From 1b5563301fddd38c2b2a4bb87dde0d590354223b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 26 May 2023 00:45:07 +0100 Subject: [PATCH] feat: able to deal with password changes now --- src/main.rs | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/main.rs b/src/main.rs index 175827d..480fd7a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -107,24 +107,33 @@ async fn post_update_ldap(mut req: Request) -> tide::Result { ldap.simple_bind(&dn, &pass)?.success()?; // always assume insecure - let mut secure = false; + let mut pw_keep_same = false; // get the users current password hash let (rs, _res) = ldap.search(&dn,Scope::Base,"(objectClass=*)",vec!["userPassword"])?.success()?; if !rs.is_empty() { let tmp = SearchEntry::construct(rs[0].clone()); if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SHA512}") { - secure = true; + pw_keep_same = true; } } - let mut mods = vec![ - Mod::Replace(field, HashSet::from([value])) - ]; - - if !secure { + + let mut mods = vec![]; + + // check if the password field itself is being updated + let pass_new = if &field != "userPassword" { + mods.push(Mod::Replace(field, HashSet::from([value]))); + // retain the older password + pass + } else { + pw_keep_same = false; + value + }; + + if !pw_keep_same { let mut hasher = Sha512::new(); - hasher.input_str(&pass); + hasher.input_str(&pass_new); // get it as hex string let hex = hasher.result_str();