Commit 3069887a authored by Xavier Guimard's avatar Xavier Guimard

Call PasswordDB::LDAP if unauth user requests changing password (#1639)

parent 562526dd
......@@ -2,8 +2,14 @@ package Lemonldap::NG::Portal::Auth::LDAP;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw(PE_OK PE_LDAPCONNECTFAILED PE_PP_CHANGE_AFTER_RESET PE_PP_PASSWORD_EXPIRED);
use Lemonldap::NG::Portal::Main::Constants qw(
PE_OK
PE_DONE
PE_ERROR
PE_LDAPCONNECTFAILED
PE_PP_CHANGE_AFTER_RESET
PE_PP_PASSWORD_EXPIRED
);
our $VERSION = '2.0.2';
......@@ -41,6 +47,17 @@ sub authenticate {
}
}
unless ( $req->data->{password} ) {
$self->p->{user} = $req->userData->{_dn} = $req->data->{dn};
unless($self->p->{_passwordDB}) {
$self->logger->error('No password database configured, aborting');
return PE_ERROR;
}
my $res = $self->p->{_passwordDB}->_modifyPassword( $req, 1 );
# Security: never create session here
return $res || PE_DONE;
}
my $res =
$self->userBind( $req, $req->data->{dn},
password => $req->data->{password} );
......
......@@ -28,7 +28,7 @@ sub forAuthUser { '_modifyPassword' }
# RUNNING METHODS
sub _modifyPassword {
my ( $self, $req ) = @_;
my ( $self, $req, $requireOldPwd ) = @_;
# Exit if no password change requested
return PE_OK
......@@ -39,7 +39,7 @@ sub _modifyPassword {
unless ( $req->data->{newpassword} eq $req->param('confirmpassword') );
# Check if portal require old password
if ( $self->conf->{portalRequireOldPassword} ) {
if ( $self->conf->{portalRequireOldPassword} or $requireOldPwd ) {
# TODO: verify oldpassword
unless ( $req->data->{oldpassword} = $req->param('oldpassword') ) {
......
......@@ -70,36 +70,11 @@ SKIP: {
),
'Post new password'
);
#$match = 'trmsg="'
# . &Lemonldap::NG::Portal::Main::Constants::PE_PP_PASSWORD_TOO_SHORT . '"';
#ok( $res->[2]->[0] =~ /$match/, 'Password is too short' ) or skip('Stop here');
#count(1);
##open F, '>../e2e-tests/conf/portal/result.html' or die $!;
##print F $res->[2]->[0];
##close F;
#( $host, $url, $query ) =
# expectForm( $res, '#', undef, 'user', 'oldpassword', 'newpassword',
# 'confirmpassword' );
#ok( $query =~ /user=reset/, 'User is reset' )
# or explain( $query, 'user=reset' );
#count(1);
#$query =~ s/(oldpassword)=/$1=reset/g;
#$query =~ s/((?:confirm|new)password)=/$1=newpassword/g;
#ok(
# $res = $client->_post(
# '/', IO::String->new($query),
# length => length($query),
# accept => 'text/html',
# ),
# 'Post new password'
#);
#count(1);
my $match = 'trmsg="'
. &Lemonldap::NG::Portal::Main::Constants::PE_PASSWORD_OK . '"';
ok( $res->[2]->[0] =~ /$match/, 'Password is expired' );
count(1);
##print STDERR Dumper($res);
my $id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
$client->logout($id);
ok(
$res = $client->_post(
'/', IO::String->new('user=reset&password=newp'),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment