2018-10-29 18:35:25 +01:00
|
|
|
package Lemonldap::NG::Portal::Password::AD;
|
|
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
use Mouse;
|
2019-10-01 19:17:31 +02:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
2020-11-04 16:48:43 +01:00
|
|
|
PE_ERROR
|
2019-10-01 19:17:31 +02:00
|
|
|
PE_LDAPERROR
|
2020-11-04 16:48:43 +01:00
|
|
|
PE_PASSWORD_OK
|
2019-10-01 19:17:31 +02:00
|
|
|
PE_LDAPCONNECTFAILED
|
|
|
|
|
);
|
2018-10-29 18:35:25 +01:00
|
|
|
|
2020-11-04 16:48:43 +01:00
|
|
|
extends qw(
|
|
|
|
|
Lemonldap::NG::Portal::Lib::LDAP
|
|
|
|
|
Lemonldap::NG::Portal::Password::Base
|
|
|
|
|
);
|
2018-10-29 18:35:25 +01:00
|
|
|
|
2020-11-04 16:48:43 +01:00
|
|
|
our $VERSION = '2.0.10';
|
2018-10-29 18:35:25 +01:00
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
|
my ($self) = @_;
|
|
|
|
|
$self->ldap
|
|
|
|
|
and $self->filter
|
|
|
|
|
and $self->Lemonldap::NG::Portal::Password::Base::init;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Confirmation is done by Lib::Net::LDAP::userModifyPassword
|
|
|
|
|
sub confirm {
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub modifyPassword {
|
2020-12-23 14:57:55 +01:00
|
|
|
my ( $self, $req, $pwd, $useMail ) = @_;
|
2021-01-08 14:27:56 +01:00
|
|
|
|
|
|
|
|
# If the password change is done in a different backend,
|
|
|
|
|
# we need to reload the correct DN
|
|
|
|
|
$self->getUser( $req, useMail => $useMail )
|
|
|
|
|
if $self->conf->{ldapGetUserBeforePasswordChange};
|
|
|
|
|
|
2019-09-26 22:47:03 +02:00
|
|
|
my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
|
2018-10-29 18:35:25 +01:00
|
|
|
unless ($dn) {
|
2020-12-23 14:57:55 +01:00
|
|
|
$self->logger->error('"dn" is not set, abort password modification');
|
2018-10-29 18:35:25 +01:00
|
|
|
return PE_ERROR;
|
|
|
|
|
}
|
2020-12-23 14:57:55 +01:00
|
|
|
|
2020-04-27 22:08:12 +02:00
|
|
|
my $requireOldPassword = (
|
|
|
|
|
$req->userData
|
2020-12-23 14:57:55 +01:00
|
|
|
? $self->requireOldPwdRule->( $req, $req->userData )
|
|
|
|
|
: $self->requireOldPwdRule->( $req, $req->sessionInfo )
|
2020-04-27 22:08:12 +02:00
|
|
|
);
|
2020-12-23 14:57:55 +01:00
|
|
|
$requireOldPassword = 0 if $useMail;
|
2018-10-29 18:35:25 +01:00
|
|
|
|
2019-10-01 19:17:31 +02:00
|
|
|
# Ensure connection is valid
|
|
|
|
|
$self->bind;
|
|
|
|
|
return PE_LDAPCONNECTFAILED unless $self->ldap;
|
|
|
|
|
|
2018-10-29 18:35:25 +01:00
|
|
|
# Call the modify password method
|
|
|
|
|
my $code =
|
|
|
|
|
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
|
2020-04-27 22:08:12 +02:00
|
|
|
1, $requireOldPassword );
|
2020-11-04 16:48:43 +01:00
|
|
|
return $code unless ( $code == PE_PASSWORD_OK );
|
2018-10-29 18:35:25 +01:00
|
|
|
|
|
|
|
|
# If force reset, set reset flag
|
|
|
|
|
if ( $req->data->{forceReset} ) {
|
|
|
|
|
my $result = $self->ldap->modify(
|
|
|
|
|
$dn,
|
|
|
|
|
replace => {
|
|
|
|
|
'pwdLastSet' => '0'
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
unless ( $result->code == 0 ) {
|
2019-09-30 17:19:57 +02:00
|
|
|
$self->logger->error( "LDAP modify pwdLastSet error "
|
|
|
|
|
. $result->code . ": "
|
|
|
|
|
. $result->error );
|
2018-10-29 18:35:25 +01:00
|
|
|
return PE_LDAPERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$self->logger->debug("pwdLastSet set to 0");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $code;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
1;
|
