YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[fix] Avoid password are given in users hooks

Browse source
This commit is contained in:
ljf 2020-12-08 17:55:29 +01:00
parent efdb2ee6b5
commit 792643607b
1 changed files with 35 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
src/yunohost/user.py
View file

@ -218,12 +218,28 @@ def user_create(operation_logger, username, firstname, lastname, domain, passwor
user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False) user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
user_group_update(groupname='all_users', add=username, force=True, sync_perm=True) user_group_update(groupname='all_users', add=username, force=True, sync_perm=True)
# Trigger post_user_create hooks
env_dict = {
"YNH_USER_USERNAME": username,
"YNH_USER_MAIL": mail,
"YNH_USER_PASSWORD": password,
"YNH_USER_FIRSTNAME": firstname,
"YNH_USER_LASTNAME": lastname
}
# Put a random password instead of the true one to force
# packagers to change this
# FIXME: Remove this in future version
chars = string.ascii_letters + string.digits + string.punctuation
fake_password = "".join([random.choice(chars) for i in range(20)])
fake_password += " num args are deprecated, please use YNH_USER_PASSWORD"
hook_callback('post_user_create',
args=[username, mail, fake_password, firstname, lastname],
env=env_dict)
# TODO: Send a welcome mail to user # TODO: Send a welcome mail to user
logger.success(m18n.n('user_created')) logger.success(m18n.n('user_created'))
hook_callback('post_user_create',
args=[username, mail, password, firstname, lastname])
return {'fullname': fullname, 'username': username, 'mail': mail} return {'fullname': fullname, 'username': username, 'mail': mail}
@ -311,16 +327,21 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail=
if not result: if not result:
raise YunohostError('user_unknown', user=username) raise YunohostError('user_unknown', user=username)
user = result[0] user = result[0]
env_dict = {
"YNH_USER_USERNAME": username
}
# Get modifications from arguments # Get modifications from arguments
new_attr_dict = {} new_attr_dict = {}
if firstname: if firstname:
new_attr_dict['givenName'] = [firstname] # TODO: Validate new_attr_dict['givenName'] = [firstname] # TODO: Validate
new_attr_dict['cn'] = new_attr_dict['displayName'] = [firstname + ' ' + user['sn'][0]] new_attr_dict['cn'] = new_attr_dict['displayName'] = [firstname + ' ' + user['sn'][0]]
env_dict["YNH_USER_FIRSTNAME"] = firstname
if lastname: if lastname:
new_attr_dict['sn'] = [lastname] # TODO: Validate new_attr_dict['sn'] = [lastname] # TODO: Validate
new_attr_dict['cn'] = new_attr_dict['displayName'] = [user['givenName'][0] + ' ' + lastname] new_attr_dict['cn'] = new_attr_dict['displayName'] = [user['givenName'][0] + ' ' + lastname]
env_dict["YNH_USER_LASTNAME"] = lastname
if lastname and firstname: if lastname and firstname:
new_attr_dict['cn'] = new_attr_dict['displayName'] = [firstname + ' ' + lastname] new_attr_dict['cn'] = new_attr_dict['displayName'] = [firstname + ' ' + lastname]
@ -330,6 +351,7 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail=
assert_password_is_strong_enough("user", change_password) assert_password_is_strong_enough("user", change_password)
new_attr_dict['userPassword'] = [_hash_user_password(change_password)] new_attr_dict['userPassword'] = [_hash_user_password(change_password)]
env_dict["YNH_USER_PASSWORD"] = change_password
if mail: if mail:
main_domain = _get_maindomain() main_domain = _get_maindomain()
@ -374,6 +396,9 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail=
raise YunohostError('mail_alias_remove_failed', mail=mail) raise YunohostError('mail_alias_remove_failed', mail=mail)
new_attr_dict['mail'] = user['mail'] new_attr_dict['mail'] = user['mail']
if 'mail' in new_attr_dict:
env_dict["YNH_USER_MAILS"] = ','.join(new_attr_dict['mail'])
if add_mailforward: if add_mailforward:
if not isinstance(add_mailforward, list): if not isinstance(add_mailforward, list):
add_mailforward = [add_mailforward] add_mailforward = [add_mailforward]
@ -393,8 +418,12 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail=
raise YunohostError('mail_forward_remove_failed', mail=mail) raise YunohostError('mail_forward_remove_failed', mail=mail)
new_attr_dict['maildrop'] = user['maildrop'] new_attr_dict['maildrop'] = user['maildrop']
if 'maildrop' in new_attr_dict:
env_dict["YNH_USER_MAILFORWARDS"] = ','.join(new_attr_dict['maildrop'])
if mailbox_quota is not None: if mailbox_quota is not None:
new_attr_dict['mailuserquota'] = [mailbox_quota] new_attr_dict['mailuserquota'] = [mailbox_quota]
env_dict["YNH_USER_MAILQUOTA"] = mailbox_quota
operation_logger.start() operation_logger.start()
@ -403,6 +432,9 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail=
except Exception as e: except Exception as e:
raise YunohostError('user_update_failed', user=username, error=e) raise YunohostError('user_update_failed', user=username, error=e)
# Trigger post_user_update hooks
hook_callback('post_user_update', env=env_dict)
logger.success(m18n.n('user_updated')) logger.success(m18n.n('user_updated'))
app_ssowatconf() app_ssowatconf()
return user_info(username) return user_info(username)