2016-07-18 21:38:14 +02:00
|
|
|
package Lemonldap::NG::Portal::Password::LDAP;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
2019-10-01 19:17:31 +02:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
2020-11-04 16:48:43 +01:00
|
|
|
PE_ERROR
|
2019-10-01 19:17:31 +02:00
|
|
|
PE_LDAPERROR
|
2020-11-04 16:48:43 +01:00
|
|
|
PE_PASSWORD_OK
|
2019-10-01 19:17:31 +02:00
|
|
|
PE_LDAPCONNECTFAILED
|
|
|
|
);
|
2016-07-18 21:38:14 +02:00
|
|
|
|
2020-11-04 16:48:43 +01:00
|
|
|
extends qw(
|
|
|
|
Lemonldap::NG::Portal::Lib::LDAP
|
|
|
|
Lemonldap::NG::Portal::Password::Base
|
|
|
|
);
|
2016-07-18 21:38:14 +02:00
|
|
|
|
2020-11-04 16:48:43 +01:00
|
|
|
our $VERSION = '2.0.10';
|
2016-07-18 21:38:14 +02:00
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
2020-12-07 16:58:49 +01:00
|
|
|
return ( $self->Lemonldap::NG::Portal::Password::Base::init
|
|
|
|
and $self->Lemonldap::NG::Portal::Lib::LDAP::init );
|
2016-07-18 21:38:14 +02:00
|
|
|
}
|
|
|
|
|
2017-03-02 07:13:52 +01:00
|
|
|
# Confirmation is done by Lib::Net::LDAP::userModifyPassword
|
2016-07-18 21:38:14 +02:00
|
|
|
sub confirm {
|
2016-07-20 22:47:43 +02:00
|
|
|
return 1;
|
2016-07-18 21:38:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
sub modifyPassword {
|
2020-12-23 14:57:55 +01:00
|
|
|
my ( $self, $req, $pwd, $useMail ) = @_;
|
2018-11-14 10:15:28 +01:00
|
|
|
my $dn;
|
2020-04-27 22:08:12 +02:00
|
|
|
my $requireOldPassword;
|
2020-12-23 14:57:55 +01:00
|
|
|
|
2021-01-08 14:27:56 +01:00
|
|
|
# If the password change is done in a different backend,
|
|
|
|
# we need to reload the correct DN
|
|
|
|
$self->getUser( $req, useMail => $useMail )
|
|
|
|
if $self->conf->{ldapGetUserBeforePasswordChange};
|
|
|
|
|
2019-09-26 22:47:03 +02:00
|
|
|
if ( $req->data->{dn} ) {
|
2022-02-16 17:43:29 +01:00
|
|
|
$dn = $req->data->{dn};
|
|
|
|
$requireOldPassword =
|
|
|
|
$self->requireOldPwdRule->( $req, $req->userData );
|
2018-11-14 10:15:28 +01:00
|
|
|
$self->logger->debug("Get DN from request data: $dn");
|
|
|
|
}
|
|
|
|
else {
|
2022-02-16 17:43:29 +01:00
|
|
|
$dn = $req->sessionInfo->{_dn};
|
|
|
|
$requireOldPassword =
|
|
|
|
$self->requireOldPwdRule->( $req, $req->sessionInfo );
|
2018-11-14 10:15:28 +01:00
|
|
|
$self->logger->debug("Get DN from session data: $dn");
|
|
|
|
}
|
2018-01-25 15:53:52 +01:00
|
|
|
unless ($dn) {
|
|
|
|
$self->logger->error('"dn" is not set, aborting password modification');
|
|
|
|
return PE_ERROR;
|
|
|
|
}
|
2020-12-23 14:57:55 +01:00
|
|
|
$requireOldPassword = 0 if $useMail;
|
2016-07-18 21:38:14 +02:00
|
|
|
|
2019-10-01 19:17:31 +02:00
|
|
|
# Ensure connection is valid
|
|
|
|
$self->bind;
|
|
|
|
return PE_LDAPCONNECTFAILED unless $self->ldap;
|
|
|
|
|
2016-07-18 21:38:14 +02:00
|
|
|
# Call the modify password method
|
2018-01-25 15:53:52 +01:00
|
|
|
my $code =
|
2020-05-24 00:04:33 +02:00
|
|
|
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
|
|
|
|
0, $requireOldPassword );
|
2016-07-18 21:38:14 +02:00
|
|
|
|
|
|
|
unless ( $code == PE_PASSWORD_OK ) {
|
|
|
|
return $code;
|
|
|
|
}
|
|
|
|
|
|
|
|
# If password policy and force reset, set reset flag
|
2017-03-02 07:13:52 +01:00
|
|
|
if ( $self->conf->{ldapPpolicyControl}
|
2018-07-05 22:56:16 +02:00
|
|
|
and $req->data->{forceReset}
|
2017-03-02 07:13:52 +01:00
|
|
|
and $self->conf->{ldapUsePasswordResetAttribute} )
|
2016-07-18 21:38:14 +02:00
|
|
|
{
|
|
|
|
my $result = $self->ldap->modify(
|
2018-01-25 15:53:52 +01:00
|
|
|
$dn,
|
2016-07-18 21:38:14 +02:00
|
|
|
replace => {
|
2017-03-02 07:13:52 +01:00
|
|
|
$self->conf->{ldapPasswordResetAttribute} =>
|
|
|
|
$self->conf->{ldapPasswordResetAttributeValue}
|
2016-07-18 21:38:14 +02:00
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
unless ( $result->code == 0 ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error( "LDAP modify "
|
2017-10-19 09:01:19 +02:00
|
|
|
. $self->conf->{ldapPasswordResetAttribute}
|
2019-09-30 17:19:57 +02:00
|
|
|
. " error "
|
|
|
|
. $result->code . ": "
|
|
|
|
. $result->error );
|
2016-07-18 21:38:14 +02:00
|
|
|
return PE_LDAPERROR;
|
|
|
|
}
|
|
|
|
|
2017-03-02 07:13:52 +01:00
|
|
|
$self->logger->debug( $self->conf->{ldapPasswordResetAttribute}
|
2016-07-18 21:38:14 +02:00
|
|
|
. " set to "
|
2017-03-02 07:13:52 +01:00
|
|
|
. $self->conf->{ldapPasswordResetAttributeValue} );
|
2016-07-18 21:38:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return $code;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|