lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm

package Lemonldap::NG::Portal::Password::LDAP;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_ERROR
  PE_LDAPERROR
  PE_PASSWORD_OK
  PE_LDAPCONNECTFAILED
);

extends qw(
  Lemonldap::NG::Portal::Lib::LDAP
  Lemonldap::NG::Portal::Password::Base
);

our $VERSION = '2.0.10';

sub init {
    my ($self) = @_;
    return (  $self->Lemonldap::NG::Portal::Password::Base::init
          and $self->Lemonldap::NG::Portal::Lib::LDAP::init );
}

# Confirmation is done by Lib::Net::LDAP::userModifyPassword
sub confirm {
    return 1;
}

sub modifyPassword {
    my ( $self, $req, $pwd, $useMail ) = @_;
    my $dn;
    my $requireOldPassword;

    # If the password change is done in a different backend,
    # we need to reload the correct DN
    $self->getUser( $req, useMail => $useMail )
      if $self->conf->{ldapGetUserBeforePasswordChange};

    if ( $req->data->{dn} ) {
        $dn = $req->data->{dn};
        $requireOldPassword =
          $self->requireOldPwdRule->( $req, $req->userData );
        $self->logger->debug("Get DN from request data: $dn");
    }
    else {
        $dn = $req->sessionInfo->{_dn};
        $requireOldPassword =
          $self->requireOldPwdRule->( $req, $req->sessionInfo );
        $self->logger->debug("Get DN from session data: $dn");
    }
    unless ($dn) {
        $self->logger->error('"dn" is not set, aborting password modification');
        return PE_ERROR;
    }
    $requireOldPassword = 0 if $useMail;

    # Ensure connection is valid
    $self->bind;
    return PE_LDAPCONNECTFAILED unless $self->ldap;

    # Call the modify password method
    my $code =
      $self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
        0, $requireOldPassword );

    unless ( $code == PE_PASSWORD_OK ) {
        return $code;
    }

    # If password policy and force reset, set reset flag
    if (    $self->conf->{ldapPpolicyControl}
        and $req->data->{forceReset}
        and $self->conf->{ldapUsePasswordResetAttribute} )
    {
        my $result = $self->ldap->modify(
            $dn,
            replace => {
                $self->conf->{ldapPasswordResetAttribute} =>
                  $self->conf->{ldapPasswordResetAttributeValue}
            }
        );

        unless ( $result->code == 0 ) {
            $self->logger->error( "LDAP modify "
                  . $self->conf->{ldapPasswordResetAttribute}
                  . " error "
                  . $result->code . ": "
                  . $result->error );
            return PE_LDAPERROR;
        }

        $self->logger->debug( $self->conf->{ldapPasswordResetAttribute}
              . " set to "
              . $self->conf->{ldapPasswordResetAttributeValue} );
    }

    return $code;
}

1;
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`package Lemonldap::NG::Portal::Password::LDAP;`

			`use strict;`
			`use Mouse;`
Make Password::LDAP/AD check connection before use (#1909) Also remove a mostly redundant wrapper method in Auth::LDAP 2019-10-01 19:17:31 +02:00			`use Lemonldap::NG::Portal::Main::Constants qw(`
Tidy 2020-11-04 16:48:43 +01:00			`PE_ERROR`
Make Password::LDAP/AD check connection before use (#1909) Also remove a mostly redundant wrapper method in Auth::LDAP 2019-10-01 19:17:31 +02:00			`PE_LDAPERROR`
Tidy 2020-11-04 16:48:43 +01:00			`PE_PASSWORD_OK`
Make Password::LDAP/AD check connection before use (#1909) Also remove a mostly redundant wrapper method in Auth::LDAP 2019-10-01 19:17:31 +02:00			`PE_LDAPCONNECTFAILED`
			`);`
Password in progress (#595) 2016-07-18 21:38:14 +02:00
Tidy 2020-11-04 16:48:43 +01:00			`extends qw(`
			`Lemonldap::NG::Portal::Lib::LDAP`
			`Lemonldap::NG::Portal::Password::Base`
			`);`
Password in progress (#595) 2016-07-18 21:38:14 +02:00
Tidy 2020-11-04 16:48:43 +01:00			`our $VERSION = '2.0.10';`
Password in progress (#595) 2016-07-18 21:38:14 +02:00
			`sub init {`
			`my ($self) = @_;`
Fix init of ::Portal::Password::LDAP (#2410) 2020-12-07 16:58:49 +01:00			`return ( $self->Lemonldap::NG::Portal::Password::Base::init`
			`and $self->Lemonldap::NG::Portal::Lib::LDAP::init );`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`}`

