dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removing workaround with MailPasswordReset

Browse Source
This commit is contained in:
Christophe Maudoux 2020-12-23 14:57:55 +01:00
parent 076a84764e
commit 0236dc00d6
17 changed files with 67 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm
View File

@ -4,7 +4,7 @@ use strict;
use Mouse; use Mouse;
use XML::LibXML; use XML::LibXML;
our $VERSION = '2.0.8'; our $VERSION = '2.0.10';
# XML parser # XML parser
has parser => ( has parser => (

7
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -19,11 +19,12 @@ use Lemonldap::NG::Common::PSGI::Constants;
our $VERSION = '2.0.10'; our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Common::Conf::AccessLib', extends qw(
'Lemonldap::NG::Handler::PSGI::Router'; Lemonldap::NG::Handler::PSGI::Router
Lemonldap::NG::Common::Conf::AccessLib
);
has csp => ( is => 'rw' ); has csp => ( is => 'rw' );
has loadedPlugins => ( is => 'rw', default => sub { [] } ); has loadedPlugins => ( is => 'rw', default => sub { [] } );
has hLoadedPlugins => ( is => 'rw', default => sub { {} } ); has hLoadedPlugins => ( is => 'rw', default => sub { {} } );

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
View File

@ -1,7 +1,7 @@
package Lemonldap::NG::Manager::2ndFA; package Lemonldap::NG::Manager::2ndFA;
use utf8;
use strict; use strict;
use utf8;
use Mouse; use Mouse;
use Lemonldap::NG::Common::Session; use Lemonldap::NG::Common::Session;
@ -9,8 +9,6 @@ use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::PSGI::Constants; use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::Conf::ReConstants; use Lemonldap::NG::Common::Conf::ReConstants;
use feature 'state';
extends qw( extends qw(
Lemonldap::NG::Manager::Plugin Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Session::REST Lemonldap::NG::Common::Session::REST

12
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api.pm
View File

@ -5,12 +5,6 @@ use strict;
use utf8; use utf8;
use Mouse; use Mouse;
extends qw(
Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Session::REST
Lemonldap::NG::Common::Conf::RESTServer
);
use Lemonldap::NG::Manager::Api::2F; use Lemonldap::NG::Manager::Api::2F;
use Lemonldap::NG::Manager::Api::Misc; use Lemonldap::NG::Manager::Api::Misc;
use Lemonldap::NG::Manager::Api::Providers::OidcRp; use Lemonldap::NG::Manager::Api::Providers::OidcRp;
@ -19,6 +13,12 @@ use Lemonldap::NG::Manager::Api::Providers::CasApp;
use Lemonldap::NG::Manager::Api::Menu::Cat; use Lemonldap::NG::Manager::Api::Menu::Cat;
use Lemonldap::NG::Manager::Api::Menu::App; use Lemonldap::NG::Manager::Api::Menu::App;
extends qw(
Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Conf::RESTServer
Lemonldap::NG::Common::Session::REST
);
our $VERSION = '2.0.10'; our $VERSION = '2.0.10';
############################# #############################

17
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/Misc.pm
View File

@ -86,16 +86,11 @@ sub _getSessionDBState {
# Handle DBI-type session stores # Handle DBI-type session stores
if ( $fakeobj->{object_store}->isa("Apache::Session::Store::DBI") ) { if ( $fakeobj->{object_store}->isa("Apache::Session::Store::DBI") ) {
#
# The 'connection' method will fail if the DB is unreachable # The 'connection' method will fail if the DB is unreachable
# this is good enough a test for now # this is good enough a test for now
eval { $fakeobj->{object_store}->connection($fakeobj) }; eval { $fakeobj->{object_store}->connection($fakeobj) };
if ($@) { return $@ ? 0 : 1;
return 0;
}
else {
return 1;
}
} }
# Handle MongoDB # Handle MongoDB
@ -106,17 +101,11 @@ sub _getSessionDBState {
$fakeobj->{object_store}->connection($fakeobj); $fakeobj->{object_store}->connection($fakeobj);
$fakeobj->{object_store}->{collection}->estimated_document_count; $fakeobj->{object_store}->{collection}->estimated_document_count;
}; };
if ($@) { return $@ ? 0 : 1;
return 0;
}
else {
return 1;
}
} }
# We don't know # We don't know
return 2; return 2;
} }
sub _getObjectSessionModule { sub _getObjectSessionModule {

13
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm
View File

@ -17,12 +17,12 @@ use Convert::PEM;
use URI::URL; use URI::URL;
use Net::SSLeay; use Net::SSLeay;
use feature 'state'; extends qw(
Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Conf::RESTServer
);
extends 'Lemonldap::NG::Manager::Plugin', our $VERSION = '2.0.10';
'Lemonldap::NG::Common::Conf::RESTServer';
our $VERSION = '2.0.9';
############################# #############################
# I. INITIALIZATION METHODS # # I. INITIALIZATION METHODS #
@ -315,7 +315,8 @@ sub prx {
sub getConfByNum { sub getConfByNum {
my ( $self, $cfgNum, @args ) = @_; my ( $self, $cfgNum, @args ) = @_;
unless ( %{ $self->currentConf } unless ($self->currentConf
and %{ $self->currentConf }
and $cfgNum == $self->currentConf->{cfgNum} ) and $cfgNum == $self->currentConf->{cfgNum} )
{ {
my $tmp; my $tmp;

