Skynet/ldap_backend
6
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat:a dd field to make the password as secure

Browse source
This commit is contained in:
silver 2023-07-16 23:14:21 +01:00
parent 020fd7f25b
commit aef7cda678
2 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/methods/account_new.rs
View file

@ -296,6 +296,8 @@ async fn account_verification_new_account(ldap: &mut LdapConn, user_details: &Ac
// need to get this from wolves
//("skID", HashSet::from(["12345678"])),
("skCreated", HashSet::from([sk_created.as_str()])),
// 1 = secure, automatic since its a new account
("skSecure", HashSet::from(["1"])),
],
)?
.success()?;

16
src/methods/account_update.rs
View file

@ -32,6 +32,7 @@ pub async fn post_update_ldap(mut req: Request<State>) -> tide::Result {
// always assume insecure
let mut pw_keep_same = false;
let mut pw_secure = false;
// get the users current password hash
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword"])?.success()?;
@ -39,13 +40,26 @@ pub async fn post_update_ldap(mut req: Request<State>) -> tide::Result {
let tmp = SearchEntry::construct(rs[0].clone());
if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
pw_keep_same = true;
pw_secure = true;
}
if !tmp.attrs["skSecure"].is_empty() && tmp.attrs["skSecure"][0] == "1" {
pw_secure = true;
}
}
// check if the password field itself is being updated
let (pass_old, pass_new) = if &field != "userPassword" {
// if password is not being updated then just update the required field
let mods = vec![Mod::Replace(field, HashSet::from([value]))];
let mut mods = vec![
// main value we are updating
Mod::Replace(field, HashSet::from([value])),
];
// if teh password is changing then its inherentrly secure, same if its currently an empty field
if !pw_keep_same || !pw_secure {
mods.push(Mod::Replace(String::from("skSecure"), HashSet::from([String::from("1")])));
}
ldap.modify(&dn, mods)?.success()?;
// pass back the "old" and "new" passwords