Commit 655fd9e5 authored by Yadd's avatar Yadd
Browse files

* perltidy

* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()
parent bf488752
......@@ -20,10 +20,6 @@ use base qw(Lemonldap::NG::Portal::_WebForm);
# Load Net::LDAP::Control::PasswordPolicy if needed
# @return Lemonldap::NG::Portal constant
sub authInit {
my $self = shift;
if ( $self->{ldapPpolicyControl} and not $self->ldap->loadPP()) {
return PE_LDAPERROR;
}
PE_OK;
}
......
......@@ -6,22 +6,22 @@ our $VERSION = '0.1';
sub authInit {
my $self = shift;
return $self->_multi->try('authInit',0);
return $self->_multi->try( 'authInit', 0 );
}
sub extractFormInfo {
my $self = shift;
return $self->_multi->try('extractFormInfo',0);
return $self->_multi->try( 'extractFormInfo', 0 );
}
sub setAuthSessionInfo {
my $self = shift;
return $self->_multi->try('setAuthSessionInfo',0);
return $self->_multi->try( 'setAuthSessionInfo', 0 );
}
sub authenticate {
my $self = shift;
return $self->_multi->try('authenticate',0);
return $self->_multi->try( 'authenticate', 0 );
}
1;
......
......@@ -45,7 +45,8 @@ sub extractFormInfo {
return PE_OK;
}
elsif ( $self->{SSLRequire} ) {
$self->_sub('userError',"No certificate found for $ENV{REMOTE_ADDR}");
$self->_sub( 'userError',
"No certificate found for $ENV{REMOTE_ADDR}" );
return PE_CERTIFICATEREQUIRED;
}
$self->{AuthLDAPFilter} = '';
......
......@@ -11,9 +11,9 @@ require Lemonldap::NG::Common::CGI;
use Lemonldap::NG::Portal::SharedConf;
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap Object used to change passwords only
use XML::LibXML;
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
use Safe;
use Lemonldap::NG::Portal::PasswordDBLDAP; #inherits
use Lemonldap::NG::Portal::PasswordDBLDAP; #inherits
#inherits Net::LDAP::Control::PasswordPolicy
......@@ -217,7 +217,7 @@ sub appslistDescription {
# @return XML root element object
sub _getXML {
my $self = shift;
return $self->{_xml} if($self->{_xml});
return $self->{_xml} if ( $self->{_xml} );
# Parse XML file
my $parser = XML::LibXML->new();
......@@ -300,9 +300,10 @@ sub _displayApplication {
|| "" );
# Display application
$html .= "<li title=\"$appid\" class=\"appname\"><span>"
. ($appuri ? "<a href=\"$appuri\">$appname</a>" : "<a>$appname</a>")
. "</span>\n";
$html .=
"<li title=\"$appid\" class=\"appname\"><span>"
. ( $appuri ? "<a href=\"$appuri\">$appname</a>" : "<a>$appname</a>" )
. "</span>\n";
my @appnodes = $app->findnodes("application");
if (@appnodes) {
$html .= "<ul>";
......@@ -355,9 +356,9 @@ sub _displayDescription {
# @param $root XML root element
# @return XML_string
sub _filterXML {
my $self = shift;
my $self = shift;
my ($root) = @_;
my @cat = $root->getElementsByTagName('category');
my @cat = $root->getElementsByTagName('category');
foreach my $cat (@cat) {
$self->_filterApp($cat);
}
......@@ -369,11 +370,11 @@ sub _filterXML {
}
sub _filterApp {
my($self,$node)=@_;
my ( $self, $node ) = @_;
my @apps = $node->getChildrenByTagName('application');
my $tag = 0;
foreach(@apps) {
my $stag = $self->_filterApp($_);
my $tag = 0;
foreach (@apps) {
my $stag = $self->_filterApp($_);
my $appdisplay = $_->getChildrenByTagName('display')->string_value();
my $appuri =
$self->_userParam( $_->getChildrenByTagName('uri')->string_value() );
......@@ -389,8 +390,8 @@ sub _filterApp {
# Check grant function if display is "auto" (this is the default)
unless ( $self->_grant($appuri) ) {
if($stag) {
eval {$_->getChildrenByTagName('uri')->unbindNode() };
if ($stag) {
eval { $_->getChildrenByTagName('uri')->unbindNode() };
$tag++;
}
else {
......
