mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-22 02:17:26 +00:00
admin: update user's password from the admin
This commit is contained in:
Joshua Tauberer
parent
8dfbb90f3a
commit
846768efcb
@ -104,12 +104,18 @@ def mail_users():
|
|||||||
@app.route('/mail/users/add', methods=['POST'])
|
@app.route('/mail/users/add', methods=['POST'])
|
||||||
@authorized_personnel_only
|
@authorized_personnel_only
|
||||||
def mail_users_add():
|
def mail_users_add():
|
||||||
return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), env)
|
try:
|
||||||
|
return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), env)
|
||||||
|
except ValueError as e:
|
||||||
|
return (str(e), 400)
|
||||||
|
|
||||||
@app.route('/mail/users/password', methods=['POST'])
|
@app.route('/mail/users/password', methods=['POST'])
|
||||||
@authorized_personnel_only
|
@authorized_personnel_only
|
||||||
def mail_users_password():
|
def mail_users_password():
|
||||||
return set_mail_password(request.form.get('email', ''), request.form.get('password', ''), env)
|
try:
|
||||||
|
return set_mail_password(request.form.get('email', ''), request.form.get('password', ''), env)
|
||||||
|
except ValueError as e:
|
||||||
|
return (str(e), 400)
|
||||||
|
|
||||||
@app.route('/mail/users/remove', methods=['POST'])
|
@app.route('/mail/users/remove', methods=['POST'])
|
||||||
@authorized_personnel_only
|
@authorized_personnel_only
|
||||||
|
|||||||
@ -139,13 +139,7 @@ def add_mail_user(email, pw, privs, env):
|
|||||||
if not validate_email(email, mode='user'):
|
if not validate_email(email, mode='user'):
|
||||||
return ("Invalid email address.", 400)
|
return ("Invalid email address.", 400)
|
||||||
|
|
||||||
# validate password
|
validate_password(pw)
|
||||||
if pw.strip() == "":
|
|
||||||
return ("No password provided.", 400)
|
|
||||||
if re.search(r"[\s]", pw):
|
|
||||||
return ("Passwords cannot contain spaces.", 400)
|
|
||||||
if len(pw) < 4:
|
|
||||||
return ("Passwords must be at least four characters.", 400)
|
|
||||||
|
|
||||||
# validate privileges
|
# validate privileges
|
||||||
if privs is None or privs.strip() == "":
|
if privs is None or privs.strip() == "":
|
||||||
@ -193,6 +187,8 @@ def add_mail_user(email, pw, privs, env):
|
|||||||
return kick(env, "mail user added")
|
return kick(env, "mail user added")
|
||||||
|
|
||||||
def set_mail_password(email, pw, env):
|
def set_mail_password(email, pw, env):
|
||||||
|
validate_password(pw)
|
||||||
|
|
||||||
# hash the password
|
# hash the password
|
||||||
pw = utils.shell('check_output', ["/usr/bin/doveadm", "pw", "-s", "SHA512-CRYPT", "-p", pw]).strip()
|
pw = utils.shell('check_output', ["/usr/bin/doveadm", "pw", "-s", "SHA512-CRYPT", "-p", pw]).strip()
|
||||||
|
|
||||||
@ -386,6 +382,16 @@ def kick(env, mail_result=None):
|
|||||||
|
|
||||||
return "".join(s for s in results if s != "")
|
return "".join(s for s in results if s != "")
|
||||||
|
|
||||||
|
def validate_password(pw):
|
||||||
|
# validate password
|
||||||
|
if pw.strip() == "":
|
||||||
|
raise ValueError("No password provided.")
|
||||||
|
if re.search(r"[\s]", pw):
|
||||||
|
raise ValueError("Passwords cannot contain spaces.")
|
||||||
|
if len(pw) < 4:
|
||||||
|
raise ValueError("Passwords must be at least four characters.")
