lemonldap-ng/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm

##@file
# LDAP password backend file

##@class
# LDAP password backend class
package Lemonldap::NG::Portal::PasswordDBLDAP;

use strict;
use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_LDAP 'ldap';    #link protected ldap
use Lemonldap::NG::Portal::UserDBLDAP;      #inherits

#inherits Lemonldap::NG::Portal::_SMTP

our $VERSION = '1.0.0';

*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
*_search        = *Lemonldap::NG::Portal::UserDBLDAP::search;

## @apmethod int passwordDBInit()
# Load SMTP functions
# @return Lemonldap::NG::Portal constant
sub passwordDBInit {
    my $self = shift;
    eval { use base qw(Lemonldap::NG::Portal::_SMTP) };
    if ($@) {
        $self->lmLog( "Unable to load SMTP functions ($@)", 'error' );
        return PE_ERROR;
    }
    PE_OK;
}

## @apmethod int modifyPassword(boolean reset)
# Modify the password by LDAP mechanism.
# @param reset Force pwdReset flag to TRUE
# @return Lemonldap::NG::Portal constant
sub modifyPassword {
    my ($self,$reset) = splice @_;

    # Exit method if no password change requested
    return PE_OK unless ( $self->{newpassword} );

    unless ( $self->ldap ) {
        return PE_LDAPCONNECTFAILED;
    }

    # Set the dn unless done before
    unless ( $self->{dn} ) {
        my $tmp = $self->_subProcess(qw(_formateFilter _search));
        return $tmp if ($tmp);
    }

    $self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );

    # Call the modify password method
    my $code = $self->ldap->userModifyPassword(
        $self->{dn},              $self->{newpassword},
        $self->{confirmpassword}, $self->{oldpassword}
    );

    # Update password in session if needed
    my $infos;
    $infos->{_password} = $self->{newpassword};
    $self->updateSession($infos)
      if ( $self->{storePassword} and $code == PE_PASSWORD_OK );

    return $code unless ( $code == PE_PASSWORD_OK );

    # If Password Policy and reset asked, set the PwdReset flag
    if ( $self->{ldapPpolicyControl} and $reset) {
        my $result =
          $self->ldap->modify( $self->{dn},
            replace => { 'pwdReset' => 'TRUE' } );

        unless ( $result->code == 0 ) {
            $self->lmLog( "LDAP modify pwdReset error: " . $result->code,
                'error' );
            $code = PE_LDAPERROR;
        }

        $self->lmLog( "pwdReset set to TRUE", 'debug' );
    }

    return $code;
}

## @apmethod int resetPassword()
# Reset the password
# @return Lemonldap::NG::Portal constant
sub resetPassword {
    my $self = shift;

    # Exit method if no mail and mail_token
    return PE_OK unless ( $self->{mail} && $self->{mail_token} );

    unless ( $self->ldap ) {
        return PE_LDAPCONNECTFAILED;
    }

    # Set the dn unless done before
    unless ( $self->{dn} ) {
        my $tmp = $self->_subProcess(qw(_formateFilter _search));
        return $tmp if ($tmp);
    }

    $self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );

    # Generate a complex password
    my $password = $self->gen_password( $self->{randomPasswordRegexp} );

    $self->lmLog( "Generated password: " . $password, 'debug' );

    # Call the modify password method
    my $pe_error =
      $self->ldap->userModifyPassword( $self->{dn}, $password, $password );

    return $pe_error unless ( $pe_error == PE_PASSWORD_OK );

    # If Password Policy, set the PwdReset flag
    if ( $self->{ldapPpolicyControl} ) {
        my $result =
          $self->ldap->modify( $self->{dn},
            replace => { 'pwdReset' => 'TRUE' } );

        unless ( $result->code == 0 ) {
            $self->lmLog( "LDAP modify pwdReset error: " . $result->code,
                'error' );
            return PE_LDAPERROR;
        }

