Added assign/unassign Yubikey to auth.

2024-11-29 10:24:11 +01:00 · 2013-05-14 13:22:13 +02:00 · 2013-05-14 13:22:13 +02:00 · f2772b08cd
commit f2772b08cd
parent 31909f893c
4 changed files with 132 additions and 23 deletions
--- a/yubiadmin/apps/auth.py
+++ b/yubiadmin/apps/auth.py
@ -31,7 +31,7 @@ from wtforms import Form
 from wtforms.fields import (SelectField, TextField, BooleanField, IntegerField,
                            PasswordField)
 from wtforms.widgets import PasswordInput
-from wtforms.validators import NumberRange, URL, EqualTo
+from wtforms.validators import NumberRange, URL, EqualTo, Regexp, Optional
 from yubiadmin.util.app import App, render
 from yubiadmin.util.config import (python_handler, python_list_handler,
                                   FileConfig)
@ -223,7 +223,7 @@ class YubiAuthApp(App):

 class CreateUserForm(Form):
    legend = 'Create new User'
-    username = TextField()
+    username = TextField('Username')
    password = PasswordField('Password',
                             widget=PasswordInput(hide_value=False))
    verify = PasswordField('Verify password',
@ -245,29 +245,57 @@ class CreateUserForm(Form):
        self.verify.data = None


+class SetPasswordForm(Form):
+    legend = 'Change Password'
+    password = PasswordField('New password',
+                             [Optional()],
+                             widget=PasswordInput(hide_value=False))
+    verify = PasswordField('Verify password',
+                           [EqualTo('password')],
+                           widget=PasswordInput(hide_value=False))
+
+    def __init__(self, user, auth, **kwargs):
+        super(SetPasswordForm, self).__init__(**kwargs)
+        self.user = user
+        self.auth = auth
+
+    def load(self):
+        pass
+
+    def save(self):
+        if self.password.data:
+            self.user.set_password(self.password.data)
+            self.auth.commit()
+            self.password.data = None
+            self.verify.data = None
+
+
+class AssignYubiKeyForm(Form):
+    legend = 'Assign YubiKey'
+    assign = TextField('Assign YubiKey',
+                       [Regexp(r'^[cbdefghijklnrtuv]{1,64}$'),
+                           Optional()])
+
+    def __init__(self, user, auth, **kwargs):
+        super(AssignYubiKeyForm, self).__init__(**kwargs)
+        self.user = user
+        self.auth = auth
+
+    def load(self):
+        pass
+
+    def save(self):
+        if self.assign.data:
+            self.user.assign_yubikey(self.assign.data)
+            self.assign.data = None
+            self.auth.commit()
+
+
 class YubiAuthUsers(App):
    user_range = re.compile('(\d+)-(\d+)')

    def __init__(self):
        self.auth = YubiAuth()
-        # return
-        self.auth.create_user('dain', 'foo')
-        self.auth.create_user('klas', 'foo')
-        self.auth.create_user('tom', 'foo')
-        user = self.auth.create_user('simon', 'foo')
-        user.assign_yubikey('cccccccccccd')
-        user.assign_yubikey('ccccccccccce')
-        self.auth.create_user('user1', 'foo')
-        self.auth.create_user('user2', 'foo')
-        self.auth.create_user('user3', 'foo')
-        self.auth.create_user('user4', 'foo')
-        self.auth.create_user('user5', 'foo')
-        self.auth.create_user('user6', 'foo')
-        self.auth.create_user('user7', 'foo')
-        self.auth.create_user('user8', 'foo')
-        self.auth.create_user('user9', 'foo')
-        self.auth.create_user('user0', 'foo')
-        self.auth.commit()

    def __call__(self, request):
        sub_cmd = request.path_info_pop()
@ -277,6 +305,8 @@ class YubiAuthUsers(App):
            return self.delete(request)
        elif sub_cmd == 'delete_confirm':
            return self.delete_confirm(request)
+        elif sub_cmd == 'user':
+            return self.show_user(request)
        else:
            match = self.user_range.match(sub_cmd) if sub_cmd else None
            if match:
@ -324,5 +354,20 @@ class YubiAuthUsers(App):
            limit=limit, num_users=num_users, shown='%d-%d' % shown, prev=prev,
            next=next)

