Removing workaround with MailPasswordReset
This commit is contained in:
Christophe Maudoux
parent
076a84764e
commit
0236dc00d6
|
|
@ -4,7 +4,7 @@ use strict;
|
|||
use Mouse;
|
||||
use XML::LibXML;
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
# XML parser
|
||||
has parser => (
|
||||
|
|
|
|||
|
|
@ -19,11 +19,12 @@ use Lemonldap::NG::Common::PSGI::Constants;
|
|||
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Common::Conf::AccessLib',
|
||||
'Lemonldap::NG::Handler::PSGI::Router';
|
||||
extends qw(
|
||||
Lemonldap::NG::Handler::PSGI::Router
|
||||
Lemonldap::NG::Common::Conf::AccessLib
|
||||
);
|
||||
|
||||
has csp => ( is => 'rw' );
|
||||
|
||||
has loadedPlugins => ( is => 'rw', default => sub { [] } );
|
||||
has hLoadedPlugins => ( is => 'rw', default => sub { {} } );
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
package Lemonldap::NG::Manager::2ndFA;
|
||||
|
||||
use utf8;
|
||||
use strict;
|
||||
use utf8;
|
||||
use Mouse;
|
||||
|
||||
use Lemonldap::NG::Common::Session;
|
||||
|
|
@ -9,8 +9,6 @@ use Lemonldap::NG::Common::Conf::Constants;
|
|||
use Lemonldap::NG::Common::PSGI::Constants;
|
||||
use Lemonldap::NG::Common::Conf::ReConstants;
|
||||
|
||||
use feature 'state';
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Manager::Plugin
|
||||
Lemonldap::NG::Common::Session::REST
|
||||
|
|
|
|||
|
|
@ -5,12 +5,6 @@ use strict;
|
|||
use utf8;
|
||||
use Mouse;
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Manager::Plugin
|
||||
Lemonldap::NG::Common::Session::REST
|
||||
Lemonldap::NG::Common::Conf::RESTServer
|
||||
);
|
||||
|
||||
use Lemonldap::NG::Manager::Api::2F;
|
||||
use Lemonldap::NG::Manager::Api::Misc;
|
||||
use Lemonldap::NG::Manager::Api::Providers::OidcRp;
|
||||
|
|
@ -19,6 +13,12 @@ use Lemonldap::NG::Manager::Api::Providers::CasApp;
|
|||
use Lemonldap::NG::Manager::Api::Menu::Cat;
|
||||
use Lemonldap::NG::Manager::Api::Menu::App;
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Manager::Plugin
|
||||
Lemonldap::NG::Common::Conf::RESTServer
|
||||
Lemonldap::NG::Common::Session::REST
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
#############################
|
||||
|
|
|
|||
|
|
@ -86,16 +86,11 @@ sub _getSessionDBState {
|
|||
|
||||
# Handle DBI-type session stores
|
||||
if ( $fakeobj->{object_store}->isa("Apache::Session::Store::DBI") ) {
|
||||
#
|
||||
|
||||
# The 'connection' method will fail if the DB is unreachable
|
||||
# this is good enough a test for now
|
||||
eval { $fakeobj->{object_store}->connection($fakeobj) };
|
||||
if ($@) {
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
return 1;
|
||||
}
|
||||
return $@ ? 0 : 1;
|
||||
}
|
||||
|
||||
# Handle MongoDB
|
||||
|
|
@ -106,17 +101,11 @@ sub _getSessionDBState {
|
|||
$fakeobj->{object_store}->connection($fakeobj);
|
||||
$fakeobj->{object_store}->{collection}->estimated_document_count;
|
||||
};
|
||||
if ($@) {
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
return 1;
|
||||
}
|
||||
return $@ ? 0 : 1;
|
||||
}
|
||||
|
||||
# We don't know
|
||||
return 2;
|
||||
|
||||
}
|
||||
|
||||
sub _getObjectSessionModule {
|
||||
|
|
|
|||
|
|
@ -17,12 +17,12 @@ use Convert::PEM;
|
|||
use URI::URL;
|
||||
use Net::SSLeay;
|
||||
|
||||
use feature 'state';
|
||||
extends qw(
|
||||
Lemonldap::NG::Manager::Plugin
|
||||
Lemonldap::NG::Common::Conf::RESTServer
|
||||
);
|
||||
|
||||
extends 'Lemonldap::NG::Manager::Plugin',
|
||||
'Lemonldap::NG::Common::Conf::RESTServer';
|
||||
|
||||
our $VERSION = '2.0.9';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
#############################
|
||||
# I. INITIALIZATION METHODS #
|
||||
|
|
@ -315,7 +315,8 @@ sub prx {
|
|||
|
||||
sub getConfByNum {
|
||||
my ( $self, $cfgNum, @args ) = @_;
|
||||
unless ( %{ $self->currentConf }
|
||||
unless ($self->currentConf
|
||||
and %{ $self->currentConf }
|
||||
