worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Removing workaround with MailPasswordReset

Browse Source
v2.11
Christophe Maudoux 4 years ago
parent 076a84764e
commit 0236dc00d6
17 changed files with 67 additions and 82 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
  2. 7
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
  3. 4
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
  4. 12
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
  5. 17
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Misc.pm
  6. 13
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
  7. 1
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
  8. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
  9. 6
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm
  10. 3
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Plugin.pm
  11. 24
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
  12. 4
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
  13. 2
      lemonldap-ng-manager/t/test-lib.pm
  14. 18
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
  15. 13
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
  16. 16
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
  17. 5
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
Unescape View File

@ -4,7 +4,7 @@ use strict;
use Mouse; use Mouse;
use XML::LibXML; use XML::LibXML;
our $VERSION = '2.0.8'; our $VERSION = '2.0.10';
# XML parser # XML parser
has parser => ( has parser => (

7
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
Unescape View File

@ -19,11 +19,12 @@ use Lemonldap::NG::Common::PSGI::Constants;
our $VERSION = '2.0.10'; our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Common::Conf::AccessLib', extends qw(
'Lemonldap::NG::Handler::PSGI::Router'; Lemonldap::NG::Handler::PSGI::Router
Lemonldap::NG::Common::Conf::AccessLib
);
has csp => ( is => 'rw' ); has csp => ( is => 'rw' );
has loadedPlugins => ( is => 'rw', default => sub { [] } ); has loadedPlugins => ( is => 'rw', default => sub { [] } );
has hLoadedPlugins => ( is => 'rw', default => sub { {} } ); has hLoadedPlugins => ( is => 'rw', default => sub { {} } );

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
Unescape View File

@ -1,7 +1,7 @@
package Lemonldap::NG::Manager::2ndFA; package Lemonldap::NG::Manager::2ndFA;
use utf8;
use strict; use strict;
use utf8;
use Mouse; use Mouse;
use Lemonldap::NG::Common::Session; use Lemonldap::NG::Common::Session;
@ -9,8 +9,6 @@ use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::PSGI::Constants; use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::Conf::ReConstants; use Lemonldap::NG::Common::Conf::ReConstants;
use feature 'state';
extends qw( extends qw(
Lemonldap::NG::Manager::Plugin Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Session::REST Lemonldap::NG::Common::Session::REST

12
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
Unescape View File

@ -5,12 +5,6 @@ use strict;
use utf8; use utf8;
use Mouse; use Mouse;
extends qw(
Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Session::REST
Lemonldap::NG::Common::Conf::RESTServer
);
use Lemonldap::NG::Manager::Api::2F; use Lemonldap::NG::Manager::Api::2F;
use Lemonldap::NG::Manager::Api::Misc; use Lemonldap::NG::Manager::Api::Misc;
use Lemonldap::NG::Manager::Api::Providers::OidcRp; use Lemonldap::NG::Manager::Api::Providers::OidcRp;
@ -19,6 +13,12 @@ use Lemonldap::NG::Manager::Api::Providers::CasApp;
use Lemonldap::NG::Manager::Api::Menu::Cat; use Lemonldap::NG::Manager::Api::Menu::Cat;
use Lemonldap::NG::Manager::Api::Menu::App; use Lemonldap::NG::Manager::Api::Menu::App;
extends qw(
Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Conf::RESTServer
Lemonldap::NG::Common::Session::REST
);
our $VERSION = '2.0.10'; our $VERSION = '2.0.10';
############################# #############################

17
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Misc.pm
Unescape View File

