Skip to content

Instantly share code, notes, and snippets.

@babakc babakc/reset_function.py Secret
Created Jan 6, 2018

Embed
What would you like to do?
import ldap
import os
import boto3
import random
import string
from base64 import b64decode
#Variables
url=os.environ['url']
domain_base_dn=os.environ['domain_base_dn']
user=os.environ['user']
ENCRYPTED=os.environ['pw']
pw=boto3.client('kms').decrypt(CiphertextBlob=b64decode(ENCRYPTED))['Plaintext']
def lambda_handler(event, context):
#Set up LDAP connection
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
con = ldap.initialize(url)
con.set_option(ldap.OPT_REFERRALS, 0)
con.bind_s(user,pw)
slotUserID = event["currentIntent"]["slots"]["UserID"]
results = con.search_ext_s(domain_base_dn,ldap.SCOPE_SUBTREE,"sAMAccountName=" + slotUserID,attrlist=['monthStarted', 'birthDate', 'distinguishedName','telephoneNumber'])
birthdate = results[0][1]["birthDate"][0]
monthStarted = results[0][1]["monthStarted"][0]
phoneNumber = results[0][1]["telephoneNumber"][0]
slotBirthDate = event["currentIntent"]["slots"]["DOB"]
slotMonth = event["currentIntent"]["slots"]["MonthStarted"]
# Reset Password
if((birthdate == slotBirthDate) and (monthStarted == slotMonth)):
new_password = ''.join(random.choice(string.letters + string.digits + string.punctuation) for _ in range(10))
unicode_pass = unicode('\"' + new_password + '\"', 'iso-8859-1')
password_value = unicode_pass.encode('utf-16-le')
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])]
con.modify_s(results[0][1]["distinguishedName"][0],add_pass)
sns = boto3.client('sns')
sns.publish(PhoneNumber=phoneNumber, Message='Your new password is ' + new_password )
endData = {
"dialogAction": {
"type": "Close",
"fulfillmentState": "Fulfilled",
"message": {
"contentType": "PlainText",
"content": "Your password has been reset and sent to your mobile."
}
}
}
else:
endData = {
"dialogAction": {
"type": "Close",
"fulfillmentState": "Failed",
"message": {
"contentType": "PlainText",
"content": "The details you provided are incorrect. Goodbye"
}
}
}
con.unbind()
return endData
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.