From a0feeae9a118ef8b60485f6f946e2fcc07802e53 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Thu, 12 Nov 2020 13:43:41 +0100 Subject: [PATCH 1/3] Append accessToTrace parameter (#2381) --- e2e-tests/custom.pm | 6 +++ .../Lemonldap/NG/Common/Conf/ReConstants.pm | 2 +- .../lib/Lemonldap/NG/Handler/Main/Reload.pm | 2 + .../lib/Lemonldap/NG/Handler/Main/Run.pm | 41 +++++++++++++++++-- .../lib/Lemonldap/NG/Manager/Attributes.pm | 4 ++ .../Lemonldap/NG/Manager/Build/Attributes.pm | 5 ++- .../lib/Lemonldap/NG/Manager/Build/CTrees.pm | 8 ++-- .../site/htdocs/static/js/2ndfa.min.js | 2 +- .../site/htdocs/static/js/2ndfa.min.js.map | 2 +- .../site/htdocs/static/js/conftree.js | 6 +++ .../site/htdocs/static/js/conftree.min.js | 2 +- .../site/htdocs/static/js/conftree.min.js.map | 2 +- 12 files changed, 67 insertions(+), 15 deletions(-) diff --git a/e2e-tests/custom.pm b/e2e-tests/custom.pm index bf9f3244ff..0ac7012f2e 100644 --- a/e2e-tests/custom.pm +++ b/e2e-tests/custom.pm @@ -8,4 +8,10 @@ sub get_additional_arg { return $_[0]; } +sub accessToTrace { + my $hash = shift; + return +"$hash->{custom} alias $hash->{params}->[0] $hash->{params}->[1]:$hash->{session}->{groups}"; +} + 1; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index 6b81914558..01a0a25976 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -30,7 +30,7 @@ our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID) our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:uth(?:orizationCodeExpiration|nLevel)|llow(?:PasswordGrant|Offline)|ccessTokenExpiration|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)'; our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)'; our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)'; -our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)'; +our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)'; our $authParameters = { adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)], diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm index c664ced4e5..3b74678055 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm @@ -238,6 +238,8 @@ sub defaultValuesInit { $conf->{vhostOptions}->{$vhost}->{vhostAuthnLevel}; $class->tsv->{serviceTokenTTL}->{$vhost} = $conf->{vhostOptions}->{$vhost}->{vhostServiceTokenTTL}; + $class->tsv->{accessToTrace}->{$vhost} = + $conf->{vhostOptions}->{$vhost}->{vhostAccessToTrace}; } } return 1; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index f552a5b68b..bf6e7844b4 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -1,7 +1,7 @@ # Main running methods file package Lemonldap::NG::Handler::Main::Run; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; package Lemonldap::NG::Handler::Main; @@ -105,6 +105,7 @@ sub checkType { sub run { my ( $class, $req, $rule, $protection ) = @_; my ( $id, $session ); + my $vhost = $class->resolveAlias($req); return $class->DECLINED unless ( $class->is_initial_req($req) ); @@ -149,9 +150,41 @@ sub run { # ACCOUNTING (1. Inform web server) $class->set_user( $req, $session->{ $class->tsv->{whatToTrace} } ); - $class->set_custom( $req, $session->{ $class->tsv->{customToTrace} } ) - if $class->tsv->{customToTrace} - and $session->{ $class->tsv->{customToTrace} }; + + my $custom; + $custom = $session->{ $class->tsv->{customToTrace} } + if ( $class->tsv->{customToTrace} + and $session->{ $class->tsv->{customToTrace} } ); + if ( $class->tsv->{accessToTrace}->{$vhost} ) { + my ( $function, @params ) = split /\s*,\s*/, + $class->tsv->{accessToTrace}->{$vhost}; + if ( $function =~ qr/^(?:\w+(?:::\w+)*(?:\s+\w+(?:::\w+)*)*)?