and $cfgNum == $self->currentConf->{cfgNum} )
|
||||
{
|
||||
my $tmp;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package Lemonldap::NG::Manager::Conf::Tests;
|
|||
|
||||
use strict;
|
||||
use utf8;
|
||||
use strict;
|
||||
use Lemonldap::NG::Common::Regexp;
|
||||
use Lemonldap::NG::Handler::Main;
|
||||
use Lemonldap::NG::Common::Util qw(getSameSite);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
package Lemonldap::NG::Manager::Conf::Zero;
|
||||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.9';
|
||||
|
||||
sub zeroConf {
|
||||
|
|
|
|||
|
|
@ -12,15 +12,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
|
|||
use Lemonldap::NG::Common::Conf::ReConstants;
|
||||
require Lemonldap::NG::Common::Notifications;
|
||||
|
||||
use feature 'state';
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Manager::Plugin
|
||||
Lemonldap::NG::Common::Conf::AccessLib
|
||||
Lemonldap::NG::Common::PSGI::Router
|
||||
Lemonldap::NG::Common::Conf::AccessLib
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.9';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
has notifAccess => ( is => 'rw' );
|
||||
has notifFormat => ( is => 'rw' );
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@ package Lemonldap::NG::Manager::Plugin;
|
|||
|
||||
use strict;
|
||||
use Mouse;
|
||||
our $VERSION = '2.0.8';
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
extends 'Lemonldap::NG::Common::Module';
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
package Lemonldap::NG::Manager::Sessions;
|
||||
|
||||
use utf8;
|
||||
use strict;
|
||||
use utf8;
|
||||
use Mouse;
|
||||
|
||||
use Lemonldap::NG::Common::Session;
|
||||
|
|
@ -11,11 +11,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
|
|||
use Lemonldap::NG::Common::Conf::ReConstants;
|
||||
use Lemonldap::NG::Common::IPv6;
|
||||
|
||||
use feature 'state';
|
||||
#use feature 'state';
|
||||
|
||||
extends 'Lemonldap::NG::Manager::Plugin',
|
||||
'Lemonldap::NG::Common::Conf::AccessLib',
|
||||
'Lemonldap::NG::Common::Session::REST';
|
||||
extends qw(
|
||||
Lemonldap::NG::Manager::Plugin
|
||||
Lemonldap::NG::Common::Session::REST
|
||||
Lemonldap::NG::Common::Conf::AccessLib
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
|
|
@ -75,15 +77,15 @@ sub delOIDCConsent {
|
|||
my $epoch = $params->{epoch};
|
||||
my $rp = $params->{rp};
|
||||
|
||||
my $id = $req->params('sessionId')
|
||||
my $id = $req->params('sessionId')
|
||||
or return $self->sendError( $req, 'sessionId is missing', 400 );
|
||||
|
||||
$req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id));
|
||||
$req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
|
||||
|
||||
if ( $rp =~ /\b[\w-]+\b/ and defined $epoch ) {
|
||||
$self->logger->debug(
|
||||
"Call procedure deleteOIDCConsent with RP=$rp and epoch=$epoch");
|
||||
return $self->deleteOIDCConsent( $req );
|
||||
return $self->deleteOIDCConsent($req);
|
||||
}
|
||||
else {
|
||||
return $self->sendError( $req, undef, 400 );
|
||||
|
|
@ -448,12 +450,12 @@ sub _maybeEncryptSessionId {
|
|||
|
||||
sub delSession {
|
||||
my ( $self, $req ) = @_;
|
||||
my $id = $req->params('sessionId')
|
||||
my $id = $req->params('sessionId')
|
||||
or return $self->sendError( $req, 'sessionId is missing', 400 );
|
||||
|
||||
$req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id));
|
||||
$req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
|
||||
|
||||
return $self->SUPER::delSession( $req );
|
||||
return $self->SUPER::delSession($req);
|
||||
}
|
||||
|
||||
sub cmpIPv4 {
|
||||
|
|
|
|||
|
|
@ -7,14 +7,12 @@ use Lemonldap::NG::Common::Conf::Constants;
|
|||
use Lemonldap::NG::Common::UserAgent;
|
||||
use URI::URL;
|
||||
|
||||
use feature 'state';
|
||||
|
||||
extends 'Lemonldap::NG::Manager::Conf';
|
||||
|
||||
has diffRule => ( is => 'rw', default => sub { 0 } );
|
||||
has brwRule => ( is => 'rw', default => sub { 0 } );
