Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def password_matches(username, password):
"""Returns True if the password matches the user account given"""
validators.validate_username(username)
validators.validate_password(username, password, strength_check=False)
if not validators.user_exists(username):
raise ValueError("User doesn't exist")
cmd = 'kinit --no-forwardable -l0 {}@OCF.BERKELEY.EDU'.format(username)
child = pexpect.spawn(cmd, timeout=10)
child.expect("{}@OCF.BERKELEY.EDU's Password:".format(username))
child.sendline(password)
child.expect(pexpect.EOF)
child.close()
return child.exitstatus == 0
def account_pending(request: HttpRequest) -> HttpResponse:
return render(request, 'account/register/pending.html', {'title': 'Account request pending'})
def account_created(request: HttpRequest) -> HttpResponse:
return render(request, 'account/register/success.html', {'title': 'Account request successful'})
class ApproveForm(Form):
ocf_login_name = forms.CharField(
label='OCF account name',
widget=forms.TextInput(attrs={'placeholder': 'jsmith'}),
validators=[wrap_validator(validators.validate_username)],
min_length=3,
max_length=16,
)
# password is validated in clean since we need the username as part of the
# password validation (to compare similarity)
password = forms.CharField(
widget=forms.PasswordInput(render_value=True),
label='Password',
min_length=8,
max_length=256,
)
verify_password = forms.CharField(
widget=forms.PasswordInput(render_value=True),
label='Confirm password',
import ocflib.account.validators as validators
import ocflib.misc.validators
from django import forms
from ocfweb.atool.utils import wrap_validator
class ApproveForm(forms.Form):
def __init__(self, *args, **kwargs):
super(ApproveForm, self).__init__(*args, **kwargs)
ocf_login_name = forms.CharField(
label='OCF login name',
validators=[wrap_validator(validators.validate_username)],
min_length=3,
max_length=8)
# password is validated in clean since we need the username as part of the
# password validation (to compare similarity)
password = forms.CharField(
widget=forms.PasswordInput(render_value=True),
label='New password',
min_length=8,
max_length=64,
)
verify_password = forms.CharField(
widget=forms.PasswordInput(render_value=True),
label='Confirm password',
min_length=8,
def validate_username(username, realname):
"""Validates a username and realname pair to ensure:
* Username isn't already in use
* Username is based on realname
* Username isn't restricted."""
if search.user_exists(username):
raise ValidationError('Username {} already exists.'.format(username))
try:
validators.validate_username(username)
except ValueError as ex:
raise ValidationError(str(ex))
SIMILARITY_THRESHOLD = 2
if similarity_heuristic(realname, username) > SIMILARITY_THRESHOLD:
raise ValidationWarning(
'Username {} not based on real name {}.'.format(username, realname))
if any(word in username for word in BAD_WORDS):
raise ValidationWarning('Username {} contains bad words.'.format(username))
if any(word in username for word in RESTRICTED_WORDS):
raise ValidationWarning('Username {} contains restricted words.'.format(username))
def change_password_with_staffer(username, password, principal,
admin_password, comment=None):
"""Change a user's Kerberos password using kadmin and a password, subject
to username and password validation.
:param comment: comment to include in notification email
"""
validators.validate_username(username)
validators.validate_password(username, password)
# try changing using kadmin pexpect
cmd = '{kadmin_path} -p {principal} cpw {username}'.format(
kadmin_path=shlex.quote(KADMIN_PATH),
principal=shlex.quote(principal),
username=shlex.quote(username))
child = pexpect.spawn(cmd, timeout=10)
child.expect("{}@OCF.BERKELEY.EDU's Password:".format(username))
child.sendline(password)
child.expect("Verify password - {}@OCF.BERKELEY.EDU's Password:"
.format(username))
child.sendline(password)
def change_password_with_keytab(username, password, keytab, principal, comment=None):
"""Change a user's Kerberos password using a keytab, subject to username
and password validation.
:param comment: comment to include in notification email
"""
validators.validate_username(username, check_exists=True)
validators.validate_password(username, password)
# try changing using kadmin pexpect
cmd = '{kadmin_path} -K {keytab} -p {principal} cpw {username}'.format(
kadmin_path=shlex.quote(KADMIN_PATH),
keytab=shlex.quote(keytab),
principal=shlex.quote(principal),
username=shlex.quote(username))
child = pexpect.spawn(cmd, timeout=10)
child.expect("{}@OCF.BERKELEY.EDU's Password:".format(username))
child.sendline(password)
child.expect("Verify password - {}@OCF.BERKELEY.EDU's Password:"
.format(username))
child.sendline(password)