$/ ) { + my $c = eval { + no strict 'refs'; + &{$function}( { + req => $req, + vhost => $vhost, + session => $session, + custom => $custom, + params => \@params + } + ); + }; + if ($@) { + $class->logger->error( + "Failed to overwrite customToTrace: $@"); + } + else { + $class->logger->debug("Overwrite customToTrace with: $c"); + $custom = $c; + } + } + else { + $class->logger->error( + "accessToTrace: Bad custom function name"); + } + } + $class->set_custom( $req, $custom ) if $custom; # AUTHORIZATION return ( $class->forbidden( $req, $session ), $session ) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index 8e362e47f7..48d1cd0881 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -4137,6 +4137,10 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a- 'utotp2fLogo' => { 'type' => 'text' }, + 'vhostAccessToTrace' => { + 'default' => '', + 'type' => 'text' + }, 'vhostAliases' => { 'default' => '', 'type' => 'text' diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index f5b49ce309..7a134b500f 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -2227,8 +2227,9 @@ sub attributes { type => 'int', default => -1, }, - vhostAliases => { type => 'text', default => '' }, - vhostType => { + vhostAccessToTrace => { type => 'text', default => '' }, + vhostAliases => { type => 'text', default => '' }, + vhostType => { type => 'select', select => [ { k => 'AuthBasic', v => 'AuthBasic' }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index 3218e74c87..2a20e522aa 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -27,10 +27,10 @@ sub cTrees { help => 'configvhost.html#options', form => 'simpleInputContainer', nodes => [ - 'vhostPort', 'vhostHttps', - 'vhostMaintenance', 'vhostAliases', - 'vhostType', 'vhostAuthnLevel', - 'vhostServiceTokenTTL' + 'vhostPort', 'vhostHttps', + 'vhostMaintenance', 'vhostAliases', + 'vhostAccessToTrace', 'vhostType', + 'vhostAuthnLevel', 'vhostServiceTokenTTL' ], }, ], diff --git a/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js b/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js index fbb4a9f51c..28a769f75a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js @@ -1 +1 @@ -(function(){var S,o,f,g,e;e=function(e,t){return $("#msg").html(window.translate(e)),$("#color").removeClass("message-positive message-warning alert-success alert-warning"),$("#color").addClass("message-"+t),"positive"===t&&(t="success"),$("#color").addClass("alert-"+t)},g={_whatToTrace:[function(e,t){return"groupBy=substr("+e+",1)"},function(e,t){return e+"="+t+"*"}]},f={_whatToTrace:function(e,t,n,a){return console.log("overSchema => level",n,"over",a),1===n&&t.length>a?e+"="+t+"*&groupBy=substr("+e+","+(n+a+1)+")":null}},S={dateTitle:["_utime","_startTime","_updateTime"],sfaTitle:["_2fDevices"]},o={home:[]},angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]).controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(k,t,e,n,i){var p,a,r,d;return k.links=links,k.menulinks=menulinks,k.staticPrefix=staticPrefix,k.scriptname=scriptname,k.formPrefix=formPrefix,k.availableLanguages=availableLanguages,k.waiting=!0,k.showM=!1,k.showT=!0,k.data=[],k.currentScope=null,k.currentSession=null,k.menu=o,k.searchString="",k.U2FCheck="1",k.TOTPCheck="1",k.UBKCheck="1",k.translateP=t.translateP,k.translate=t.translate,k.translateTitle=function(e){return t.translateField(e,"title")},d="persistent",k.menuClick=function(e){if(e.popup)window.open(e.popup);else switch(e.action||(e.action=e.title),typeof e.action){case"function":e.action(k.currentNode,k),k[e.action]();break;case"string":k[e.action]();break;default:console.log(typeof e.action)}return k.showM=!1},k.search2FA=function(e){return e&&(k.searchString=""),k.currentSession=null,k.data=[],k.updateTree2("",k.data,0,0)},k.delete2FA=function(e,t){var