......@@ -14,14 +14,10 @@ our $VERSION = '0.2';
*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
*_search = *Lemonldap::NG::Portal::UserDBLDAP::search;
## @apmethod int apasswordDBInit()
## @apmethod int passwordDBInit()
# Load Net::LDAP::Control::PasswordPolicy if needed
# @return Lemonldap::NG::Portal constant
sub passwordDBInit {
my $self = shift;
if ( $self->{ldapPpolicyControl} and not $self->ldap->loadPP()) {
return PE_LDAPERROR;
}
PE_OK;
}
......@@ -44,10 +40,13 @@ sub modifyPassword {
return $tmp if ($tmp);
}
$self->lmLog("Modify password request for ".$self->{dn},'debug');
$self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );
# Call the modify password method
return $self->ldap->userModifyPassword( $self->{dn}, $self->{newpassword}, $self->{confirmpassword}, $self->{oldpassword} );
return $self->ldap->userModifyPassword(
$self->{dn}, $self->{newpassword},
$self->{confirmpassword}, $self->{oldpassword}
);
PE_OK;
}
......@@ -70,65 +69,70 @@ sub resetPasswordByMail {
return $tmp if ($tmp);
}
$self->lmLog("Reset password request for ".$self->{dn},'debug');
$self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );
# Check the required modules before changing password
eval {require String::Random};
eval { require String::Random };
if ($@) {
$self->lmLog("Module String::Random not found in @INC",'error' );
$self->lmLog( "Module String::Random not found in @INC", 'error' );
return PE_ERROR;
}
eval {require MIME::Lite};
eval { require MIME::Lite };
if ($@) {
$self->lmLog("Module MIME::Lite not found in @INC",'error' );
$self->lmLog( "Module MIME::Lite not found in @INC", 'error' );
return PE_ERROR;
}
# Generate a complex password
my $random = new String::Random;
my $password = $random->randregex( $self->{randomPasswordRegexp} );
my $random = new String::Random;
my $password = $random->randregex( $self->{randomPasswordRegexp} );
$self->lmLog("Generated password: ".$password,'debug');
$self->lmLog( "Generated password: " . $password, 'debug' );
# Call the modify password method
my $pe_error = $self->ldap->userModifyPassword( $self->{dn}, $password, $password );
my $pe_error =
$self->ldap->userModifyPassword( $self->{dn}, $password, $password );
return $pe_error unless ($pe_error == PE_PASSWORD_OK);
return $pe_error unless ( $pe_error == PE_PASSWORD_OK );
# If Password Policy, set the PwdReset flag
if ( $self->{ldapPpolicyControl} ) {
my $result = $self->ldap->modify( $self->{dn}, replace => { 'pwdReset' => 'TRUE' } );
my $result =
$self->ldap->modify( $self->{dn},
replace => { 'pwdReset' => 'TRUE' } );
unless ( $result->code == 0) {
$self->lmLog("LDAP modify pwdReset error: ".$result->code,'error');
unless ( $result->code == 0 ) {
$self->lmLog( "LDAP modify pwdReset error: " . $result->code,
'error' );
return PE_LDAPERROR;
}
$self->lmLog("pwdReset set to TRUE",'debug');
$self->lmLog( "pwdReset set to TRUE", 'debug' );
}
# Send new password by mail
$self->{mailBody} =~ s/\$password/$password/g;
$self->{mailBody} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
$self->lmLog("SMTP From ".$self->{mailFrom},'debug');
$self->lmLog("SMTP To ".$self->{mail},'debug');
$self->lmLog("SMTP Subject ".$self->{mailSubject},'debug');
$self->lmLog("SMTP Body ".$self->{mailBody},'debug');
$self->lmLog( "SMTP From " . $self->{mailFrom}, 'debug' );
$self->lmLog( "SMTP To " . $self->{mail}, 'debug' );
$self->lmLog( "SMTP Subject " . $self->{mailSubject}, 'debug' );
$self->lmLog( "SMTP Body " . $self->{mailBody}, 'debug' );
eval {
my $message = MIME::Lite->new(
From => $self->{mailFrom},
To => $self->{mail},
From => $self->{mailFrom},
To => $self->{mail},
Subject => $self->{mailSubject},
Type => "TEXT",
Data => $self->{mailBody},
Type => "TEXT",
Data => $self->{mailBody},
);
$self->{SMTPServer} ? $message->send("smtp",$self->{SMTPServer}) : $message->send();
$self->{SMTPServer}
? $message->send( "smtp", $self->{SMTPServer} )
: $message->send();
};
if ($@) {
$self->lmLog("Send message failed: $@",'error');
$self->lmLog( "Send message failed: $@", 'error' );
return PE_ERROR;
}
}
PE_PASSWORD_OK;
}
......
