Password in progress (#595)

9 years ago · 844e5d3e88
parent 7308875784
commit 844e5d3e88
6 changed files with 96 additions and 48 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm
@ -120,35 +120,4 @@ sub check_password {

 }

-## @method protected Lemonldap::NG::Portal::_DBI modify_password(string user, string password, string userCol, string passwordCol)
-# Modify password with SQL UPDATE
-# @param user user
-# @param password password
-# @param userCol optional user column
-# @param passwordCol optional password column
-# @return boolean result
-sub modify_password {
-    my ( $self, $user, $password, $userCol, $passwordCol ) = @_;
-    $userCol     ||= $self->conf->{dbiAuthLoginCol};
-    $passwordCol ||= $self->conf->{dbiAuthPasswordCol};
-
-    my $table = $self->conf->{dbiAuthTable};
-
-    # Password hash
-    my $passwordsql =
-      $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} );
-
-    eval {
-        my $sth = $self->dbh->prepare(
-            "UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?");
-        $sth->execute( $password, $user );
-    };
-    if ($@) {
-        $self->lmLog( "DBI password modification error: $@", 'error' );
-        return 0;
-    }
-
-    return 1;
-}
-
 1;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
@ -234,16 +234,15 @@ sub userBind {
    return PE_BADCREDENTIALS;
 }

-## @method int userModifyPassword(string dn, string newpassword, string confirmpassword, string oldpassword, boolean ad)
+## @method int userModifyPassword(string dn, string newpassword, string oldpassword, boolean ad)
 # Change user's password.
 # @param $dn DN
 # @param $newpassword New password
-# @param $confirmpassword New password
 # @param $oldpassword Current password
 # @param $ad Active Directory mode
 # @return Lemonldap::NG::Portal constant
 sub userModifyPassword {
-    my ( $self, $dn, $newpassword, $confirmpassword, $oldpassword, $ad ) = @_;
+    my ( $self, $dn, $newpassword, $oldpassword, $ad ) = @_;
    my $ppolicyControl     = $self->{conf}->{ldapPpolicyControl};
    my $setPassword        = $self->{conf}->{ldapSetPassword};
    my $asUser             = $self->{conf}->{ldapChangePasswordAsUser};
@ -252,15 +251,6 @@ sub userModifyPassword {
    my $err;
    my $mesg;

-    # Verify confirmation password matching
-    unless ( $newpassword eq $confirmpassword ) {
-        $self->{portal}->lmLog(
-"Password $newpassword and password $confirmpassword are not the same",
-            'debug'
-        );
-        return PE_PASSWORD_MISMATCH;
-    }
-
    # Adjust configuration for AD
    if ($ad) {
        $ppolicyControl    = 0;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
@ -44,7 +44,8 @@ sub _modifyPassword {
    }

    # Call password package
-    my $res = $self->modifyPassword($req);
+    my $res =
+      $self->modifyPassword( $req, $req->datas->{newpassword} );
    if ( $res == PE_PASSWORD_OK ) {
        $self->lmLog( 'Update password in session for ' . $req->user, 'debug' );
        my $infos;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm
@ -2,7 +2,7 @@ package Lemonldap::NG::Portal::Password::DBI;

 use strict;
 use Mouse;
-use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR);
+use Lemonldap::NG::Portal::Main::Constants qw(PE_PASSWORD_OK PE_ERROR);

 extends 'Lemonldap::NG::Portal::Password::Base',
  'Lemonldap::NG::Portal::Lib::DBI';
@ -20,8 +20,23 @@ sub confirm {
 }

 sub modifyPassword {
-    my ( $self, $req ) = @_;
-    return $self->modify_password( $req->user, $pwd ) ? PE_OK : PE_ERROR;
+    my ( $self, $req, $pwd ) = @_;
+    eval {
+        $self->dbh->prepare( 'UPDATE '
+              . $self->conf->{dbiAuthTable} . ' SET '
+              . $self->conf->{dbiAuthPasswordCol} . '='
+              . $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} )
+              . ' WHERE '
+              . $self->conf->{dbiAuthLoginCol}
+              . '=?' )->execute( $pwd, $req->user );
+    };
+    if ($@) {
+        $self->lmLog( "DBI password modification error: $@", 'error' );
+        return PE_ERROR;
+    }
+    else {
+        return PE_PASSWORD_OK;
+    }
 }

 1;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm
@ -25,7 +25,7 @@ sub confirm {
 }

 sub modifyPassword {
-    my ( $self, $req ) = @_;
+    my ( $self, $req, $pwd ) = @_;

    # Nothing to do here, all new passwords are accepted
    PE_OK;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
@ -0,0 +1,73 @@
+package Lemonldap::NG::Portal::Password::LDAP;
+
+use strict;
+use Mouse;
+use Lemonldap::NG::Portal::Main::Constants qw(PE_PASSWORD_OK PE_LDAPERROR);
+
+extends 'Lemonldap::NG::Portal::Password::Base';
+
+our $VERSION = '2.0.0';
+
+sub init {
+    my ($self) = @_;
+    $self->ldap and $self->filter;
+}
+
+# Confirmation is done by Lib::LDAP::userModifyPassword
+sub confirm {
+    return 1
+}
+
+sub modifyPassword {
+    my ( $self, $req, $pwd ) = @_;
+
+    # Call the modify password method
+    my $code = $self->ldap->userModifyPassword(
+        $req->{dn},              $pwd,
+        $self->{oldpassword}
+    );
+
+    unless ( $code == PE_PASSWORD_OK ) {
+        $self->ldap->unbind;
+        $self->{flags}->{ldapActive} = 0;
+        return $code;
+    }
+
+    # If password policy and force reset, set reset flag
+    if (    $self->{ldapPpolicyControl}
+        and $self->{forceReset}
+        and $self->{ldapUsePasswordResetAttribute} )
+    {
+        my $result = $self->ldap->modify(
+            $self->{dn},
+            replace => {
+                $self->{ldapPasswordResetAttribute} =>
+                  $self->{ldapPasswordResetAttributeValue}
+            }
+        );
+
+        unless ( $result->code == 0 ) {
+            $self->lmLog(
+                "LDAP modify "
+                  . $self->{ldapPasswordResetAttribute}
+                  . " error: "
+                  . $result->code,
+                'error'
+            );
+            $self->ldap->unbind;
+            $self->{flags}->{ldapActive} = 0;
+            return PE_LDAPERROR;
+        }
+
+        $self->lmLog(
+            $self->{ldapPasswordResetAttribute}
+              . " set to "
+              . $self->{ldapPasswordResetAttributeValue},
+            'debug'
+        );
+    }
+
+    return $code;
+}
+
+1;