n,a,r;for(n=0,r=(a=document.querySelectorAll(".data-"+t)).length;n level",n,"over",a),1===n&&t.length>a?e+"="+t+"*&groupBy=substr("+e+","+(n+a+1)+")":null}},S={dateTitle:["_utime","_startTime","_updateTime"],sfaTitle:["_2fDevices"]},o={home:[]},angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]).controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(k,t,e,n,i){var p,a,r,d;return k.links=links,k.menulinks=menulinks,k.staticPrefix=staticPrefix,k.scriptname=scriptname,k.formPrefix=formPrefix,k.availableLanguages=availableLanguages,k.waiting=!0,k.showM=!1,k.showT=!0,k.data=[],k.currentScope=null,k.currentSession=null,k.menu=o,k.searchString="",k.U2FCheck="1",k.TOTPCheck="1",k.UBKCheck="1",k.translateP=t.translateP,k.translate=t.translate,k.translateTitle=function(e){return t.translateField(e,"title")},d="persistent",k.menuClick=function(e){if(e.popup)window.open(e.popup);else switch(e.action||(e.action=e.title),typeof e.action){case"function":e.action(k.currentNode,k),k[e.action]();break;case"string":k[e.action]();break;default:console.log(typeof e.action)}return k.showM=!1},k.search2FA=function(e){return e&&(k.searchString=""),k.currentSession=null,k.data=[],k.updateTree2("",k.data,0,0)},k.delete2FA=function(e,t){var n,a,r;for(n=0,r=(a=document.querySelectorAll(".data-"+t)).length;n Date: Thu, 12 Nov 2020 19:52:48 +0100 Subject: [PATCH 2/3] Update langs & test conf (#2381) --- doc/sources/admin/configvhost.rst | 26 +++++++++++++++++++ e2e-tests/lmConf-1.json | 10 +++++++ .../site/htdocs/static/languages/ar.json | 1 + .../site/htdocs/static/languages/de.json | 1 + .../site/htdocs/static/languages/en.json | 1 + .../site/htdocs/static/languages/fr.json | 1 + .../site/htdocs/static/languages/it.json | 1 + .../site/htdocs/static/languages/pl.json | 1 + .../site/htdocs/static/languages/tr.json | 1 + .../site/htdocs/static/languages/vi.json | 1 + .../site/htdocs/static/languages/zh.json | 1 + 11 files changed, 45 insertions(+) diff --git a/doc/sources/admin/configvhost.rst b/doc/sources/admin/configvhost.rst index 6db92de1c6..4ffdb283e6 100644 --- a/doc/sources/admin/configvhost.rst +++ b/doc/sources/admin/configvhost.rst @@ -503,6 +503,9 @@ Some options are available: - Maintenance mode: reject all requests with a maintenance message - Aliases: list of aliases for this virtual host *(avoid to rewrite rules,...)* +- Access to trace: can be used for overwriting REMOTE_CUSTOM with a custom function. + Provide a comma separated list with custom function path and args. + By example: My::accessToTrace, 'Dr Who', 'dwho@badwolf.org' - Type: handler type (normal, :doc:`ServiceToken Handler`, :doc:`DevOps Handler`,...) @@ -515,6 +518,29 @@ Some options are available: seconds. This TTL can be customized for each virtual host. +.. attention:: + + A hash reference containing $req, $session, $vhost, $custom and an array reference + with provided parameters is passed to accessToTrace custom function. + + :: + + package My; + + sub accessToTrace { + my $hash = shift; + my $custom = $hash->{custom}; + my $req = $hash->{req}; + my $vhost = $hash->{vhost}; + my $custom = hash->{custom}; + + return + "$custom alias $hash->{params}->[0]#$hash->{params}->[1]:$hash->{session}->{groups}"; + } + + 1; + + .. danger:: A same virtual host can serve many locations. Each diff --git a/e2e-tests/lmConf-1.json b/e2e-tests/lmConf-1.json index 51f89b8f35..cc40fcc936 100644 --- a/e2e-tests/lmConf-1.json +++ b/e2e-tests/lmConf-1.json @@ -164,6 +164,16 @@ "default": "accept" } }, + "vhostOptions":{ + "manager.example.com": { + "vhostMaintenance": 