diff options
author | Ondrej Hamada <ohamada@redhat.com> | 2011-12-12 12:59:06 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-12-12 00:17:07 -0500 |
commit | da4b4fc4d9ef42f8ca46d5b5f405b93ba84f07d0 (patch) | |
tree | e8c744f9bac2c0a786be7bc119dcd6dec6804820 /ipalib | |
parent | 7710bfb5bdef1faa959b7f9402c2840b5ef65d7e (diff) | |
download | freeipa-da4b4fc4d9ef42f8ca46d5b5f405b93ba84f07d0.tar.gz freeipa-da4b4fc4d9ef42f8ca46d5b5f405b93ba84f07d0.tar.xz freeipa-da4b4fc4d9ef42f8ca46d5b5f405b93ba84f07d0.zip |
User-add random password support
I've used code from ipalib/plugins/host.py to add support for random
password generation. The '--random' option is now available in user-add
and user-mod commands. If both the 'password' and 'random' options are
used the 'random' option will be ignored.
Two test cases were added to unit test's module test_user_plugin.py -
they test creating and modifying user with random password. Two fuzzy tests
were added: test for password(string that doesn't start or end with
whitespace and doesn't containt other whitespace than ' ') and for whatever
string(because of krbextradata).
I've slightly modified ipa_generate_password in order to make passwords for
users more user-friendly(reduce number of non-letters). It has two optional
parameters now - first one is string of characters that should be used for
generating the passwd and second one is length of password. If none
parameter is set default values will be used so there's no need to modify
other plugins that use random password generator.
https://fedorahosted.org/freeipa/ticket/1979
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/user.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index a3c17dc4c..70a111dd3 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -25,6 +25,8 @@ from ipalib.request import context from time import gmtime, strftime import copy from ipalib import _, ngettext +from ipapython.ipautil import ipa_generate_password +import string __doc__ = _(""" Users @@ -74,6 +76,9 @@ user_output_params = ( ), ) +# characters to be used for generating random user passwords +user_pwdchars = string.digits + string.ascii_letters + '_,.@+-=' + def validate_nsaccountlock(entry_attrs): if 'nsaccountlock' in entry_attrs: nsaccountlock = entry_attrs['nsaccountlock'] @@ -238,6 +243,15 @@ class user(LDAPObject): # bomb out via the webUI. exclude='webui', ), + Flag('random?', + doc=_('Generate a random user password'), + flags=('no_search', 'virtual_attribute'), + default=False, + ), + Str('randompassword?', + label=_('Random password'), + flags=('no_create', 'no_update', 'no_search', 'virtual_attribute'), + ), Int('uidnumber', cli_name='uid', label=_('UID'), @@ -430,6 +444,11 @@ class user_add(LDAPCreate): raise errors.NotFound(reason=error_msg) entry_attrs['gidnumber'] = group_attrs['gidnumber'] + if 'userpassword' not in entry_attrs and options.get('random'): + entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars) + # save the password so it can be displayed in post_callback + setattr(context, 'randompassword', entry_attrs['userpassword']) + if 'mail' in entry_attrs: entry_attrs['mail'] = self.obj._normalize_email(entry_attrs['mail'], config) @@ -465,6 +484,13 @@ class user_add(LDAPCreate): newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry') entry_from_entry(entry_attrs, newentry) + if options.get('random', False): + try: + entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword')) + except AttributeError: + # if both randompassword and userpassword options were used + pass + self.obj.get_password_attributes(ldap, dn, entry_attrs) return dn @@ -495,9 +521,19 @@ class user_mod(LDAPUpdate): if 'manager' in entry_attrs: entry_attrs['manager'] = self.obj._normalize_manager(entry_attrs['manager']) validate_nsaccountlock(entry_attrs) + if 'userpassword' not in entry_attrs and options.get('random'): + entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars) + # save the password so it can be displayed in post_callback + setattr(context, 'randompassword', entry_attrs['userpassword']) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + if options.get('random', False): + try: + entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword')) + except AttributeError: + # if both randompassword and userpassword options were used + pass convert_nsaccountlock(entry_attrs) self.obj._convert_manager(entry_attrs, **options) self.obj.get_password_attributes(ldap, dn, entry_attrs) |