Password in progress (#595)

9 years ago · 095ffcab48
parent d34be2d07c
commit 095ffcab48
9 changed files with 117 additions and 77 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm
@ -39,7 +39,7 @@ sub dbh {

 # INITIALIZATION

-# All DBI modules has just to verify that DBI connection is available
+# All DBI modules have just to verify that DBI connection is available
 sub init {
    my ($self) = @_;
    return $self->_dbh;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
@ -26,6 +26,7 @@ has menu        => ( is => 'rw', default => sub { {} } );
 # Sub modules
 has _authentication => ( is => 'rw' );
 has _userDB         => ( is => 'rw' );
+has _passwordDB     => ( is => 'rw' );

 # Macros and groups
 has _macros     => ( is => 'rw' );
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
@ -15,8 +15,18 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';

 our $VERSION = '2.0.0';

+# INITIALIZATION
+
+sub init {
+    $_[0]->p->{_passwordDB} = $_[0];
+}
+
+# INTERFACE
+
 sub forAuthUser { '_modifyPassword' }

+# RUNNING METHODS
+
 sub _modifyPassword {
    my ( $self, $req ) = @_;

@ -40,12 +50,11 @@ sub _modifyPassword {

        # Verify old password
        return PE_BADOLDPASSWORD
-          unless ( $self->confirm( $req, $req->datas->{newpassword} ) );
+          unless ( $self->confirm( $req, $req->datas->{oldpassword} ) );
    }

    # Call password package
-    my $res =
-      $self->modifyPassword( $req, $req->datas->{newpassword} );
+    my $res = $self->modifyPassword( $req, $req->datas->{newpassword} );
    if ( $res == PE_PASSWORD_OK ) {
        $self->lmLog( 'Update password in session for ' . $req->user, 'debug' );
        my $infos;
@ -55,14 +64,14 @@ sub _modifyPassword {
            $self->p->updateSession(
                $req,
                {
-                    _passwordDB => $self->getModule( $req, 'password' ),
+                    _passwordDB => $self->p->getModule( $req, 'password' ),
                    _password   => $req->{newpassword}
                }
            );
        }
        else {
            $self->p->updateSession( $req,
-                { _passwordDB => $self->getModule( $req, 'password' ) } );
+                { _passwordDB => $self->p->getModule( $req, 'password' ) } );
        }

        # Set a flag to ignore password change in Menu
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm
@ -9,6 +9,11 @@ extends 'Lemonldap::NG::Portal::Password::Base',

 our $VERSION = '2.0.0';

+sub init {
+    $_[0]->Lemonldap::NG::Portal::Password::Base::init
+      and $_[0]->Lemonldap::NG::Portal::Lib::DBI::init;
+}
+
 sub confirm {
    my ( $self, $req, $pwd ) = @_;
    return $self->check_password( $req->user, $pwd );
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm
@ -10,8 +10,8 @@ our $VERSION = '2.0.0';

 sub init {
    my ($self) = @_;
-    if ( $self->p->getModule(undef,'auth') eq 'Demo' ) {
-        return 1;
+    if ( $self->p->getModule( undef, 'auth' ) eq 'Demo' ) {
+        return $self->SUPER::init;
    }
    else {
        $self->lmLog( "Use PasswordDBDemo only with AuthDemo", 'error' );
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
@ -3,29 +3,31 @@ package Lemonldap::NG::Portal::Password::LDAP;
 use strict;
 use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(PE_PASSWORD_OK PE_LDAPERROR);
+use Lemonldap::NG::Portal::Lib::LDAP;

-extends 'Lemonldap::NG::Portal::Password::Base';
+extends 'Lemonldap::NG::Portal::UserDB::LDAP',
+  'Lemonldap::NG::Portal::Password::Base';

 our $VERSION = '2.0.0';

 sub init {
    my ($self) = @_;
-    $self->ldap and $self->filter;
+    $self->ldap
+      and $self->filter
+      and $self->Lemonldap::NG::Portal::Password::Base::init;
 }

 # Confirmation is done by Lib::LDAP::userModifyPassword
 sub confirm {
-    return 1
+    return 1;
 }

 sub modifyPassword {
    my ( $self, $req, $pwd ) = @_;

    # Call the modify password method
-    my $code = $self->ldap->userModifyPassword(
-        $req->{dn},              $pwd,
-        $self->{oldpassword}
-    );
+    my $code =
+      $self->ldap->userModifyPassword( $req->{dn}, $pwd, $self->{oldpassword} );