0, + "vhostPort": -1, + "vhostHttps": -1, + "vhostAliases": "", + "vhostServiceTokenTTL": -1, + "vhostAccessToTrace": "My::accessToTrace, Doctor, Who","vhostType":"Main" + } + }, "loginHistoryEnabled": 1, "macros": { "UA" : "$ENV{HTTP_USER_AGENT}", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 7dd45394ea..480168079d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Verify U2F key", "verifyTOTPKey":"Verify TOTP key", "version":"الإصدار", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"اسماء مستعارة", "vhostAuthnLevel":"مستوى إثبات الهوية واجب", "vhostHttps":"إتش تي تي بي س", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index 159db8aed1..6fa11feb64 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Verify U2F key", "verifyTOTPKey":"Verify TOTP key", "version":"Version", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"Aliases", "vhostAuthnLevel":"Required authentication level", "vhostHttps":"HTTPS", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index 65c0a51606..2fd12af6d7 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Verify U2F key", "verifyTOTPKey":"Verify TOTP key", "version":"Version", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"Aliases", "vhostAuthnLevel":"Required authentication level", "vhostHttps":"HTTPS", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index 4caf6dbe6e..1948e596b7 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Vérifier la clef U2F", "verifyTOTPKey":"Vérifier la clef TOTP", "version":"Version", +"vhostAccessToTrace":"Accès à tracer", "vhostAliases":"Alias", "vhostAuthnLevel":"Niveau d'authentification requis", "vhostHttps":"HTTPS", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index 86b7c1c7af..963fe96100 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Verifica la chiave U2F", "verifyTOTPKey":"Verifica la chiave TOTP", "version":"Versioni", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"Alias", "vhostAuthnLevel":"Livello di autenticazione richiesto", "vhostHttps":"HTTPS", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index 2a23f2a025..3aede669b6 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Sprawdź klucz U2F", "verifyTOTPKey":"Sprawdź klucz TOTP", "version":"Wersja", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"Aliasy", "vhostAuthnLevel":"Wymagany poziom uwierzytelnienia", "vhostHttps":"HTTPS", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index ecb131aea6..c2a9992f06 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"U2F anahtarını doğrula", "verifyTOTPKey":"TOTP anahtarını doğrula", "version":"Sürüm", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"Takma adlar", "vhostAuthnLevel":"Gereken doğrulama seviyesi", "vhostHttps":"HTTPS", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index 16389f323f..f49f42797e 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Verify U2F key", "verifyTOTPKey":"Verify TOTP key", "version":"Phiên bản", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"Bí danh", "vhostAuthnLevel":"Mức xác thực bắt buộc", "vhostHttps":"HTTPS", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index 434b2ccb19..435f4f4ace 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -1001,6 +1001,7 @@ "verifyU2FKey":"Verify U2F key", "verifyTOTPKey":"Verify TOTP key", "version":"Version", +"vhostAccessToTrace":"Access to trace", "vhostAliases":"Aliases", "vhostAuthnLevel":"Required authentication level", "vhostHttps":"HTTPS", -- GitLab From ea66a7529e2543b8d3410e613222bfbdb179297a Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 13 Nov 2020 23:05:33 +0100 Subject: [PATCH 3/3] AD & LDAP modify password --- .../lib/Lemonldap/NG/Portal/Password/AD.pm | 18 ++++++------------ .../lib/Lemonldap/NG/Portal/Password/Base.pm | 13 ++++++++++++- .../lib/Lemonldap/NG/Portal/Password/LDAP.pm | 16 +++++----------- .../NG/Portal/Plugins/MailPasswordReset.pm | 5 ----- 4 files changed, 23 insertions(+), 29 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm index de15c54ed5..b4f9595483 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm @@ -29,25 +29,19 @@ sub confirm { } sub modifyPassword { - my ( $self, $req, $pwd ) = @_; + my ( $self, $req, $pwd, $useMail ) = @_; my $dn = $req->data->{dn} || $req->sessionInfo->{_dn}; unless ($dn) { - $self->logger->error('"dn" is not set, aborting password modification'); + $self->logger->error('"dn" is not set, abort password modification'); return PE_ERROR; } - my $rule = $self->p->HANDLER->buildSub( - $self->p->HANDLER->substitute( - $self->conf->{portalRequireOldPassword} - ) - ); - unless ($rule) { - my $error = $self->p->HANDLER->tsv->{jail}->error || '???'; - } + my $requireOldPassword = ( $req->userData - ? $rule->( $req, $req->userData ) - : $rule->( $req, $req->sessionInfo ) + ? $self->requireOldPwdRule->( $req, $req->userData ) + : $self->requireOldPwdRule->( $req, $req->sessionInfo ) ); + $requireOldPassword = 0 if $useMail; # Ensure connection is valid $self->bind; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm index 3ab1c76c78..2c9b0b94f8 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm @@ -21,8 +21,19 @@ our $VERSION = '2.0.10'; # INITIALIZATION +has requireOldPwdRule => ( is => 'rw', default => sub { 0 } ); + sub init { - $_[0]->p->{_passwordDB} = $_[0]; + my ($self) = shift; + $self->requireOldPwdRule( + $self->p->buildRule( + $self->conf->{portalRequireOldPassword}, + 'portalRequireOldPassword' + ) + ); + return 0 unless $self->requireOldPwdRule; + + $self->p->{_passwordDB} = $self; } # INTERFACE diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm index 56b3e31ba9..f8bee8aa0e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm @@ -29,31 +29,25 @@ sub confirm { } sub modifyPassword { - my ( $self, $req, $pwd ) = @_; + my ( $self, $req, $pwd, $useMail ) = @_; my $dn; my $requireOldPassword; - my $rule = $self->p->HANDLER->buildSub( - $self->p->HANDLER->substitute( - $self->conf->{portalRequireOldPassword} - ) - ); - unless ($rule) { - my $error = $self->p->HANDLER->tsv->{jail}->error || '???'; - } + if ( $req->data->{dn} ) { $dn = $req->data->{dn}; - $requireOldPassword = $rule->( $req, $req->userData ); + $requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData ); $self->logger->debug("Get DN from request data: $dn"); } else { $dn = $req->sessionInfo->{_dn}; - $requireOldPassword = $rule->( $req, $req->sessionInfo ); + $requireOldPassword = $self->requireOldPwdRule->( $req, $req->sessionInfo ); $self->logger->debug("Get DN from session data: $dn"); } unless ($dn) { $self->logger->error('"dn" is not set, aborting password modification'); return PE_ERROR; } + $requireOldPassword = 0 if $useMail; # Ensure connection is valid $self->bind; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm index e581ddbdb5..63af6aa1a1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm @@ -473,16 +473,11 @@ sub changePwd { return $cpq; } - # Modify the password TODO: change this - # Populate $req->{user} for logging purpose - my $tmp = $self->conf->{portalRequireOldPassword}; - $self->conf->{portalRequireOldPassword} = 0; $req->user( $req->{sessionInfo}->{_user} ); my $result = $self->p->_passwordDB->modifyPassword( $req, $req->data->{newpassword}, 1 ); $req->{user} = undef; - $self->conf->{portalRequireOldPassword} = $tmp; # Mail token can be used only one time, delete the session if all is ok unless ( $result == PE_PASSWORD_OK or $result == PE_OK ) { -- GitLab