        $self->lmLog( "pwdReset set to TRUE", 'debug' );
    }

    # Store password to forward it to the user
    $self->{reset_password} = $password;

    PE_OK;
}

1;
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								##@file
 								# LDAP password backend file
 								##@class
 								# LDAP password backend class
 								package Lemonldap::NG::Portal::PasswordDBLDAP;
-												Refactor DBI code in _DBI.pm and SMTP code in _SMTP.pm


											
										
										
											2009-12-21 23:28:38 +01:00
+								use strict;
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								use Lemonldap::NG::Portal::Simple;
 								use Lemonldap::NG::Portal::_LDAP 'ldap';    #link protected ldap
 								use Lemonldap::NG::Portal::UserDBLDAP;      #inherits
-												Portal - new feature: token to reset password by mail:
* A token is sent when user ask for password reset
* The token is linked to an apache session
* The password is reset if the token is valid



											
										
										
											2010-01-21 18:38:55 +01:00
-												Doxygen comments



											
										
										
											2010-10-02 17:45:10 +02:00
+								#inherits Lemonldap::NG::Portal::_SMTP
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
-												Upgrade versions for 1.0 release


											
										
										
											2010-11-20 16:05:40 +01:00
+								our $VERSION = '1.0.0';
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
 								*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
 								*_search        = *Lemonldap::NG::Portal::UserDBLDAP::search;
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								## @apmethod int passwordDBInit()
-												Refactor DBI code in _DBI.pm and SMTP code in _SMTP.pm


											
										
										
											2009-12-21 23:28:38 +01:00
+								# Load SMTP functions
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								# @return Lemonldap::NG::Portal constant
 								sub passwordDBInit {
-												Refactor DBI code in _DBI.pm and SMTP code in _SMTP.pm


											
										
										
											2009-12-21 23:28:38 +01:00
+								    my $self = shift;
 								    eval { use base qw(Lemonldap::NG::Portal::_SMTP) };
 								    if ($@) {
 								        $self->lmLog( "Unable to load SMTP functions ($@)", 'error' );
 								        return PE_ERROR;
 								    }
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								    PE_OK;
 								}
-												Possibility to change the password on the portal after password reset confirmation (#302)


											
										
										
											2011-05-30 17:45:56 +02:00
+								## @apmethod int modifyPassword(boolean reset)
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								# Modify the password by LDAP mechanism.
-												Possibility to change the password on the portal after password reset confirmation (#302)


											
										
										
											2011-05-30 17:45:56 +02:00
+								# @param reset Force pwdReset flag to TRUE
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								# @return Lemonldap::NG::Portal constant
 								sub modifyPassword {
-												Possibility to change the password on the portal after password reset confirmation (#302)


											
										
										
											2011-05-30 17:45:56 +02:00
+								    my ($self,$reset) = splice @_;
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
 								    # Exit method if no password change requested
 								    return PE_OK unless ( $self->{newpassword} );
 								    unless ( $self->ldap ) {
 								        return PE_LDAPCONNECTFAILED;
 								    }
 								    # Set the dn unless done before
 								    unless ( $self->{dn} ) {
 								        my $tmp = $self->_subProcess(qw(_formateFilter _search));
 								        return $tmp if ($tmp);
 								    }
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    $self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );
-												Use PasswordDBLDAP in Menu


											
										
										
											2009-06-02 17:34:13 +02:00
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								    # Call the modify password method
-												Portal: change _password value in session when user changes its password


											
										
										
											2010-01-22 22:54:58 +01:00
+								    my $code = $self->ldap->userModifyPassword(
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        $self->{dn},              $self->{newpassword},
 								        $self->{confirmpassword}, $self->{oldpassword}
 								    );
-												Portal: change _password value in session when user changes its password


											
										
										
											2010-01-22 22:54:58 +01:00
 								    # Update password in session if needed
 								    my $infos;
 								    $infos->{_password} = $self->{newpassword};
 								    $self->updateSession($infos)
 								      if ( $self->{storePassword} and $code == PE_PASSWORD_OK );
-												Possibility to change the password on the portal after password reset confirmation (#302)


											
										
