Merge pull request #31 from PedroHenriqueDevBR/dev

feat: verify expirated user password

ldap_password/apps/core/services/ldap/search_user.py

@@ -1,5 +1,6 @@
 import json
 from typing import Optional
+from datetime import datetime, timedelta
 
 import ldap3
 from django.conf import settings
@@ -50,6 +51,7 @@ def _execute_search(self, user: str) -> bool:
             attributes=[
                 "uid",
                 "mail",
+                "accountExpires",
             ],
         )
 
@@ -123,3 +125,31 @@ def search_mail_by_username(self, username: str) -> str:
             return _("Can not search user data in LDAP Server")
         except LDAPSocketOpenError:
             return _("Can not connect to the LDAP server")
+
+    def verify_user_expided_password_by_username(self, username: str) -> str:
+        try:
+            response = self._search(username=username)
+            if response is None:
+                raise IndexError
+
+            attrs = response["attributes"]
+            if "accountExpires" in attrs:
+                now = datetime.now()
+                now_timestamp = now.timestamp()
+                account_expires = attrs["accountExpires"][0]
+                diference = timedelta(1)
+                expire_date = datetime.fromisoformat(account_expires)
+                expire_date = expire_date - diference  # remove 1 day from date
+                expire_timestamp = expire_date.timestamp()
+                return str(now_timestamp >= expire_timestamp)
+
+            raise AttributeError
+        except AttributeError:
+            return _("Expires date not registered to user")
+        except IndexError:
+            msg = _("Not found")
+            return f"{username} {msg}!"
+        except ConnectionError:
+            return _("Can not search user data in LDAP Server")
+        except LDAPSocketOpenError:
+            return _("Can not connect to the LDAP server")

ldap_password/apps/core/urls.py

@@ -3,6 +3,7 @@
 from apps.core.views import (
     index,
     success,
+    ValidateExpiredPasswordView,
     PasswordView,
     RequestMailView,
     ConfirmTokenView,
@@ -16,6 +17,11 @@
     path("password", PasswordView.as_view(), name="password"),
     path("request/mail", RequestMailView.as_view(), name="mail"),
     path("request/token", ConfirmTokenView.as_view(), name="token"),
+    path(
+        "request/expired",
+        ValidateExpiredPasswordView.as_view(),
+        name="expired",
+    ),
     path(
         "request/token/password",
         ChangePasswordToken.as_view(),

ldap_password/apps/core/views.py

@@ -3,6 +3,7 @@
 from django.conf import settings
 from django.contrib import messages
 from django.http import HttpRequest, QueryDict
+from django.http import JsonResponse
 from django.shortcuts import redirect, render
 from django.utils.translation import gettext as _
 from django.views import View
@@ -28,6 +29,24 @@ def success(request: HttpRequest):
     return render(request, template_name, context)
 
 
+class ValidateExpiredPasswordView(View):
+    def post(self, request: HttpRequest):
+        data = request.POST
+        if not data.get("username"):
+            return JsonResponse({"return": False}, safe=True, status=400)
+
+        username = data.get("username") or ""
+        ldap_search = SearchLDAPUser()
+        response = ldap_search.verify_user_expided_password_by_username(
+            username=username,
+        )
+
+        if response == "True":
+            return JsonResponse({"return": True}, safe=True, status=200)
+
+        return JsonResponse({"return": False}, status=401)
+
+
 class PasswordView(View):
     def get(self, request: HttpRequest):
         enterprise_name = settings.ENTERPRISE_NAME