidationError
from django.http import HttpResponse
from django.shortcuts import render
from warpauth.ldap_connector import LDAPConnector
-from warpzone.utils import send_email
+from warpzone.util import send_email
from warpauth.util import *
from warpauth.models import PasswordResetToken, LdapUser
@@ -16,8 +18,6 @@ from warpzone.settings import PW_RESET_TOKEN_LIFETIME
#
# Function to generate a password reset Token
-# ToDo: Implement Email with Token
-# ToDo: Remove Debug outputs
#
def gen_token(request):
@@ -32,7 +32,8 @@ def gen_token(request):
p.email = usr.email
p.hash = hashlib.sha1(os.urandom(128)).hexdigest()
p.save()
- ret = send_email(p.email, "Requested Password Reset", "http://localhost/reset_password/%s" % p.hash)
+ email_content = _("https://infra.warpzone.ms/reset_password/%(hash)s") % {'hash': p.hash}
+ ret = send_email(p.email, "Requested Password Reset", email_content )
if not ret:
pages["error"] = "Error while sending the email. Please contact the administrator."
logger.info("Success for %s", usr.uid)
@@ -65,6 +66,7 @@ def change_password(request, reset_hash=None):
ldap_connector = LDAPConnector()
ldap_connector.change_user_password(user.build_dn(), None, request.POST["password"], True)
pw_reset_token.delete()
+ send_password_change_notification(user)
else:
pages["username"] = pw_reset_token.user
diff --git a/www/web/warpzone/utils.py b/www/web/warpzone/util.py
similarity index 94%
rename from www/web/warpzone/utils.py
rename to www/web/warpzone/util.py
index 88962dc..d865050 100644
--- a/www/web/warpzone/utils.py
+++ b/www/web/warpzone/util.py
@@ -14,4 +14,6 @@ def send_email(to_address, subject, content):
except Exception as e:
print(e)
- return False
\ No newline at end of file
+ return False
+
+
--
GitLab