@ -86,16 +86,11 @@ sub _getSessionDBState {
# Handle DBI-type session stores # Handle DBI-type session stores
if ( $fakeobj->{object_store}->isa("Apache::Session::Store::DBI") ) { if ( $fakeobj->{object_store}->isa("Apache::Session::Store::DBI") ) {
#
# The 'connection' method will fail if the DB is unreachable # The 'connection' method will fail if the DB is unreachable
# this is good enough a test for now # this is good enough a test for now
eval { $fakeobj->{object_store}->connection($fakeobj) }; eval { $fakeobj->{object_store}->connection($fakeobj) };
if ($@) { return $@ ? 0 : 1;
return 0;
}
else {
return 1;
}
} }
# Handle MongoDB # Handle MongoDB
@ -106,17 +101,11 @@ sub _getSessionDBState {
$fakeobj->{object_store}->connection($fakeobj); $fakeobj->{object_store}->connection($fakeobj);
$fakeobj->{object_store}->{collection}->estimated_document_count; $fakeobj->{object_store}->{collection}->estimated_document_count;
}; };
if ($@) { return $@ ? 0 : 1;
return 0;
}
else {
return 1;
}
} }
# We don't know # We don't know
return 2; return 2;
} }
sub _getObjectSessionModule { sub _getObjectSessionModule {

13
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
Unescape View File

@ -17,12 +17,12 @@ use Convert::PEM;
use URI::URL; use URI::URL;
use Net::SSLeay; use Net::SSLeay;
use feature 'state'; extends qw(
Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Conf::RESTServer
);
extends 'Lemonldap::NG::Manager::Plugin', our $VERSION = '2.0.10';
'Lemonldap::NG::Common::Conf::RESTServer';
our $VERSION = '2.0.9';
############################# #############################
# I. INITIALIZATION METHODS # # I. INITIALIZATION METHODS #
@ -315,7 +315,8 @@ sub prx {
sub getConfByNum { sub getConfByNum {
my ( $self, $cfgNum, @args ) = @_; my ( $self, $cfgNum, @args ) = @_;
unless ( %{ $self->currentConf } unless ($self->currentConf
and %{ $self->currentConf }
and $cfgNum == $self->currentConf->{cfgNum} ) and $cfgNum == $self->currentConf->{cfgNum} )
{ {
my $tmp; my $tmp;

1
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
Unescape View File

@ -2,6 +2,7 @@ package Lemonldap::NG::Manager::Conf::Tests;
use strict; use strict;
use utf8; use utf8;
use strict;
use Lemonldap::NG::Common::Regexp; use Lemonldap::NG::Common::Regexp;
use Lemonldap::NG::Handler::Main; use Lemonldap::NG::Handler::Main;
use Lemonldap::NG::Common::Util qw(getSameSite); use Lemonldap::NG::Common::Util qw(getSameSite);

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
Unescape View File

@ -1,5 +1,7 @@
package Lemonldap::NG::Manager::Conf::Zero; package Lemonldap::NG::Manager::Conf::Zero;
use strict;
our $VERSION = '2.0.9'; our $VERSION = '2.0.9';
sub zeroConf { sub zeroConf {

6
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm
Unescape View File

@ -12,15 +12,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::Conf::ReConstants; use Lemonldap::NG::Common::Conf::ReConstants;
require Lemonldap::NG::Common::Notifications; require Lemonldap::NG::Common::Notifications;
use feature 'state';
extends qw( extends qw(
Lemonldap::NG::Manager::Plugin Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Conf::AccessLib
Lemonldap::NG::Common::PSGI::Router Lemonldap::NG::Common::PSGI::Router
Lemonldap::NG::Common::Conf::AccessLib
); );
our $VERSION = '2.0.9'; our $VERSION = '2.0.10';
has notifAccess => ( is => 'rw' ); has notifAccess => ( is => 'rw' );
has notifFormat => ( is => 'rw' ); has notifFormat => ( is => 'rw' );

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Plugin.pm
Unescape View File

@ -2,7 +2,8 @@ package Lemonldap::NG::Manager::Plugin;
use strict; use strict;
use Mouse; use Mouse;
our $VERSION = '2.0.8';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Common::Module'; extends 'Lemonldap::NG::Common::Module';

