1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-25 02:47:04 +00:00

admin: update user's password from the admin

This commit is contained in:
Joshua Tauberer 2014-09-21 17:24:01 +00:00
parent 8dfbb90f3a
commit 846768efcb
4 changed files with 59 additions and 11 deletions

View File

@ -104,12 +104,18 @@ def mail_users():
@app.route('/mail/users/add', methods=['POST']) @app.route('/mail/users/add', methods=['POST'])
@authorized_personnel_only @authorized_personnel_only
def mail_users_add(): def mail_users_add():
return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), env) try:
return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), env)
except ValueError as e:
return (str(e), 400)
@app.route('/mail/users/password', methods=['POST']) @app.route('/mail/users/password', methods=['POST'])
@authorized_personnel_only @authorized_personnel_only
def mail_users_password(): def mail_users_password():
return set_mail_password(request.form.get('email', ''), request.form.get('password', ''), env) try:
return set_mail_password(request.form.get('email', ''), request.form.get('password', ''), env)
except ValueError as e:
return (str(e), 400)
@app.route('/mail/users/remove', methods=['POST']) @app.route('/mail/users/remove', methods=['POST'])
@authorized_personnel_only @authorized_personnel_only

View File

@ -139,13 +139,7 @@ def add_mail_user(email, pw, privs, env):
if not validate_email(email, mode='user'): if not validate_email(email, mode='user'):
return ("Invalid email address.", 400) return ("Invalid email address.", 400)
# validate password validate_password(pw)
if pw.strip() == "":
return ("No password provided.", 400)
if re.search(r"[\s]", pw):
return ("Passwords cannot contain spaces.", 400)
if len(pw) < 4:
return ("Passwords must be at least four characters.", 400)
# validate privileges # validate privileges
if privs is None or privs.strip() == "": if privs is None or privs.strip() == "":
@ -193,6 +187,8 @@ def add_mail_user(email, pw, privs, env):
return kick(env, "mail user added") return kick(env, "mail user added")
def set_mail_password(email, pw, env): def set_mail_password(email, pw, env):
validate_password(pw)
# hash the password # hash the password
pw = utils.shell('check_output', ["/usr/bin/doveadm", "pw", "-s", "SHA512-CRYPT", "-p", pw]).strip() pw = utils.shell('check_output', ["/usr/bin/doveadm", "pw", "-s", "SHA512-CRYPT", "-p", pw]).strip()
@ -386,6 +382,16 @@ def kick(env, mail_result=None):
return "".join(s for s in results if s != "") return "".join(s for s in results if s != "")
def validate_password(pw):
# validate password
if pw.strip() == "":
raise ValueError("No password provided.")
if re.search(r"[\s]", pw):
raise ValueError("Passwords cannot contain spaces.")
if len(pw) < 4:
raise ValueError("Passwords must be at least four characters.")
if __name__ == "__main__": if __name__ == "__main__":
import sys import sys
if len(sys.argv) > 2 and sys.argv[1] == "validate-email": if len(sys.argv) > 2 and sys.argv[1] == "validate-email":

View File

@ -182,6 +182,11 @@ var global_modal_state = null;
var global_modal_funcs = null; var global_modal_funcs = null;
$(function() { $(function() {
$('#global_modal').on('shown.bs.modal', function (e) {
// set focus to first input in the global modal's body
var input = $('#global_modal .modal-body input');
if (input.length > 0) $(input[0]).focus();
})
$('#global_modal .btn-danger').click(function() { $('#global_modal .btn-danger').click(function() {
// Don't take action now. Wait for the modal to be totally hidden // Don't take action now. Wait for the modal to be totally hidden
// so that we don't attempt to show another modal while this one // so that we don't attempt to show another modal while this one

View File

@ -52,6 +52,13 @@
<span class='privs'> <span class='privs'>
</span> </span>
<span class="if_active">
<a href="#" onclick="users_set_password(this); return false;" class='setpw' title="Set Password">
set password
</a>
|
</span>
<span class='add-privs'> <span class='add-privs'>
</span> </span>
@ -141,11 +148,35 @@ function do_add_user() {
return false; return false;
} }
function users_set_password(elem) {
var email = $(elem).parents('tr').attr('data-email');
show_modal_confirm(
"Archive User",
$("<p>Set a new password for <b>" + email + "</b>?</p> <p><label for='users_set_password_pw' style='display: block; font-weight: normal'>New Password:</label><input type='password' id='users_set_password_pw'></p><p><small>Passwords must be at least four characters and may not contain spaces.</small></p>"),
"Set Password",
function() {
api(
"/mail/users/password",
"POST",
{
email: email,
password: $('#users_set_password_pw').val()
},
function(r) {
// Responses are multiple lines of pre-formatted text.
show_modal_error("Set Password", $("<pre/>").text(r));
},
function(r) {
show_modal_error("Set Password", r);
});
});
}
function users_remove(elem) { function users_remove(elem) {
var email = $(elem).parents('tr').attr('data-email'); var email = $(elem).parents('tr').attr('data-email');
show_modal_confirm( show_modal_confirm(
"Archive User", "Archive User",
$("<p>Are you sure you want to archive " + email + "?</p> <p>The user's mailboxes will not be deleted (you can do that later), but the user will no longer be able to log into any services on this machine.</p>"), $("<p>Are you sure you want to archive <b>" + email + "</b>?</p> <p>The user's mailboxes will not be deleted (you can do that later), but the user will no longer be able to log into any services on this machine.</p>"),
"Archive", "Archive",
function() { function() {
api( api(
@ -178,7 +209,7 @@ function mod_priv(elem, add_remove) {
var add_remove1 = add_remove.charAt(0).toUpperCase() + add_remove.substring(1); var add_remove1 = add_remove.charAt(0).toUpperCase() + add_remove.substring(1);
show_modal_confirm( show_modal_confirm(
"Modify Privileges", "Modify Privileges",
"Are you sure you want to " + add_remove + " the " + priv + " privilege for " + email + "?", "Are you sure you want to " + add_remove + " the " + priv + " privilege for <b>" + email + "</b>?",
add_remove1, add_remove1,
function() { function() {
api( api(