Self-service password reset web application that allows users to change their password in external user registry.
Supported user registries:
- LDAPv3
- User password reset with temporary resetlink send by email
- Simple captcha (no external dependencies to Google's reCaptcha and it's configuration)
- LDAPv3 user registry backend
- SMTP server email transport
- AWS SES email transport
- Python 3.6+
- Flask - web framework
- ldap3 - for LDAP backend
- boto3 - for AWS SES integration
Python libs requirements in requirements.txt
Configured and running one of the supported user registry.
LDAPv3
Tested with openLDAP server only, but can be run with other LDAPv3 servers supported by ldap3
python library (https://ldap3.readthedocs.io/en/latest/).
For LDAP registry you need configured user entry in RDN specified in LDAP_SERVER_SEARCH_RDN
env variable. For example LDAP_SERVER_SEARCH_RDN='dc=example,dc=com'
and user entry with objectclass=inetOrgPerson
and email
attributes, these attributes used as user searching filter.
Name | Required | Required if | Values | Description |
---|---|---|---|---|
USER_PASSWORD_MIN_SIZE | default=8 | user password minimal length size | ||
EMAIL_TRANSPORT | True | aws_ses, email_server | email transport | |
EMAIL_SERVER_ADDRESS | EMAIL_TRANSPORT = email_server | email server address | ||
EMAIL_SERVER_PORT | EMAIL_TRANSPORT = email_server | email server port | ||
EMAIL_SERVER_USER | EMAIL_TRANSPORT = email_server | email user | ||
EMAIL_SERVER_PASSWORD | EMAIL_TRANSPORT = email_server | email user password | ||
EMAIL_AWSSES_ACCESS_KEY | EMAIL_TRANSPORT = aws_ses | AWS access key | ||
EMAIL_AWSSES_SECRET_KEY | EMAIL_TRANSPORT = aws_ses | AWS secret key | ||
EMAIL_AWSSES_REGION | EMAIL_TRANSPORT = aws_ses | AWS region | ||
EMAIL_AWSSES_SENDER | EMAIL_TRANSPORT = aws_ses | 'from' email address. Note: this email address should be AWS SES verified to successfully send email messages via AWS SES. | ||
BACKEND_TYPE | True | ldap | user registry backend type | |
LDAP_SERVER_ADDRESS | BACKEND_TYPE=ldap | LDAP server ip address | ||
LDAP_SERVER_PORT | BACKEND_TYPE=ldap | default=389 | LDAP server ip port | |
LDAP_SERVER_USER | BACKEND_TYPE=ldap | LDAP administrator user (DN string, example: cn=admin,dc=example,dc=com ) |
||
LDAP_SERVER_PASSWORD | BACKEND_TYPE=ldap | LDAP user password | ||
LDAP_SERVER_USE_SSL | BACKEND_TYPE=ldap | default=False | use SSL for LDAP server connection | |
LDAP_SERVER_SEARCH_RDN | BACKEND_TYPE=ldap | LDAP RDN where searching for user entry by email attribute (example: dc=example,dc=com ) |
- Make sure you have running and configured external user registry server and you have credentials for it
- Configure and export environment variables described above
- Run
python app.py
- Navigate to http://127.0.0.1:8000
To run openLDAP + PHPldapadmin + Passreset stack use /deploy/examples/docker-compose.yaml.
http://127.0.0.1:8000 for Passreset, http://127.0.0.1:5000 for PHPldapadmin.
Please refer to each project's style and contribution guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.
- Fork the repo on GitHub
- Clone the project to your own machine
- Commit changes to your own branch
- Push your work back up to your fork
- Submit a Pull request so that we can review your changes
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
Apache 2.0