24
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
Unescape View File

@ -1,7 +1,7 @@
package Lemonldap::NG::Manager::Sessions; package Lemonldap::NG::Manager::Sessions;
use utf8;
use strict; use strict;
use utf8;
use Mouse; use Mouse;
use Lemonldap::NG::Common::Session; use Lemonldap::NG::Common::Session;
@ -11,11 +11,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::Conf::ReConstants; use Lemonldap::NG::Common::Conf::ReConstants;
use Lemonldap::NG::Common::IPv6; use Lemonldap::NG::Common::IPv6;
use feature 'state'; #use feature 'state';
extends 'Lemonldap::NG::Manager::Plugin', extends qw(
'Lemonldap::NG::Common::Conf::AccessLib', Lemonldap::NG::Manager::Plugin
'Lemonldap::NG::Common::Session::REST'; Lemonldap::NG::Common::Session::REST
Lemonldap::NG::Common::Conf::AccessLib
);
our $VERSION = '2.0.10'; our $VERSION = '2.0.10';
@ -75,15 +77,15 @@ sub delOIDCConsent {
my $epoch = $params->{epoch}; my $epoch = $params->{epoch};
my $rp = $params->{rp}; my $rp = $params->{rp};
my $id = $req->params('sessionId') my $id = $req->params('sessionId')
or return $self->sendError( $req, 'sessionId is missing', 400 ); or return $self->sendError( $req, 'sessionId is missing', 400 );
$req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id)); $req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
if ( $rp =~ /\b[\w-]+\b/ and defined $epoch ) { if ( $rp =~ /\b[\w-]+\b/ and defined $epoch ) {
$self->logger->debug( $self->logger->debug(
"Call procedure deleteOIDCConsent with RP=$rp and epoch=$epoch"); "Call procedure deleteOIDCConsent with RP=$rp and epoch=$epoch");
return $self->deleteOIDCConsent( $req ); return $self->deleteOIDCConsent($req);
} }
else { else {
return $self->sendError( $req, undef, 400 ); return $self->sendError( $req, undef, 400 );
@ -448,12 +450,12 @@ sub _maybeEncryptSessionId {
sub delSession { sub delSession {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
my $id = $req->params('sessionId') my $id = $req->params('sessionId')
or return $self->sendError( $req, 'sessionId is missing', 400 ); or return $self->sendError( $req, 'sessionId is missing', 400 );
$req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id)); $req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
return $self->SUPER::delSession( $req ); return $self->SUPER::delSession($req);
} }
sub cmpIPv4 { sub cmpIPv4 {

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
Unescape View File

@ -7,14 +7,12 @@ use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::UserAgent; use Lemonldap::NG::Common::UserAgent;
use URI::URL; use URI::URL;
use feature 'state';
extends 'Lemonldap::NG::Manager::Conf'; extends 'Lemonldap::NG::Manager::Conf';
has diffRule => ( is => 'rw', default => sub { 0 } ); has diffRule => ( is => 'rw', default => sub { 0 } );
has brwRule => ( is => 'rw', default => sub { 0 } ); has brwRule => ( is => 'rw', default => sub { 0 } );
our $VERSION = '2.0.8'; our $VERSION = '2.0.10';
############################# #############################
# I. INITIALIZATION METHODS # # I. INITIALIZATION METHODS #

2
lemonldap-ng-manager/t/test-lib.pm
Unescape View File

@ -2,7 +2,7 @@
use strict; use strict;
use Data::Dumper; use Data::Dumper;
use 5.10.0;
use_ok('Lemonldap::NG::Manager::Cli::Lib'); use_ok('Lemonldap::NG::Manager::Cli::Lib');
our $client; our $client;