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
import sys
|
import sys
|
||||||
if len(sys.argv) > 2 and sys.argv[1] == "validate-email":
|
if len(sys.argv) > 2 and sys.argv[1] == "validate-email":
|
||||||
|
|||||||
@ -182,6 +182,11 @@ var global_modal_state = null;
|
|||||||
var global_modal_funcs = null;
|
var global_modal_funcs = null;
|
||||||
|
|
||||||
$(function() {
|
$(function() {
|
||||||
|
$('#global_modal').on('shown.bs.modal', function (e) {
|
||||||
|
// set focus to first input in the global modal's body
|
||||||
|
var input = $('#global_modal .modal-body input');
|
||||||
|
if (input.length > 0) $(input[0]).focus();
|
||||||
|
})
|
||||||
$('#global_modal .btn-danger').click(function() {
|
$('#global_modal .btn-danger').click(function() {
|
||||||
// Don't take action now. Wait for the modal to be totally hidden
|
// Don't take action now. Wait for the modal to be totally hidden
|
||||||
// so that we don't attempt to show another modal while this one
|
// so that we don't attempt to show another modal while this one
|
||||||
|
|||||||
@ -52,6 +52,13 @@
|
|||||||
<span class='privs'>
|
<span class='privs'>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
<span class="if_active">
|
||||||
|
<a href="#" onclick="users_set_password(this); return false;" class='setpw' title="Set Password">
|
||||||
|
set password
|
||||||
|
</a>
|
||||||
|
|
|
||||||
|
</span>
|
||||||
|
|
||||||
<span class='add-privs'>
|
<span class='add-privs'>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
@ -141,11 +148,35 @@ function do_add_user() {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function users_set_password(elem) {
|
||||||
|
var email = $(elem).parents('tr').attr('data-email');
|
||||||
|
show_modal_confirm(
|
||||||
|
"Archive User",
|
||||||
|
$("<p>Set a new password for <b>" + email + "</b>?</p> <p><label for='users_set_password_pw' style='display: block; font-weight: normal'>New Password:</label><input type='password' id='users_set_password_pw'></p><p><small>Passwords must be at least four characters and may not contain spaces.</small></p>"),
|
||||||
|
"Set Password",
|
||||||
|
function() {
|
||||||
|
api(
|
||||||
|
"/mail/users/password",
|
||||||
|
"POST",
|
||||||
|
{
|
||||||
|
email: email,
|
||||||
|
password: $('#users_set_password_pw').val()
|
||||||
|
},
|
||||||
|
function(r) {
|
||||||
|
// Responses are multiple lines of pre-formatted text.
|
||||||
|
show_modal_error("Set Password", $("<pre/>").text(r));
|
||||||
|
},
|
||||||
|
function(r) {
|
||||||
|
show_modal_error("Set Password", r);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
function users_remove(elem) {
|
function users_remove(elem) {
|
||||||
var email = $(elem).parents('tr').attr('data-email');
|
var email = $(elem).parents('tr').attr('data-email');
|
||||||
show_modal_confirm(
|
show_modal_confirm(
|
||||||
"Archive User",
|
"Archive User",
|
||||||
$("<p>Are you sure you want to archive " + email + "?</p> <p>The user's mailboxes will not be deleted (you can do that later), but the user will no longer be able to log into any services on this machine.</p>"),
|
$("<p>Are you sure you want to archive <b>" + email + "</b>?</p> <p>The user's mailboxes will not be deleted (you can do that later), but the user will no longer be able to log into any services on this machine.</p>"),
|
||||||
"Archive",
|
"Archive",
|
||||||
function() {
|
function() {
|
||||||
api(
|
api(
|
||||||
@ -178,7 +209,7 @@ function mod_priv(elem, add_remove) {
|
|||||||
var add_remove1 = add_remove.charAt(0).toUpperCase() + add_remove.substring(1);
|
var add_remove1 = add_remove.charAt(0).toUpperCase() + add_remove.substring(1);
|
||||||
show_modal_confirm(
|
show_modal_confirm(
|
||||||
"Modify Privileges",
|
"Modify Privileges",
|
||||||
"Are you sure you want to " + add_remove + " the " + priv + " privilege for " + email + "?",
|
"Are you sure you want to " + add_remove + " the " + priv + " privilege for <b>" + email + "</b>?",
|
||||||
add_remove1,
|
add_remove1,
|
||||||
function() {
|
function() {
|
||||||
api(
|
api(
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user