										
											2011-05-30 17:45:56 +02:00
+								    return $code unless ( $code == PE_PASSWORD_OK );
 								    # If Password Policy and reset asked, set the PwdReset flag
 								    if ( $self->{ldapPpolicyControl} and $reset) {
 								        my $result =
 								          $self->ldap->modify( $self->{dn},
 								            replace => { 'pwdReset' => 'TRUE' } );
 								        unless ( $result->code == 0 ) {
 								            $self->lmLog( "LDAP modify pwdReset error: " . $result->code,
 								                'error' );
 								            $code = PE_LDAPERROR;
 								        }
 								        $self->lmLog( "pwdReset set to TRUE", 'debug' );
 								    }
-												Portal: change _password value in session when user changes its password


											
										
										
											2010-01-22 22:54:58 +01:00
+								    return $code;
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								}
-												Portal - new feature: token to reset password by mail:
* A token is sent when user ask for password reset
* The token is linked to an apache session
* The password is reset if the token is valid



											
										
										
											2010-01-21 18:38:55 +01:00
+								## @apmethod int resetPassword()
 								# Reset the password
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								# @return Lemonldap::NG::Portal constant
-												Portal - new feature: token to reset password by mail:
* A token is sent when user ask for password reset
* The token is linked to an apache session
* The password is reset if the token is valid



											
										
										
											2010-01-21 18:38:55 +01:00
+								sub resetPassword {
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								    my $self = shift;
-												Portal - new feature: token to reset password by mail:
* A token is sent when user ask for password reset
* The token is linked to an apache session
* The password is reset if the token is valid



											
										
										
											2010-01-21 18:38:55 +01:00
+								    # Exit method if no mail and mail_token
 								    return PE_OK unless ( $self->{mail} && $self->{mail_token} );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    unless ( $self->ldap ) {
 								        return PE_LDAPCONNECTFAILED;
 								    }
 								    # Set the dn unless done before
 								    unless ( $self->{dn} ) {
 								        my $tmp = $self->_subProcess(qw(_formateFilter _search));
 								        return $tmp if ($tmp);
 								    }
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    $self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    # Generate a complex password
-												Refactor DBI code in _DBI.pm and SMTP code in _SMTP.pm


											
										
										
											2009-12-21 23:28:38 +01:00
+								    my $password = $self->gen_password( $self->{randomPasswordRegexp} );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    $self->lmLog( "Generated password: " . $password, 'debug' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    # Call the modify password method
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    my $pe_error =
 								      $self->ldap->userModifyPassword( $self->{dn}, $password, $password );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    return $pe_error unless ( $pe_error == PE_PASSWORD_OK );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    # If Password Policy, set the PwdReset flag
 								    if ( $self->{ldapPpolicyControl} ) {
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        my $result =
 								          $self->ldap->modify( $self->{dn},
 								            replace => { 'pwdReset' => 'TRUE' } );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        unless ( $result->code == 0 ) {
 								            $self->lmLog( "LDAP modify pwdReset error: " . $result->code,
 								                'error' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								            return PE_LDAPERROR;
 								        }
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        $self->lmLog( "pwdReset set to TRUE", 'debug' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								    }
-												Portal:
* Use HTML templates to send fancy reset password mail, with translations
* Send the new password by mail instead of diplaying it n the web page
* Remove the need to configure : the value is now set with help of {DOCUMENT_ROOT}


											
										
										
											2010-01-22 12:25:37 +01:00
+								    # Store password to forward it to the user
-												Portal - new feature: token to reset password by mail:
* A token is sent when user ask for password reset
* The token is linked to an apache session
* The password is reset if the token is valid



											
										
										
											2010-01-21 18:38:55 +01:00
+								    $self->{reset_password} = $password;
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
-												Portal:
* Use HTML templates to send fancy reset password mail, with translations
* Send the new password by mail instead of diplaying it n the web page
* Remove the need to configure : the value is now set with help of {DOCUMENT_ROOT}


											
										
										
											2010-01-22 12:25:37 +01:00
+								    PE_OK;
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								}
-												Refactor DBI code in _DBI.pm and SMTP code in _SMTP.pm


											
										
										
											2009-12-21 23:28:38 +01:00
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+;