+    def show_user(self, request):
+        id = int(request.path_info_pop())
+        user = self.auth.get_user(id)
+        if 'unassign' in request.params:
+            del user.yubikeys[request.params['unassign']]
+            self.auth.commit()
+        msg = None
+        if 'password' in request.params:
+            msg = 'Password set!'
+        return self.render_forms(request,
+                                 [SetPasswordForm(user, self.auth),
+                                 AssignYubiKeyForm(user, self.auth)],
+                                 'auth/user', user=user,
+                                 success_msg=msg)
+

 app = YubiAuthApp()
--- a/yubiadmin/templates/auth/list.html
+++ b/yubiadmin/templates/auth/list.html
@ -1,6 +1,6 @@
 <form action="/auth/users/delete" method="post">

-<table class="table table-striped">
+<table class="table table-striped table-condensed">
 	<caption>YubiAuth users</caption>
 	<thead>
 		<tr>
@ -29,7 +29,7 @@
 		{% for user in users %}
 		<tr>
 			<td><input type="checkbox" name="user/{{ user.id }}"/></td>
-			<td>{{ user.name }}</td>
+			<td><a href="/auth/users/user/{{ user.id }}">{{ user.name }}</a></td>
 			<td colspan="2">{{ user.yubikeys | join(', ') }}</td>
 		</tr>
 		{% endfor %}
--- a/yubiadmin/templates/auth/user.html
+++ b/yubiadmin/templates/auth/user.html
@ -0,0 +1,63 @@
+{% import 'form.html' as forms %}
+
+{% if alert %}
+<div class="alert alert-{{ alert.type }}">
+	<button type="button" class="close" data-dismiss="alert">&times;</button>
+	<strong>{{ alert.title }}</strong>
+	{{ alert.message }}
+</div>
+{% endif %}
+
+<legend>User: {{ user.name }}</legend>
+
+<div class="row-fluid">
+	<div class="span6">
+		<table class="table table-condensed table-striped">
+			<caption>YubiKeys</caption>
+			<thead>
+				<tr>
+					<th style="width: 80%">Prefix</th>
+					<th style="width: 20%">Actions</th>
+				</tr>
+			</thead>
+			<tbody>
+				{% for prefix in user.yubikeys %}
+				<tr>
+					<td>{{ prefix }}</td>
+					<td style="text-align: right;">
+						<form method="post" style="margin: 0;">
+							<input type="hidden" name="unassign" value="{{prefix}}" />
+							<input type="submit" class="btn btn-danger" value="Remove" />
+						</form>
+					</td>
+				</tr>
+				{% endfor %}
+			</tbody>
+		</table>
+		{% set field = fieldsets[1]['assign'] %}
+		{{ field.label }}
+		<form class="form-inline" method="post">
+			{{ field(class='span10') }}
+			<input class="btn btn-primary" type="submit" value="Assign" />
+			{{ forms.form_field_errors(field) }}
+		</form>
+	</div>
+
+	<div class="span6">
+		{% if user.attributes %}
+		<table class="table table-condensed table-striped">
+			<caption>Attributes</caption>
+			<thead>
+				<tr><th>Attribute</th><th>Value</th></tr>
+			</thead>
+			<tbody>
+				{% for key in user.attributes %}
+				<tr><td>{{ key }}</td><td>{{ user.attributes[key] }}</td></tr>
+				{% endfor %}
+			</tbody>
+		</table>
+		{% endif %}
+	</div>
+</div>
+
+{{ forms.render_form(fieldsets[0:1]) }}
--- a/yubiadmin/util/app.py
+++ b/yubiadmin/util/app.py
@ -101,7 +101,8 @@ class App(object):
                errors = not form.validate() or errors
            if not errors:
                try:
-                    alert = {'type': 'success', 'title': success_msg}
+                    if success_msg:
+                        alert = {'type': 'success', 'title': success_msg}
                    for form in forms:
                        form.save()
                except Exception as e: