lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm

package Lemonldap::NG::Portal::Password::AD;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_ERROR
  PE_LDAPERROR
  PE_PASSWORD_OK
  PE_LDAPCONNECTFAILED
);

extends qw(
  Lemonldap::NG::Portal::Lib::LDAP
  Lemonldap::NG::Portal::Password::Base
);

our $VERSION = '2.0.15';

sub init {
    my ($self) = @_;
    return (  $self->Lemonldap::NG::Portal::Password::Base::init
          and $self->Lemonldap::NG::Portal::Lib::LDAP::init );
}

# Confirmation is done by Lib::Net::LDAP::userModifyPassword
sub confirm {
    return 1;
}

sub modifyPassword {
    my ( $self, $req, $pwd, $useMail ) = @_;

    # If the password change is done in a different backend,
    # we need to reload the correct DN
    $self->getUser( $req, useMail => $useMail )
      if $self->conf->{ldapGetUserBeforePasswordChange};

    my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
    unless ($dn) {
        $self->logger->error('"dn" is not set, abort password modification');
        return PE_ERROR;
    }

    my $requireOldPassword = (
          $req->userData
        ? $self->requireOldPwdRule->( $req, $req->userData )
        : $self->requireOldPwdRule->( $req, $req->sessionInfo )
    );
    $requireOldPassword = 0 if $useMail;

    # Ensure connection is valid
    $self->bind;
    return PE_LDAPCONNECTFAILED unless $self->ldap;

    # Call the modify password method
    my $code =
      $self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
        1, $requireOldPassword );
    return $code unless ( $code == PE_PASSWORD_OK );

    # If force reset, set reset flag
    if ( $req->data->{forceReset} ) {
        my $result = $self->ldap->modify(
            $dn,
            replace => {
                'pwdLastSet' => '0'
            }
        );

        unless ( $result->code == 0 ) {
            $self->logger->error( "LDAP modify pwdLastSet error "
                  . $result->code . ": "
                  . $result->error );
            return PE_LDAPERROR;
        }

        $self->logger->debug("pwdLastSet set to 0");
    }

    return $code;
}

1;