......@@ -505,7 +505,7 @@ sub _deleteSession {
my ( $self, $h ) = @_;
if ( my $id2 = $h->{_httpSession} ) {
my $h2 = $self->getApacheSession($id2);
eval {tied(%$h2)->delete()};
eval { tied(%$h2)->delete() };
$self->lmLog( $@, 'error' ) if ($@);
# Delete cookie
......@@ -521,7 +521,7 @@ sub _deleteSession {
);
}
my $r;
eval {$r = tied(%$h)->delete()};
eval { $r = tied(%$h)->delete() };
$self->lmLog( $@, 'error' ) if ($@);
# Delete cookie
......
......@@ -6,22 +6,22 @@ our $VERSION = '0.1';
sub userDBInit {
my $self = shift;
return $self->_multi->try('userDBInit',1);
return $self->_multi->try( 'userDBInit', 1 );
}
sub getUser {
my $self = shift;
return $self->_multi->try('getUser',1);
return $self->_multi->try( 'getUser', 1 );
}
sub setSessionInfo {
my $self = shift;
return $self->_multi->try('setSessionInfo',1);
return $self->_multi->try( 'setSessionInfo', 1 );
}
sub setGroups {
my $self = shift;
return $self->_multi->try('setGroups',1);
return $self->_multi->try( 'setGroups', 1 );
}
1;
......
......@@ -41,9 +41,9 @@ sub new {
}
$self = Net::LDAP->new(
\@servers,
onerror => undef,
onerror => undef,
( $portal->{ldapPort} ? ( port => $portal->{ldapPort} ) : () ),
);
);
unless ($self) {
$portal->lmLog( $@, 'error' );
return 0;
......@@ -98,7 +98,7 @@ sub loadPP {
return 1 if ($ppLoaded);
# require Perl module
eval {require Net::LDAP::Control::PasswordPolicy};
eval { require Net::LDAP::Control::PasswordPolicy };
if ($@) {
$self->{portal}->lmLog(
"Module Net::LDAP::Control::PasswordPolicy not found in @INC",
......@@ -121,10 +121,7 @@ sub userBind {
my $pp = Net::LDAP::Control::PasswordPolicy->new();
# Bind with user credentials
my $mesg = $self->bind(
@_,
control => [$pp]
);
my $mesg = $self->bind( @_, control => [$pp] );
# Get server control response
my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
......@@ -137,7 +134,8 @@ sub userBind {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->_sub( 'userError', "Password policy error $pp_error for $self->{portal}->{user}" );
$self->{portal}->_sub( 'userError',
"Password policy error $pp_error for $self->{portal}->{user}" );
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
......@@ -148,20 +146,21 @@ sub userBind {
PE_PP_PASSWORD_TOO_SHORT,
PE_PP_PASSWORD_TOO_YOUNG,
PE_PP_PASSWORD_IN_HISTORY,
]->[$pp_error];
]->[$pp_error]
or PE_ERROR;
}
elsif ( $mesg->code == 0 ) {
return PE_OK;
}
}
else {
my $mesg =
$self->bind( @_ );
my $mesg = $self->bind(@_);
if ( $mesg->code == 0 ) {
return PE_OK;
}
}
$self->{portal}->_sub( 'userError', "Bad password for $self->{portal}->{user}" );
$self->{portal}
->_sub( 'userError', "Bad password for $self->{portal}->{user}" );
return PE_BADCREDENTIALS;
}
......@@ -183,68 +182,94 @@ sub userModifyPassword {
# First case: no ppolicy
if ( !$self->{portal}->{ldapPpolicyControl} ) {
if ( $self->{portal}->{ldapSetPassword} ) {
if ( $self->{portal}->{ldapSetPassword} ) {
# Use SetPassword extended operation
use Net::LDAP::Extension::SetPassword;
$mesg = ( $oldpassword )
? $self->set_password( user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword )
: $self->set_password( user => $dn,
newpassword => $newpassword );
$mesg =
($oldpassword)
? $self->set_password(
user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword
)
: $self->set_password(
user => $dn,
newpassword => $newpassword
);
# Catch the "Unwilling to perform" error
return PE_BADOLDPASSWORD if ( $mesg->code == 53 );
} else {
if ( $oldpassword ) {
}
else {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind ($dn, password => $oldpassword);
$mesg = $self->bind( $dn, password => $oldpassword );
return PE_BADOLDPASSWORD if ( $mesg->code != 0 );
# Rebind as Manager
$self->bind();
}
# Use standard modification
$mesg = $self->modify( $dn,
replace => { userPassword => $newpassword } );
$mesg =
$self->modify( $dn, replace => { userPassword => $newpassword } );
}
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
return PE_LDAPERROR unless ( $mesg->code == 0 );
$self->{portal}->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