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
#############################
|
||||
# I. INITIALIZATION METHODS #
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
use strict;
|
||||
use Data::Dumper;
|
||||
use 5.10.0;
|
||||
|
||||
use_ok('Lemonldap::NG::Manager::Cli::Lib');
|
||||
|
||||
our $client;
|
||||
|
|
|
|||
|
|
@ -29,25 +29,19 @@ sub confirm {
|
|||
}
|
||||
|
||||
sub modifyPassword {
|
||||
my ( $self, $req, $pwd ) = @_;
|
||||
my ( $self, $req, $pwd, $useMail ) = @_;
|
||||
my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
|
||||
unless ($dn) {
|
||||
$self->logger->error('"dn" is not set, aborting password modification');
|
||||
$self->logger->error('"dn" is not set, abort password modification');
|
||||
return PE_ERROR;
|
||||
}
|
||||
my $rule = $self->p->HANDLER->buildSub(
|
||||
$self->p->HANDLER->substitute(
|
||||
$self->conf->{portalRequireOldPassword}
|
||||
)
|
||||
);
|
||||
unless ($rule) {
|
||||
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
|
||||
}
|
||||
|
||||
my $requireOldPassword = (
|
||||
$req->userData
|
||||
? $rule->( $req, $req->userData )
|
||||
: $rule->( $req, $req->sessionInfo )
|
||||
? $self->requireOldPwdRule->( $req, $req->userData )
|
||||
: $self->requireOldPwdRule->( $req, $req->sessionInfo )
|
||||
);
|
||||
$requireOldPassword = 0 if $useMail;
|
||||
|
||||
# Ensure connection is valid
|
||||
$self->bind;
|
||||
|
|
|
|||
|
|
@ -21,8 +21,19 @@ our $VERSION = '2.0.10';
|
|||
|
||||
# INITIALIZATION
|
||||
|
||||
has requireOldPwdRule => ( is => 'rw' );
|
||||
|
||||
sub init {
|
||||
$_[0]->p->{_passwordDB} = $_[0];
|
||||
my ($self) = shift;
|
||||
$self->requireOldPwdRule(
|
||||
$self->p->buildRule(
|
||||
$self->conf->{portalRequireOldPassword},
|
||||
'portalRequireOldPassword'
|
||||
)
|
||||
);
|
||||
return 0 unless $self->requireOldPwdRule;
|
||||
|
||||
$self->p->{_passwordDB} = $self;
|
||||
}
|
||||
|
||||
# INTERFACE
|
||||
|
|
|
|||
|
|
@ -28,31 +28,25 @@ sub confirm {
|
|||
}
|
||||
|
||||
sub modifyPassword {
|
||||
my ( $self, $req, $pwd ) = @_;
|
||||
my ( $self, $req, $pwd, $useMail ) = @_;
|
||||
my $dn;
|
||||
my $requireOldPassword;
|
||||
my $rule = $self->p->HANDLER->buildSub(
|
||||
$self->p->HANDLER->substitute(
|
||||
$self->conf->{portalRequireOldPassword}
|
||||
)
|
||||
);
|
||||
unless ($rule) {
|
||||
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
|
||||
}
|
||||
|
||||
if ( $req->data->{dn} ) {
|
||||
$dn = $req->data->{dn};
|
||||
$requireOldPassword = $rule->( $req, $req->userData );
|
||||
$requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );
|
||||
$self->logger->debug("Get DN from request data: $dn");
|
||||
}
|
||||
else {
|
||||
$dn = $req->sessionInfo->{_dn};
|
||||
$requireOldPassword = $rule->( $req, $req->sessionInfo );
|
||||
$requireOldPassword = $self->requireOldPwdRule->( $req, $req->sessionInfo );
|
||||
$self->logger->debug("Get DN from session data: $dn");
|
||||
}
|
||||
unless ($dn) {
|
||||
$self->logger->error('"dn" is not set, aborting password modification');
|
||||
return PE_ERROR;
|
||||
}
|
||||
$requireOldPassword = 0 if $useMail;
|
||||
|
||||
# Ensure connection is valid
|
||||
$self->bind;
|
||||
|
|
|
|||
|
|
@ -473,16 +473,11 @@ sub changePwd {
|
|||
return $cpq;
|
||||
}
|
||||
|
||||
# Modify the password TODO: change this
|
||||
# Populate $req->{user} for logging purpose
|
||||
my $tmp = $self->conf->{portalRequireOldPassword};
|
||||
$self->conf->{portalRequireOldPassword} = 0;
|
||||
$req->user( $req->{sessionInfo}->{_user} );
|
||||
my $result =
|
||||
$self->p->_passwordDB->modifyPassword( $req,
|
||||
$req->data->{newpassword}, 1 );
|
||||
$req->{user} = undef;
|
||||
$self->conf->{portalRequireOldPassword} = $tmp;
|
||||
|
||||
# Mail token can be used only one time, delete the session if all is ok
|
||||
unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user