ldap: Update user informations in LDAP when edited from PCv5

2023-06-20 22:37:17 +02:00 · 2023-06-20 22:37:17 +02:00 · f163d15066
parent 14e81bdfb5
commit f163d15066
3 changed files with 20 additions and 9 deletions
--- a/app/routes/account/account.py
+++ b/app/routes/account/account.py
@ -31,6 +31,7 @@ def edit_account():

    if form.submit.data:
        if form.is_submitted() and form.validate(extra_validators=extra_vd):
+            old_username = current_user.norm
            current_user.update(
                avatar=form.avatar.data or None,
                email=form.email.data or None,
@ -42,6 +43,8 @@ def edit_account():
                newsletter=form.newsletter.data,
                theme=form.theme.data
            )
+            ldap.edit(old_username, current_user)
+            current_user.update(password=form.password.data or None)
            db.session.merge(current_user)
            db.session.commit()
            current_user.update_trophies("on-profile-update")
--- a/app/routes/admin/account.py
+++ b/app/routes/admin/account.py
@ -51,12 +51,12 @@ def adm_edit_account(user_id):
                # You cannot user vd.name_available because name will always be
                # invalid! Maybe you can add another validator with arguments
                raise Exception(f'{newname} is not available')
+            old_username = user.norm
            user.update(
                avatar=form.avatar.data or None,
                name=form.username.data or None,
                email=form.email.data or None,
                email_confirmed=form.email_confirmed.data,
-                password=form.password.data or None,
                birthday=form.birthday.data,
                signature=form.signature.data,
                title=form.title.data,
@ -64,6 +64,8 @@ def adm_edit_account(user_id):
                newsletter=form.newsletter.data,
                xp=form.xp.data or None,
            )
+            ldap.edit(old_username, user)
+            user.update(password=form.password.data or None)
            db.session.merge(user)
            db.session.commit()
            # TODO: send an email to member saying his account has been modified
--- a/app/utils/ldap.py
+++ b/app/utils/ldap.py
@ -16,18 +16,24 @@ def get_member(username):
        return None


-def edit(user, fields):
+def edit(old_username, new_member):
    """ Edit a user. Fields is {'name': ['value'], …} """
+    old_username = normalize(old_username)
    conn = ldap.initialize("ldap://localhost")
-    # TODO: do this
    # Connect as root
-    # conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ENV}',
-    #     V5Config.LDAP_PASSWORD)
-    # old_value = {"userPassword": ["my_old_password"]}
-    # new_value = {"userPassword": ["my_new_password"]}
+    conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ROOT}',
+        V5Config.LDAP_PASSWORD)
+    # Create values fields
+    old_dn = f'cn={old_username},{V5Config.LDAP_ENV},{V5Config.LDAP_ROOT}'
+    new_dn = f'cn={new_member.norm}'
+    new_values = [
+        (ldap.MOD_REPLACE, 'sn', [new_member.norm.encode('utf-8')]),
+        (ldap.MOD_REPLACE, 'displayName', [new_member.name.encode('utf-8')]),
+        (ldap.MOD_REPLACE, 'mail', [new_member.email.encode('utf-8')]),
+    ]

-    # modlist = modifyModlist(old_value, new_value)
-    # conn.modify_s(dn, modlist)
+    conn.modify_s(old_dn, new_values)
+    conn.rename_s(old_dn, new_dn)


 def set_email(user, email):