1
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
View File

@ -2,6 +2,7 @@ package Lemonldap::NG::Manager::Conf::Tests;
use strict; use strict;
use utf8; use utf8;
use strict;
use Lemonldap::NG::Common::Regexp; use Lemonldap::NG::Common::Regexp;
use Lemonldap::NG::Handler::Main; use Lemonldap::NG::Handler::Main;
use Lemonldap::NG::Common::Util qw(getSameSite); use Lemonldap::NG::Common::Util qw(getSameSite);

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
View File

@ -1,5 +1,7 @@
package Lemonldap::NG::Manager::Conf::Zero; package Lemonldap::NG::Manager::Conf::Zero;
use strict;
our $VERSION = '2.0.9'; our $VERSION = '2.0.9';
sub zeroConf { sub zeroConf {

6
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm
View File

@ -12,15 +12,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::Conf::ReConstants; use Lemonldap::NG::Common::Conf::ReConstants;
require Lemonldap::NG::Common::Notifications; require Lemonldap::NG::Common::Notifications;
use feature 'state';
extends qw( extends qw(
Lemonldap::NG::Manager::Plugin Lemonldap::NG::Manager::Plugin
Lemonldap::NG::Common::Conf::AccessLib
Lemonldap::NG::Common::PSGI::Router Lemonldap::NG::Common::PSGI::Router
Lemonldap::NG::Common::Conf::AccessLib
); );
our $VERSION = '2.0.9'; our $VERSION = '2.0.10';
has notifAccess => ( is => 'rw' ); has notifAccess => ( is => 'rw' );
has notifFormat => ( is => 'rw' ); has notifFormat => ( is => 'rw' );

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Plugin.pm
View File

@ -2,7 +2,8 @@ package Lemonldap::NG::Manager::Plugin;
use strict; use strict;
use Mouse; use Mouse;
our $VERSION = '2.0.8';
our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Common::Module'; extends 'Lemonldap::NG::Common::Module';

24
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
View File

@ -1,7 +1,7 @@
package Lemonldap::NG::Manager::Sessions; package Lemonldap::NG::Manager::Sessions;
use utf8;
use strict; use strict;
use utf8;
use Mouse; use Mouse;
use Lemonldap::NG::Common::Session; use Lemonldap::NG::Common::Session;
@ -11,11 +11,13 @@ use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::Conf::ReConstants; use Lemonldap::NG::Common::Conf::ReConstants;
use Lemonldap::NG::Common::IPv6; use Lemonldap::NG::Common::IPv6;
use feature 'state'; #use feature 'state';
extends 'Lemonldap::NG::Manager::Plugin', extends qw(
'Lemonldap::NG::Common::Conf::AccessLib', Lemonldap::NG::Manager::Plugin
'Lemonldap::NG::Common::Session::REST'; Lemonldap::NG::Common::Session::REST
Lemonldap::NG::Common::Conf::AccessLib
);
our $VERSION = '2.0.10'; our $VERSION = '2.0.10';
@ -75,15 +77,15 @@ sub delOIDCConsent {
my $epoch = $params->{epoch}; my $epoch = $params->{epoch};
my $rp = $params->{rp}; my $rp = $params->{rp};
my $id = $req->params('sessionId') my $id = $req->params('sessionId')
or return $self->sendError( $req, 'sessionId is missing', 400 ); or return $self->sendError( $req, 'sessionId is missing', 400 );
$req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id)); $req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
if ( $rp =~ /\b[\w-]+\b/ and defined $epoch ) { if ( $rp =~ /\b[\w-]+\b/ and defined $epoch ) {
$self->logger->debug( $self->logger->debug(
"Call procedure deleteOIDCConsent with RP=$rp and epoch=$epoch"); "Call procedure deleteOIDCConsent with RP=$rp and epoch=$epoch");
return $self->deleteOIDCConsent( $req ); return $self->deleteOIDCConsent($req);
} }
else { else {
return $self->sendError( $req, undef, 400 ); return $self->sendError( $req, undef, 400 );
@ -448,12 +450,12 @@ sub _maybeEncryptSessionId {
sub delSession { sub delSession {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
my $id = $req->params('sessionId') my $id = $req->params('sessionId')
or return $self->sendError( $req, 'sessionId is missing', 400 ); or return $self->sendError( $req, 'sessionId is missing', 400 );
$req->parameters->set('sessionId', $self->_maybeDecryptSessionId($id)); $req->parameters->set( 'sessionId', $self->_maybeDecryptSessionId($id) );
return $self->SUPER::delSession( $req ); return $self->SUPER::delSession($req);
} }
sub cmpIPv4 { sub cmpIPv4 {

