mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 18:01:23 -06:00
d1e695b5d0
IPA server web form-based authentication allows logins for users
which for some reason cannot use Kerberos authentication. However,
when a password for such users expires, they are unable change the
password via web interface.
This patch adds a new WSGI script attached to URL
/ipa/session/change_password which can be accessed without
authentication and which provides password change capability
for web services.
The actual password change in the script is processed by LDAP
password change command.
Password result is passed both in the resulting HTML page, but
also in HTTP headers for easier parsing in web services:
X-IPA-Pwchange-Result: {ok, invalid-password, policy-error, error}
(optional) X-IPA-Pwchange-Policy-Error: $policy_error_text
https://fedorahosted.org/freeipa/ticket/2276
53 lines
1.6 KiB
Python
53 lines
1.6 KiB
Python
# Authors:
|
|
# Martin Kosek <mkosek@redhat.com>
|
|
#
|
|
# Copyright (C) 2012 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
"""
|
|
Base class for HTTP request tests
|
|
"""
|
|
|
|
import urllib
|
|
import httplib
|
|
|
|
from ipalib import api
|
|
|
|
class Unauthorized_HTTP_test(object):
|
|
"""
|
|
Base class for simple HTTP request tests executed against URI
|
|
with no required authorization
|
|
"""
|
|
app_uri = ''
|
|
host = api.env.host
|
|
content_type = 'application/x-www-form-urlencoded'
|
|
|
|
def send_request(self, method='POST', params=None):
|
|
"""
|
|
Send a request to HTTP server
|
|
|
|
:param key When not None, overrides default app_uri
|
|
"""
|
|
if params is not None:
|
|
params = urllib.urlencode(params, True)
|
|
url = 'https://' + self.host + self.app_uri
|
|
|
|
headers = {'Content-Type' : self.content_type,
|
|
'Referer' : url}
|
|
|
|
conn = httplib.HTTPSConnection(self.host)
|
|
conn.request(method, self.app_uri, params, headers)
|
|
return conn.getresponse()
|