feat: able to deal with password changes now

This commit is contained in:
silver 2023-05-26 00:45:07 +01:00
parent b1b533226a
commit 1b5563301f

View file

@ -107,24 +107,33 @@ async fn post_update_ldap(mut req: Request<State>) -> tide::Result {
ldap.simple_bind(&dn, &pass)?.success()?; ldap.simple_bind(&dn, &pass)?.success()?;
// always assume insecure // always assume insecure
let mut secure = false; let mut pw_keep_same = false;
// get the users current password hash // get the users current password hash
let (rs, _res) = ldap.search(&dn,Scope::Base,"(objectClass=*)",vec!["userPassword"])?.success()?; let (rs, _res) = ldap.search(&dn,Scope::Base,"(objectClass=*)",vec!["userPassword"])?.success()?;
if !rs.is_empty() { if !rs.is_empty() {
let tmp = SearchEntry::construct(rs[0].clone()); let tmp = SearchEntry::construct(rs[0].clone());
if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SHA512}") { if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SHA512}") {
secure = true; pw_keep_same = true;
} }
} }
let mut mods = vec![
Mod::Replace(field, HashSet::from([value])) let mut mods = vec![];
];
// check if the password field itself is being updated
if !secure { let pass_new = if &field != "userPassword" {
mods.push(Mod::Replace(field, HashSet::from([value])));
// retain the older password
pass
} else {
pw_keep_same = false;
value
};
if !pw_keep_same {
let mut hasher = Sha512::new(); let mut hasher = Sha512::new();
hasher.input_str(&pass); hasher.input_str(&pass_new);
// get it as hex string // get it as hex string
let hex = hasher.result_str(); let hex = hasher.result_str();