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
View File

@ -7,14 +7,12 @@ use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::UserAgent; use Lemonldap::NG::Common::UserAgent;
use URI::URL; use URI::URL;
use feature 'state';
extends 'Lemonldap::NG::Manager::Conf'; extends 'Lemonldap::NG::Manager::Conf';
has diffRule => ( is => 'rw', default => sub { 0 } ); has diffRule => ( is => 'rw', default => sub { 0 } );
has brwRule => ( is => 'rw', default => sub { 0 } ); has brwRule => ( is => 'rw', default => sub { 0 } );
our $VERSION = '2.0.8'; our $VERSION = '2.0.10';
############################# #############################
# I. INITIALIZATION METHODS # # I. INITIALIZATION METHODS #

2
lemonldap-ng-manager/t/test-lib.pm
View File

@ -2,7 +2,7 @@
use strict; use strict;
use Data::Dumper; use Data::Dumper;
use 5.10.0;
use_ok('Lemonldap::NG::Manager::Cli::Lib'); use_ok('Lemonldap::NG::Manager::Cli::Lib');
our $client; our $client;

18
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
View File

@ -29,25 +29,19 @@ sub confirm {
} }
sub modifyPassword { sub modifyPassword {
my ( $self, $req, $pwd ) = @_; my ( $self, $req, $pwd, $useMail ) = @_;
my $dn = $req->data->{dn} || $req->sessionInfo->{_dn}; my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
unless ($dn) { unless ($dn) {
$self->logger->error('"dn" is not set, aborting password modification'); $self->logger->error('"dn" is not set, abort password modification');
return PE_ERROR; return PE_ERROR;
} }
my $rule = $self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute(
$self->conf->{portalRequireOldPassword}
)
);
unless ($rule) {
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
}
my $requireOldPassword = ( my $requireOldPassword = (
$req->userData $req->userData
? $rule->( $req, $req->userData ) ? $self->requireOldPwdRule->( $req, $req->userData )
: $rule->( $req, $req->sessionInfo ) : $self->requireOldPwdRule->( $req, $req->sessionInfo )
); );
$requireOldPassword = 0 if $useMail;
# Ensure connection is valid # Ensure connection is valid
$self->bind; $self->bind;

13
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
View File

@ -21,8 +21,19 @@ our $VERSION = '2.0.10';
# INITIALIZATION # INITIALIZATION
has requireOldPwdRule => ( is => 'rw' );
sub init { sub init {
$_[0]->p->{_passwordDB} = $_[0]; my ($self) = shift;
$self->requireOldPwdRule(
$self->p->buildRule(
$self->conf->{portalRequireOldPassword},
'portalRequireOldPassword'
)
);
return 0 unless $self->requireOldPwdRule;
$self->p->{_passwordDB} = $self;
} }
# INTERFACE # INTERFACE

16
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
View File

@ -28,31 +28,25 @@ sub confirm {
} }
sub modifyPassword { sub modifyPassword {
my ( $self, $req, $pwd ) = @_; my ( $self, $req, $pwd, $useMail ) = @_;
my $dn; my $dn;
my $requireOldPassword; my $requireOldPassword;
my $rule = $self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute(
$self->conf->{portalRequireOldPassword}
)
);
unless ($rule) {
my $error = $self->p->HANDLER->tsv->{jail}->error || '???';
}
if ( $req->data->{dn} ) { if ( $req->data->{dn} ) {
$dn = $req->data->{dn}; $dn = $req->data->{dn};
$requireOldPassword = $rule->( $req, $req->userData ); $requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );
$self->logger->debug("Get DN from request data: $dn"); $self->logger->debug("Get DN from request data: $dn");
} }
else { else {
$dn = $req->sessionInfo->{_dn}; $dn = $req->sessionInfo->{_dn};
$requireOldPassword = $rule->( $req, $req->sessionInfo ); $requireOldPassword = $self->requireOldPwdRule->( $req, $req->sessionInfo );
$self->logger->debug("Get DN from session data: $dn"); $self->logger->debug("Get DN from session data: $dn");
} }
unless ($dn) { unless ($dn) {
$self->logger->error('"dn" is not set, aborting password modification'); $self->logger->error('"dn" is not set, aborting password modification');
return PE_ERROR; return PE_ERROR;
} }
$requireOldPassword = 0 if $useMail;
# Ensure connection is valid # Ensure connection is valid
$self->bind; $self->bind;

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
View File

@ -473,16 +473,11 @@ sub changePwd {
return $cpq; return $cpq;
} }
# Modify the password TODO: change this
# Populate $req->{user} for logging purpose
my $tmp = $self->conf->{portalRequireOldPassword};
$self->conf->{portalRequireOldPassword} = 0;
$req->user( $req->{sessionInfo}->{_user} ); $req->user( $req->{sessionInfo}->{_user} );
my $result = my $result =
$self->p->_passwordDB->modifyPassword( $req, $self->p->_passwordDB->modifyPassword( $req,
$req->data->{newpassword}, 1 ); $req->data->{newpassword}, 1 );
$req->{user} = undef; $req->{user} = undef;
$self->conf->{portalRequireOldPassword} = $tmp;
# Mail token can be used only one time, delete the session if all is ok # Mail token can be used only one time, delete the session if all is ok
unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) { unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) {