ldap_password_change_10084.diff

Kevin Wood, 2012-08-04 00:10

Download (6.33 KB)

View differences:

app/helpers/auth_sources_helper.rb (working copy)
21 21
  def auth_source_partial_name(auth_source)
22 22
    "form_#{auth_source.class.name.underscore}"
23 23
  end
24
  
25
  module Encryption
26
    # Return an array of password encryptions
27
    def self.encryptiontypes
28
      ["MD5","SSHA","CLEAR"]
29
    end
30
  end
24 31
end
app/models/auth_source_ldap.rb (working copy)
18 18
require 'iconv'
19 19
require 'net/ldap'
20 20
require 'net/ldap/dn'
21
require 'digest'
22
require 'base64'
21 23

  
22 24
class AuthSourceLdap < AuthSource
23 25
  validates_presence_of :host, :port, :attr_login
......
66 68
    "LDAP"
67 69
  end
68 70

  
71
  def allow_password_changes?
72
    return self.enabled_passwd
73
  end
74
  
75
  def encode_password(clear_password)
76
    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
77
    salt = ''
78
    10.times { |i| salt << chars[rand(chars.size-1)] }
79
    
80
    if self.password_encryption == "MD5"
81
      logger.debug "Encode as md5"
82
      return "{MD5}"+Base64.encode64(Digest::MD5.digest(clear_password)).chomp!
83
    end
84
    if self.password_encryption == "SSHA"
85
       logger.debug "Encode as ssha"
86
      return "{SSHA}"+Base64.encode64(Digest::SHA1.digest(clear_password+salt)+salt).chomp!
87
    end
88
    
89
    if self.password_encryption == "CLEAR"
90
       logger.debug "Encode as cleartype"
91
      return clear_password
92
    end
93
  end
94

  
95
  # change password
96
  def change_password(login,password,newPassword)
97
    begin
98
      attrs = get_user_dn(login, password)
99
      if attrs
100
        if self.account.blank? || self.account_password.blank?
101
          logger.debug "Binding with user account"
102
          ldap_con = initialize_ldap_con(attrs[:dn], password)
103
        else
104
          logger.debug "Binding with administrator account"
105
          ldap_con = initialize_ldap_con(self.account, self.account_password)
106
        end
107

  
108
	ops = [
109
		[:delete, :userPassword, password],
110
		[:add, :userPassword, newPassword]
111
	]
112
	return ldap_con.modify :dn => attrs[:dn], :operations => ops
113
	# This is another password change method, probably more common
114
        #return ldap_con.replace_attribute attrs[:dn], :userPassword, encode_password(newPassword)
115
      end
116
    rescue
117
      return false
118
    end
119
    return false
120
  end
121
   
69 122
  private
70 123

  
71 124
  def ldap_filter
app/models/user.rb (working copy)
594 594
    end
595 595
  end
596 596

  
597
  def isExternal?
598
    return auth_source_id.present?
599
  end
600
  
601
  def changeExternalPassword(password,newPassword,newPasswordConfirm)
602
    return false if newPassword == "" || newPassword.length < 4
603
    return false if newPassword != newPasswordConfirm
604
    if (self.isExternal?)
605
      return self.auth_source.change_password(self.login,password,newPassword)
606
    end
607
    return false
608
  end
609
 
597 610
  protected
598 611

  
599 612
  def validate_password_length
app/controllers/my_controller.rb (working copy)
93 93
    end
94 94
    if request.post?
95 95
      if @user.check_password?(params[:password])
96
        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
97
        if @user.save
98
          flash[:notice] = l(:notice_account_password_updated)
99
          redirect_to :action => 'account'
96
        if @user.isExternal?
97
          if @user.changeExternalPassword(params[:password],params[:new_password], params[:new_password_confirmation])
98
            flash[:notice] = l(:notice_account_password_updated)
99
            redirect_to :action => 'account'
100
          else
101
            flash[:error] = l(:notice_external_password_error)
102
          end
103
        else
104
          @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
105
          if @user.save
106
            flash[:notice] = l(:notice_account_password_updated)
107
            redirect_to :action => 'account'
108
          end
100 109
        end
101 110
      else
102 111
        flash[:error] = l(:notice_account_wrong_password)
app/views/auth_sources/_form_auth_source_ldap.html.erb (working copy)
28 28

  
29 29
<p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
30 30
<%= check_box 'auth_source', 'onthefly_register' %></p>
31

  
32
<p><label for="auth_source_enabled_passwd"><%=l(:field_enabled_passwd)%></label>
33
<%= check_box 'auth_source', 'enabled_passwd' %></p>
31 34
</div>
32 35

  
33 36
<fieldset class="box"><legend><%=l(:label_attribute_plural)%></legend>
......
42 45

  
43 46
<p><label for="auth_source_attr_mail"><%=l(:field_mail)%></label>
44 47
<%= text_field 'auth_source', 'attr_mail', :size => 20  %></p>
48

  
49
<p><label for="auth_source_password_encryption"><%=l(:field_password_encryption)%></label>
50
<%= select 'auth_source', 'password_encryption', AuthSourcesHelper::Encryption.encryptiontypes %>
51
</p>
45 52
</fieldset>
46 53
<!--[eoform:auth_source]-->
47 54

  
config/locales/en.yml (working copy)
140 140
  general_pdf_encoding: UTF-8
141 141
  general_first_day_of_week: '7'
142 142

  
143
  notice_external_password_error: Error changing external password. 
143 144
  notice_account_updated: Account was successfully updated.
144 145
  notice_account_invalid_creditentials: Invalid user or password
145 146
  notice_account_password_updated: Password was successfully updated.
......
275 276
  field_attr_lastname: Lastname attribute
276 277
  field_attr_mail: Email attribute
277 278
  field_onthefly: On-the-fly user creation
279
  field_password_encryption: Encryption
280
  field_enabled_passwd: Enabled password changing
278 281
  field_start_date: Start date
279 282
  field_done_ratio: "% Done"
280 283
  field_auth_source: Authentication mode