18
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
Unescape View File

@ -29,25 +29,19 @@ sub confirm {
} }
sub modifyPassword { sub modifyPassword {
my ( $self, $req, $pwd ) = @_; my ( $self, $req, $pwd, $useMail ) = @_;
my $dn = $req->data->{dn} || $req->sessionInfo->{_dn}; my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
unless ($dn) { unless ($dn) {
$self->logger->error('"dn" is not set, aborting password modification'); $self->logger->error('"dn" is not set, abort password modification');
return PE_ERROR; return PE_ERROR;
} }
my $rule = $self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute(
$self->conf->{portalRequireOldPassword}
)
);
unless ($rule) {
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
}
my $requireOldPassword = ( my $requireOldPassword = (
$req->userData $req->userData
? $rule->( $req, $req->userData ) ? $self->requireOldPwdRule->( $req, $req->userData )
: $rule->( $req, $req->sessionInfo ) : $self->requireOldPwdRule->( $req, $req->sessionInfo )
); );
$requireOldPassword = 0 if $useMail;
# Ensure connection is valid # Ensure connection is valid
$self->bind; $self->bind;

13
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
Unescape View File

@ -21,8 +21,19 @@ our $VERSION = '2.0.10';
# INITIALIZATION # INITIALIZATION
has requireOldPwdRule => ( is => 'rw' );
sub init { sub init {
$_[0]->p->{_passwordDB} = $_[0]; my ($self) = shift;
$self->requireOldPwdRule(
$self->p->buildRule(
$self->conf->{portalRequireOldPassword},
'portalRequireOldPassword'
)
);
return 0 unless $self->requireOldPwdRule;
$self->p->{_passwordDB} = $self;
} }
# INTERFACE # INTERFACE

16
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
Unescape View File

@ -28,31 +28,25 @@ sub confirm {
} }
sub modifyPassword { sub modifyPassword {
my ( $self, $req, $pwd ) = @_; my ( $self, $req, $pwd, $useMail ) = @_;
my $dn; my $dn;
my $requireOldPassword; my $requireOldPassword;
my $rule = $self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute(
$self->conf->{portalRequireOldPassword}
)
);
unless ($rule) {
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
}
if ( $req->data->{dn} ) { if ( $req->data->{dn} ) {
$dn = $req->data->{dn}; $dn = $req->data->{dn};
$requireOldPassword = $rule->( $req, $req->userData ); $requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );
$self->logger->debug("Get DN from request data: $dn"); $self->logger->debug("Get DN from request data: $dn");
} }
else { else {
$dn = $req->sessionInfo->{_dn}; $dn = $req->sessionInfo->{_dn};
$requireOldPassword = $rule->( $req, $req->sessionInfo ); $requireOldPassword = $self->requireOldPwdRule->( $req, $req->sessionInfo );
$self->logger->debug("Get DN from session data: $dn"); $self->logger->debug("Get DN from session data: $dn");
} }
unless ($dn) { unless ($dn) {
$self->logger->error('"dn" is not set, aborting password modification'); $self->logger->error('"dn" is not set, aborting password modification');
return PE_ERROR; return PE_ERROR;
} }
$requireOldPassword = 0 if $useMail;
# Ensure connection is valid # Ensure connection is valid
$self->bind; $self->bind;

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
Unescape View File

@ -473,16 +473,11 @@ sub changePwd {
return $cpq; return $cpq;
} }
# Modify the password TODO: change this
# Populate $req->{user} for logging purpose
my $tmp = $self->conf->{portalRequireOldPassword};
$self->conf->{portalRequireOldPassword} = 0;
$req->user( $req->{sessionInfo}->{_user} ); $req->user( $req->{sessionInfo}->{_user} );
my $result = my $result =
$self->p->_passwordDB->modifyPassword( $req, $self->p->_passwordDB->modifyPassword( $req,
$req->data->{newpassword}, 1 ); $req->data->{newpassword}, 1 );
$req->{user} = undef; $req->{user} = undef;
$self->conf->{portalRequireOldPassword} = $tmp;
# Mail token can be used only one time, delete the session if all is ok # Mail token can be used only one time, delete the session if all is ok
unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) { unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) {

Write Preview
Loading…
Cancel
Save