feat: able to deal with password changes now
This commit is contained in:
parent
b1b533226a
commit
1b5563301f
1 changed files with 17 additions and 8 deletions
23
src/main.rs
23
src/main.rs
|
@ -107,24 +107,33 @@ async fn post_update_ldap(mut req: Request<State>) -> tide::Result {
|
|||
ldap.simple_bind(&dn, &pass)?.success()?;
|
||||
|
||||
// always assume insecure
|
||||
let mut secure = false;
|
||||
let mut pw_keep_same = false;
|
||||
|
||||
// get the users current password hash
|
||||
let (rs, _res) = ldap.search(&dn,Scope::Base,"(objectClass=*)",vec!["userPassword"])?.success()?;
|
||||
if !rs.is_empty() {
|
||||
let tmp = SearchEntry::construct(rs[0].clone());
|
||||
if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SHA512}") {
|
||||
secure = true;
|
||||
pw_keep_same = true;
|
||||
}
|
||||
}
|
||||
let mut mods = vec![
|
||||
Mod::Replace(field, HashSet::from([value]))
|
||||
];
|
||||
|
||||
if !secure {
|
||||
let mut mods = vec![];
|
||||
|
||||
// check if the password field itself is being updated
|
||||
let pass_new = if &field != "userPassword" {
|
||||
mods.push(Mod::Replace(field, HashSet::from([value])));
|
||||
// retain the older password
|
||||
pass
|
||||
} else {
|
||||
pw_keep_same = false;
|
||||
value
|
||||
};
|
||||
|
||||
if !pw_keep_same {
|
||||
let mut hasher = Sha512::new();
|
||||
|
||||
hasher.input_str(&pass);
|
||||
hasher.input_str(&pass_new);
|
||||
|
||||
// get it as hex string
|
||||
let hex = hasher.result_str();
|
||||
|
|
Loading…
Reference in a new issue