    unless ( $code == PE_PASSWORD_OK ) {
        $self->ldap->unbind;
--- a/lemonldap-ng-portal/t/03-Auth-and-password-DBI.pm
+++ b/lemonldap-ng-portal/t/03-Auth-and-password-DBI.pm
@ -0,0 +1,85 @@
+use Test::More;
+use strict;
+use IO::String;
+
+require 't/test-lib.pm';
+
+my $res;
+
+eval { unlink 't/userdb.db' };
+
+SKIP: {
+    eval { require DBI; require DBD::SQLite; };
+    if ($@) {
+        skip 'DBD::SQLite not found', 8;
+    }
+    my $dbh = DBI->connect("dbi:SQLite:dbname=t/userdb.db");
+    $dbh->do('CREATE TABLE users (user text,password text,name text)');
+    $dbh->do("INSERT INTO users VALUES ('dwho','dwho','Doctor who')");
+    init(
+        {
+            logLevel                 => 'error',
+            useSafeJail              => 1,
+            authentication           => 'DBI',
+            userDB                   => 'DBI',
+            dbiAuthChain             => 'dbi:SQLite:dbname=t/userdb.db',
+            dbiAuthUser              => '',
+            dbiAuthPassword          => '',
+            dbiAuthTable             => 'users',
+            dbiAuthLoginCol          => 'user',
+            dbiAuthPasswordCol       => 'password',
+            dbiAuthPasswordHash      => '',
+            passwordDB               => 'DBI',
+            portalRequireOldPassword => 1,
+        }
+    );
+
+    # Try yo authenticate
+    # -------------------
+    ok(
+        $res = &client->_post(
+            '/',
+            IO::String->new('user=dwho&password=dwho'),
+            length => 23
+        ),
+        'Auth query'
+    );
+    ok( $res->[0] == 200, 'Response is 200' ) or explain( $res->[0], 200 );
+    my $cookies = getCookies($res);
+    my $id;
+    ok( $id = $cookies->{lemonldap}, 'Get cookie' )
+      or explain( $res, 'Set-Cookie: something' );
+
+    ok(
+        $res = &client->_post(
+            '/',
+            IO::String->new(
+                'oldpassword=dwho&newpassword=test&confirmpassword=test'),
+            cookie => "lemonldap=$id",
+            accept => 'application/json',
+            length => 54
+        ),
+        'Change password'
+    );
+    ok( $res->[0] == 200, 'Response is 200' ) or explain( $res, 200 );
+    logout($id);
+    ok(
+        $res = &client->_post(
+            '/',
+            IO::String->new('user=dwho&password=test'),
+            cookie => "lemonldap=$id",
+            length => 23
+        ),
+        'Auth query with new password'
+    );
+    ok( $res->[0] == 200, 'Response is 200' ) or explain( $res->[0], 200 );
+    $cookies = getCookies($res);
+    ok( $id = $cookies->{lemonldap}, 'Get cookie' )
+      or explain( $res, 'Set-Cookie: something' );
+
+    logout($id);
+    clean_sessions();
+}
+eval { unlink 't/userdb.db' };
+count(8);
+done_testing( count() );
--- a/lemonldap-ng-portal/t/03-AuthDBI.t
+++ b/lemonldap-ng-portal/t/03-AuthDBI.t
@ -1,60 +0,0 @@
-use Test::More;
-use strict;
-use IO::String;
-
-require 't/test-lib.pm';
-
-my $res;
-
-eval { unlink 't/userdb.db' };
-
-SKIP: {
-    eval { require DBI; require DBD::SQLite; };
-    if ($@) {
-        skip 'DBD::SQLite not found', 3;
-    }
-    my $dbh = DBI->connect("dbi:SQLite:dbname=t/userdb.db");
-    $dbh->do('CREATE TABLE users (user text,password text,name text)');
-    $dbh->do("INSERT INTO users VALUES ('dwho','dwho','Doctor who')");
-    init(
-        {
-            logLevel            => 'error',
-            useSafeJail         => 1,
-            authentication      => 'DBI',
-            userDB              => 'DBI',
-            dbiAuthChain        => 'dbi:SQLite:dbname=t/userdb.db',
-            dbiAuthUser         => '',
-            dbiAuthPassword     => '',
-            dbiAuthTable        => 'users',
-            dbiAuthLoginCol     => 'user',
-            dbiAuthPasswordCol  => 'password',
-            dbiAuthPasswordHash => '',
-        }
-    );
-    my $postString = 'user='
-      . ( $ENV{LDAPACCOUNT} || 'dwho' )
-      . '&password='
-      . ( $ENV{LDAPPWD} || 'dwho' );
-
-    # Try yo authenticate
-    # -------------------
-    ok(
-        $res = &client->_post(
-            '/',
-            IO::String->new('user=dwho&password=dwho'),
-            length => 23
-        ),
-        'Auth query'
-    );
-    ok( $res->[0] == 200, 'Response is 200' ) or explain( $res->[0], 200 );
-    my $cookies = getCookies($res);
-    my $id;
-    ok( $id = $cookies->{lemonldap}, 'Get cookie' )
-      or explain( $res, 'Set-Cookie: something' );
-
-    logout($id);
-    clean_sessions();
-}
-count(3);
-eval { unlink 't/userdb.db' };
-done_testing( count() );
--- a/lemonldap-ng-portal/t/40-Password-Demo.t
+++ b/lemonldap-ng-portal/t/40-Password-Demo.t
@ -65,7 +65,6 @@ ok(
    'Missing old password'
 );
 ok( $res->[0] == 400, 'Response is 400' ) or explain( $res->[0], 400 );
-my $json;
 ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
  or print STDERR "$@\n" . Dumper($res);
 ok(
@ -86,7 +85,6 @@ ok(
    'Bad old password'
 );
 ok( $res->[0] == 400, 'Response is 400' ) or explain( $res->[0], 400 );
-my $json;
 ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
  or print STDERR "$@\n" . Dumper($res);
 ok( $json->{error} == PE_BADOLDPASSWORD, 'Response is PE_BADOLDPASSWORD' )