feat: able to deal with password changes now

2023-05-26 00:45:07 +01:00 · 2023-05-26 00:45:07 +01:00 · 1b5563301f
commit 1b5563301f
parent b1b533226a
1 changed files with 17 additions and 8 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -107,24 +107,33 @@ async fn post_update_ldap(mut req: Request<State>) -> tide::Result {
    ldap.simple_bind(&dn, &pass)?.success()?;

    // always assume insecure
-    let mut secure = false;
+    let mut pw_keep_same = false;

    // get the users current password hash
    let (rs, _res) = ldap.search(&dn,Scope::Base,"(objectClass=*)",vec!["userPassword"])?.success()?;
    if !rs.is_empty() {
        let tmp = SearchEntry::construct(rs[0].clone());
        if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SHA512}") {
-            secure = true;
+            pw_keep_same = true;
        }
    }
-    let mut mods = vec![
-        Mod::Replace(field,  HashSet::from([value]))
-    ];
-
-    if !secure {
+    
+    let mut mods = vec![];
+    
+    // check if the password field itself is being updated
+    let pass_new = if &field != "userPassword" {
+        mods.push(Mod::Replace(field,  HashSet::from([value])));
+        // retain the older password
+        pass
+    } else {
+        pw_keep_same = false;
+        value
+    };
+    
+    if !pw_keep_same {
        let mut hasher = Sha512::new();

-        hasher.input_str(&pass);
+        hasher.input_str(&pass_new);

        // get it as hex string
        let hex = hasher.result_str();