Change password test (#595) 2017-03-02 07:13:52 +01:00			`# Confirmation is done by Lib::Net::LDAP::userModifyPassword`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`sub confirm {`
Password in progress (#595) 2016-07-20 22:47:43 +02:00			`return 1;`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`}`

			`sub modifyPassword {`
Removing workaround with MailPasswordReset 2020-12-23 14:57:55 +01:00			`my ( $self, $req, $pwd, $useMail ) = @_;`
Fix DN encoding issue in LDAP password modification (#1540) 2018-11-14 10:15:28 +01:00			`my $dn;`
Use rule (#2178) 2020-04-27 22:08:12 +02:00			`my $requireOldPassword;`
Removing workaround with MailPasswordReset 2020-12-23 14:57:55 +01:00
Add an option to force getUser before LDAP password change (#714) 2021-01-08 14:27:56 +01:00			`# If the password change is done in a different backend,`
			`# we need to reload the correct DN`
			`$self->getUser( $req, useMail => $useMail )`
			`if $self->conf->{ldapGetUserBeforePasswordChange};`

Use req->data instead of req->userData to retrieve LDAP dn (#1598) 2019-09-26 22:47:03 +02:00			`if ( $req->data->{dn} ) {`
tidy 2022-02-16 17:43:29 +01:00			`$dn = $req->data->{dn};`
			`$requireOldPassword =`
			`$self->requireOldPwdRule->( $req, $req->userData );`
Fix DN encoding issue in LDAP password modification (#1540) 2018-11-14 10:15:28 +01:00			`$self->logger->debug("Get DN from request data: $dn");`
			`}`
			`else {`
tidy 2022-02-16 17:43:29 +01:00			`$dn = $req->sessionInfo->{_dn};`
			`$requireOldPassword =`
			`$self->requireOldPwdRule->( $req, $req->sessionInfo );`
Fix DN encoding issue in LDAP password modification (#1540) 2018-11-14 10:15:28 +01:00			`$self->logger->debug("Get DN from session data: $dn");`
			`}`
Send dn when resetting LDAP password Fixes: #1353 2018-01-25 15:53:52 +01:00			`unless ($dn) {`
			`$self->logger->error('"dn" is not set, aborting password modification');`
			`return PE_ERROR;`
			`}`
Removing workaround with MailPasswordReset 2020-12-23 14:57:55 +01:00			`$requireOldPassword = 0 if $useMail;`
Password in progress (#595) 2016-07-18 21:38:14 +02:00
Make Password::LDAP/AD check connection before use (#1909) Also remove a mostly redundant wrapper method in Auth::LDAP 2019-10-01 19:17:31 +02:00			`# Ensure connection is valid`
			`$self->bind;`
			`return PE_LDAPCONNECTFAILED unless $self->ldap;`

Password in progress (#595) 2016-07-18 21:38:14 +02:00			`# Call the modify password method`
Send dn when resetting LDAP password Fixes: #1353 2018-01-25 15:53:52 +01:00			`my $code =`
Tidy 2020-05-24 00:04:33 +02:00			`$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},`
			`0, $requireOldPassword );`
Password in progress (#595) 2016-07-18 21:38:14 +02:00
			`unless ( $code == PE_PASSWORD_OK ) {`
			`return $code;`
			`}`

			`# If password policy and force reset, set reset flag`
Change password test (#595) 2017-03-02 07:13:52 +01:00			`if ( $self->conf->{ldapPpolicyControl}`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`and $req->data->{forceReset}`
Change password test (#595) 2017-03-02 07:13:52 +01:00			`and $self->conf->{ldapUsePasswordResetAttribute} )`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`{`
			`my $result = $self->ldap->modify(`
Send dn when resetting LDAP password Fixes: #1353 2018-01-25 15:53:52 +01:00			`$dn,`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`replace => {`
Change password test (#595) 2017-03-02 07:13:52 +01:00			`$self->conf->{ldapPasswordResetAttribute} =>`
			`$self->conf->{ldapPasswordResetAttributeValue}`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`}`
			`);`

			`unless ( $result->code == 0 ) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->error( "LDAP modify "`
Missing conversion (#595) 2017-10-19 09:01:19 +02:00			`. $self->conf->{ldapPasswordResetAttribute}`
Better logs in case of a LDAP error 2019-09-30 17:19:57 +02:00			`. " error "`
			`. $result->code . ": "`
			`. $result->error );`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`return PE_LDAPERROR;`
			`}`

Change password test (#595) 2017-03-02 07:13:52 +01:00			`$self->logger->debug( $self->conf->{ldapPasswordResetAttribute}`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`. " set to "`
Change password test (#595) 2017-03-02 07:13:52 +01:00			`. $self->conf->{ldapPasswordResetAttributeValue} );`
Password in progress (#595) 2016-07-18 21:38:14 +02:00			`}`

			`return $code;`
			`}`

			`1;`