lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm

package Lemonldap::NG::Portal::Password::AD;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_PASSWORD_OK
  PE_LDAPERROR
  PE_LDAPCONNECTFAILED
  PE_ERROR
);

extends 'Lemonldap::NG::Portal::Lib::LDAP',
  'Lemonldap::NG::Portal::Password::Base';

our $VERSION = '2.0.2';

sub init {
    my ($self) = @_;
    $self->ldap
      and $self->filter
      and $self->Lemonldap::NG::Portal::Password::Base::init;
}

# Confirmation is done by Lib::Net::LDAP::userModifyPassword
sub confirm {
    return 1;
}

sub modifyPassword {
    my ( $self, $req, $pwd ) = @_;
    my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
    unless ($dn) {
        $self->logger->error('"dn" is not set, aborting password modification');
        return PE_ERROR;
    }
    my $rule = $self->p->HANDLER->buildSub(
        $self->p->HANDLER->substitute(
            $self->conf->{portalRequireOldPassword}
        )
    );
    unless ($rule) {
        my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
    }
    my $requireOldPassword = (
          $req->userData
        ? $rule->( $req, $req->userData )
        : $rule->( $req, $req->sessionInfo )
    );

    # Ensure connection is valid
    $self->bind;
    return PE_LDAPCONNECTFAILED unless $self->ldap;

    # Call the modify password method
    my $code =
      $self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
        1, $requireOldPassword );

    unless ( $code == PE_PASSWORD_OK ) {
        return $code;
    }

    # If force reset, set reset flag
    if ( $req->data->{forceReset} ) {
        my $result = $self->ldap->modify(
            $dn,
            replace => {
                'pwdLastSet' => '0'
            }
        );

        unless ( $result->code == 0 ) {
            $self->logger->error( "LDAP modify pwdLastSet error "
                  . $result->code . ": "
                  . $result->error );
            return PE_LDAPERROR;
        }

        $self->logger->debug("pwdLastSet set to 0");
    }

    return $code;
}

1;
Add AD password module (#1530) 2018-10-29 18:35:25 +01:00			`package Lemonldap::NG::Portal::Password::AD;`

			`use strict;`
			`use Mouse;`
Make Password::LDAP/AD check connection before use (#1909) Also remove a mostly redundant wrapper method in Auth::LDAP 2019-10-01 19:17:31 +02:00			`use Lemonldap::NG::Portal::Main::Constants qw(`
			`PE_PASSWORD_OK`
			`PE_LDAPERROR`
			`PE_LDAPCONNECTFAILED`
			`PE_ERROR`
			`);`
Add AD password module (#1530) 2018-10-29 18:35:25 +01:00
			`extends 'Lemonldap::NG::Portal::Lib::LDAP',`
			`'Lemonldap::NG::Portal::Password::Base';`

Do not disconnect from LDAP if password modification fails (#1644) 2019-02-06 18:00:59 +01:00			`our $VERSION = '2.0.2';`
Add AD password module (#1530) 2018-10-29 18:35:25 +01:00
			`sub init {`
			`my ($self) = @_;`
			`$self->ldap`
			`and $self->filter`
			`and $self->Lemonldap::NG::Portal::Password::Base::init;`
			`}`

			`# Confirmation is done by Lib::Net::LDAP::userModifyPassword`
			`sub confirm {`
			`return 1;`
			`}`

			`sub modifyPassword {`
			`my ( $self, $req, $pwd ) = @_;`
Use req->data instead of req->userData to retrieve LDAP dn (#1598) 2019-09-26 22:47:03 +02:00			`my $dn = $req->data->{dn} \|\| $req->sessionInfo->{_dn};`
Add AD password module (#1530) 2018-10-29 18:35:25 +01:00			`unless ($dn) {`
			`$self->logger->error('"dn" is not set, aborting password modification');`
			`return PE_ERROR;`
			`}`
Use rule (#2178) 2020-04-27 22:08:12 +02:00			`my $rule = $self->p->HANDLER->buildSub(`
			`$self->p->HANDLER->substitute(`
			`$self->conf->{portalRequireOldPassword}`
			`)`
			`);`
			`unless ($rule) {`
			`my $error = $self->p->HANDLER->tsv->{jail}->error \|\| '???';`
			`}`
			`my $requireOldPassword = (`
			`$req->userData`
			`? $rule->( $req, $req->userData )`
			`: $rule->( $req, $req->sessionInfo )`
			`);`
Add AD password module (#1530) 2018-10-29 18:35:25 +01:00
Make Password::LDAP/AD check connection before use (#1909) Also remove a mostly redundant wrapper method in Auth::LDAP 2019-10-01 19:17:31 +02:00			`# Ensure connection is valid`
			`$self->bind;`
			`return PE_LDAPCONNECTFAILED unless $self->ldap;`

Add AD password module (#1530) 2018-10-29 18:35:25 +01:00			`# Call the modify password method`
			`my $code =`
			`$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},`
Use rule (#2178) 2020-04-27 22:08:12 +02:00			`1, $requireOldPassword );`
Add AD password module (#1530) 2018-10-29 18:35:25 +01:00
			`unless ( $code == PE_PASSWORD_OK ) {`
			`return $code;`
			`}`

			`# If force reset, set reset flag`
			`if ( $req->data->{forceReset} ) {`
			`my $result = $self->ldap->modify(`
			`$dn,`
			`replace => {`
			`'pwdLastSet' => '0'`
			`}`
			`);`

			`unless ( $result->code == 0 ) {`
Better logs in case of a LDAP error 2019-09-30 17:19:57 +02:00			`$self->logger->error( "LDAP modify pwdLastSet error "`
			`. $result->code . ": "`
			`. $result->error );`
Add AD password module (#1530) 2018-10-29 18:35:25 +01:00			`return PE_LDAPERROR;`
			`}`

			`$self->logger->debug("pwdLastSet set to 0");`
			`}`

			`return $code;`
			`}`

			`1;`