src/postorius/management/commands/reset_passwords.py

   1 # -*- coding: utf-8 -*-
   2 # Copyright (C) 2017-2023 by the Free Software Foundation, Inc.
   3 #
   4 # This file is part of Postorius.
   5 #
   6 # Postorius is free software: you can redistribute it and/or modify it under
   7 # the terms of the GNU General Public License as published by the Free
   8 # Software Foundation, either version 3 of the License, or (at your option)
   9 # any later version.
  10 #
  11 # Postorius is distributed in the hope that it will be useful, but WITHOUT
  12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  14 # more details.
  15 #
  16 # You should have received a copy of the GNU General Public License along with
  17 # Postorius.  If not, see <http://www.gnu.org/licenses/>.
  18 #
  19
  20 import base64
  21 import os
  22
  23 from django.core.management.base import BaseCommand
  24
  25 from django_mailman3.lib.mailman import get_mailman_client
  26
  27
  28 PASSWORD_BYTES = 32
  29
  30
  31 class Command(BaseCommand):
  32
  33     help = """Reset passwords of all users in Mailman Core. This does not
  34     affect the login passwords of users in Django or any other social
  35     authentication. Users will be able to login with their current passwords.
  36     Mailman Core maintains a second set of passwords for every user, which
  37     would be set to a random value of base64 encode 32 bytes."""
  38
  39     def handle(self, *args, **kwargs):
  40         client = get_mailman_client()
  41         for user in self._get_all_users(client):
  42             self._reset_password(user)
  43
  44     def _get_all_users(self, client):
  45         """Given a mailmanclient.Client instance, returns an iterator of
  46         paginated user records.
  47         """
  48         page = client.get_user_page(count=50, page=1)
  49         while True:
  50             for user in page:
  51                 yield user
  52             if page.has_next:
  53                 page = page.next
  54             else:
  55                 break
  56
  57     def _reset_password(self, user):
  58         """Given a mailmanclient.restobject.user.User object, reset its
  59         password to None in the database.
  60         """
  61         user.password = self._get_random_password()
  62         user.save()
  63         msg = 'Password reset for {}'.format(user)
  64         self.stdout.write(self.style.SUCCESS(msg))
  65
  66     def _get_random_password(self):
  67         """Generate a random password for a user."""
  68         tok = os.urandom(PASSWORD_BYTES)
  69         return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii')