Skip to content

vfabi/passreset

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PASSRESET

GitHub tag (latest by date) GitHub last commit License

Generic badge Docker Cloud Automated build Docker Pulls Docker Cloud Build Status

Self-service password reset web application that allows users to change their password in external user registry.
Supported user registries:

  • LDAPv3

Interface

Image description

Features

  • User password reset with temporary resetlink send by email
  • Simple captcha (no external dependencies to Google's reCaptcha and it's configuration)
  • LDAPv3 user registry backend
  • SMTP server email transport
  • AWS SES email transport

Technology stack

  • Python 3.6+
  • Flask - web framework
  • ldap3 - for LDAP backend
  • boto3 - for AWS SES integration

Requirements and dependencies

Application

Python libs requirements in requirements.txt

External

Configured and running one of the supported user registry.

LDAPv3

Tested with openLDAP server only, but can be run with other LDAPv3 servers supported by ldap3 python library (https://ldap3.readthedocs.io/en/latest/).
For LDAP registry you need configured user entry in RDN specified in LDAP_SERVER_SEARCH_RDN env variable. For example LDAP_SERVER_SEARCH_RDN='dc=example,dc=com' and user entry with objectclass=inetOrgPerson and email attributes, these attributes used as user searching filter.

Configuration

Environment variables

Name Required Required if Values Description
USER_PASSWORD_MIN_SIZE default=8 user password minimal length size
EMAIL_TRANSPORT True aws_ses, email_server email transport
EMAIL_SERVER_ADDRESS EMAIL_TRANSPORT = email_server email server address
EMAIL_SERVER_PORT EMAIL_TRANSPORT = email_server email server port
EMAIL_SERVER_USER EMAIL_TRANSPORT = email_server email user
EMAIL_SERVER_PASSWORD EMAIL_TRANSPORT = email_server email user password
EMAIL_AWSSES_ACCESS_KEY EMAIL_TRANSPORT = aws_ses AWS access key
EMAIL_AWSSES_SECRET_KEY EMAIL_TRANSPORT = aws_ses AWS secret key
EMAIL_AWSSES_REGION EMAIL_TRANSPORT = aws_ses AWS region
EMAIL_AWSSES_SENDER EMAIL_TRANSPORT = aws_ses 'from' email address. Note: this email address should be AWS SES verified to successfully send email messages via AWS SES.
BACKEND_TYPE True ldap user registry backend type
LDAP_SERVER_ADDRESS BACKEND_TYPE=ldap LDAP server ip address
LDAP_SERVER_PORT BACKEND_TYPE=ldap default=389 LDAP server ip port
LDAP_SERVER_USER BACKEND_TYPE=ldap LDAP administrator user (DN string, example: cn=admin,dc=example,dc=com)
LDAP_SERVER_PASSWORD BACKEND_TYPE=ldap LDAP user password
LDAP_SERVER_USE_SSL BACKEND_TYPE=ldap default=False use SSL for LDAP server connection
LDAP_SERVER_SEARCH_RDN BACKEND_TYPE=ldap LDAP RDN where searching for user entry by email attribute (example: dc=example,dc=com)

Usage

Local

  • Make sure you have running and configured external user registry server and you have credentials for it
  • Configure and export environment variables described above
  • Run python app.py
  • Navigate to http://127.0.0.1:8000

Docker-compose stack

To run openLDAP + PHPldapadmin + Passreset stack use /deploy/examples/docker-compose.yaml.
http://127.0.0.1:8000 for Passreset, http://127.0.0.1:5000 for PHPldapadmin.

Docker

Generic badge

Contributing

Please refer to each project's style and contribution guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.

  1. Fork the repo on GitHub
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull request so that we can review your changes

NOTE: Be sure to merge the latest from "upstream" before making a pull request!

License

Apache 2.0