$self->{portal}
->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
return PE_PASSWORD_OK;
}
else {
# Create Control object
my $pp = Net::LDAP::Control::PasswordPolicy->new;
if ( $self->{portal}->{ldapSetPassword} ) {
if ( $self->{portal}->{ldapSetPassword} ) {
# Use SetPassword extended operation
# Warning: need a patch on Perl-LDAP
# See http://groups.google.com/group/perl.ldap/browse_thread/thread/5703a41ccb17b221/377a68f872cc2bb4?lnk=gst&q=setpassword#377a68f872cc2bb4
use Net::LDAP::Extension::SetPassword;
$mesg = ( $oldpassword )
? $self->set_password( user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword,
control => [$pp] )
: $self->set_password( user => $dn,
newpassword => $newpassword,
control => [$pp] );
$mesg =
($oldpassword)
? $self->set_password(
user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword,
control => [$pp]
)
: $self->set_password(
user => $dn,
newpassword => $newpassword,
control => [$pp]
);
# Catch the "Unwilling to perform" error
return PE_BADOLDPASSWORD if ( $mesg->code == 53 );
} else {
if ( $oldpassword ) {
}
else {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind($dn, password => $oldpassword);
$mesg = $self->bind( $dn, password => $oldpassword );
return PE_BADOLDPASSWORD if ( $mesg->code != 0 );
# Rebind as Manager
$self->bind();
}
# Use standard modification
$mesg = $self->modify( $dn,
replace => { userPassword => $newpassword },
control => [$pp] );
$mesg = $self->modify(
$dn,
replace => { userPassword => $newpassword },
control => [$pp]
);
}
# Get server control response
......@@ -253,14 +278,17 @@ sub userModifyPassword {
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
if ( $mesg->code == 0 ) {
$self->{portal}->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
$self->{portal}->_sub( 'userNotice',
"Password changed $self->{portal}->{user}" );
return PE_PASSWORD_OK;
}
if ( defined $resp ) {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->_sub( 'userError', "Password policy error $pp_error for $self->{portal}->{user}" );
$self->{portal}->_sub( 'userError',
"Password policy error $pp_error for $self->{portal}->{user}"
);
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
......@@ -288,8 +316,17 @@ sub ldap {
if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)
and my $mesg = $self->{ldap}->bind )
{
return $self->{ldap} if ( $mesg->code == 0 );
$self->lmLog( "LDAP error: " . $mesg->error, 'error' );
if ( $mesg->code != 0 ) {
$self->lmLog( "LDAP error: " . $mesg->error, 'error' );
}
else {
if ( $self->{ldapPpolicyControl} and not $self->{ldap}->loadPP() ) {
$self->lmLog("LDAP password policy error");
}
else {
return $self->{ldap};
}
}
}
else {
$self->lmLog( "LDAP error: $@", 'error' );
......
......@@ -20,15 +20,16 @@ sub startSoapServices {
$self->{CustomSOAPServices} ||= {};
# TODO: insert here the SAML SOAP functions
$self->{CustomSOAPServices}->{'/SAMLAuthority'} = '' if($self->{SAMLIssuer});
$self->{CustomSOAPServices}->{'/SAMLAuthority'} = ''
if ( $self->{SAMLIssuer} );
if (
$ENV{PATH_INFO}
and my $tmp = {
%{$self->{CustomSOAPServices}},
%{ $self->{CustomSOAPServices} },
'/sessions' => 'getAttributes',
'/adminSessions' => 'getAttributes setAttributes '
. 'newSession deleteSession get_key_from_all_sessions',
'/config' => 'getConfig lastCfg'
'/config' => 'getConfig lastCfg'
}->{ $ENV{PATH_INFO} }
)
{
......
......@@ -27,15 +27,15 @@ sub extractFormInfo {
return PE_FORMEMPTY
unless (
(
(
length( $self->{'user'} = $self->param('user') ) > 0
)
( length( $self->{'user'} = $self->param('user') ) > 0 )
&& (
(
length( $self->{'password'} = $self->param('password') ) > 0
)
|| (
length($self->{'newpassword'} = $self->param('newpassword') ) > 0
length(
$self->{'newpassword'} = $self->param('newpassword')
) > 0
)
)
)
......@@ -43,7 +43,7 @@ sub extractFormInfo {
);
$self->{'oldpassword'} = $self->param('oldpassword');
$self->{'confirmpassword'} = $self->param('confirmpassword');
$self->{'timezone'} = $self->param('timezone');
$self->{'timezone'} = $self->param('timezone');
PE_OK;
}