parent
11b348326a
commit
bf1d91e110
1 changed files with 4 additions and 15 deletions
|
@ -38,7 +38,6 @@ pub async fn post_update_ldap(mut req: Request<State>) -> tide::Result {
|
||||||
|
|
||||||
// always assume insecure
|
// always assume insecure
|
||||||
let mut pw_keep_same = false;
|
let mut pw_keep_same = false;
|
||||||
let mut pw_secure = false;
|
|
||||||
|
|
||||||
// get the users current password hash
|
// get the users current password hash
|
||||||
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword"])?.success()?;
|
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["userPassword"])?.success()?;
|
||||||
|
@ -46,44 +45,34 @@ pub async fn post_update_ldap(mut req: Request<State>) -> tide::Result {
|
||||||
let tmp = SearchEntry::construct(rs[0].clone());
|
let tmp = SearchEntry::construct(rs[0].clone());
|
||||||
if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
|
if !tmp.attrs["userPassword"].is_empty() && tmp.attrs["userPassword"][0].starts_with("{SSHA512}") {
|
||||||
pw_keep_same = true;
|
pw_keep_same = true;
|
||||||
pw_secure = true;
|
|
||||||
}
|
|
||||||
if tmp.attrs.contains_key("skSecure") && !tmp.attrs["skSecure"].is_empty() && tmp.attrs["skSecure"][0] == "1" {
|
|
||||||
pw_secure = true;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if the password field itself is being updated
|
// check if the password field itself is being updated
|
||||||
let (pass_old, pass_new) = if &field != "userPassword" {
|
let (pass_old, pass_new) = if &field != "userPassword" {
|
||||||
// if password is not being updated then just update the required field
|
// if password is not being updated then just update the required field
|
||||||
let mut mods = vec![
|
let mods = vec![
|
||||||
// main value we are updating
|
// the value we are updating
|
||||||
Mod::Replace(field, HashSet::from([value])),
|
Mod::Replace(field, HashSet::from([value])),
|
||||||
];
|
];
|
||||||
|
|
||||||
// if teh password is changing then its inherentrly secure, same if its currently an empty field
|
|
||||||
if !pw_keep_same || !pw_secure {
|
|
||||||
mods.push(Mod::Replace(String::from("skSecure"), HashSet::from([String::from("1")])));
|
|
||||||
}
|
|
||||||
|
|
||||||
ldap.modify(&dn, mods)?.success()?;
|
ldap.modify(&dn, mods)?.success()?;
|
||||||
|
|
||||||
// pass back the "old" and "new" passwords
|
// pass back the "old" and "new" passwords
|
||||||
|
// using this means we can create teh vars without them needing to be mutable
|
||||||
(pass.clone(), pass.clone())
|
(pass.clone(), pass.clone())
|
||||||
} else {
|
} else {
|
||||||
// password is going to be updated, even if the old value is not starting with "{SSHA512}"
|
// password is going to be updated, even if the old value is not starting with "{SSHA512}"
|
||||||
|
|
||||||
pw_keep_same = false;
|
pw_keep_same = false;
|
||||||
(pass.clone(), value)
|
(pass.clone(), value)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// changing teh password because of an explicit request or upgrading teh security.
|
||||||
if !pw_keep_same {
|
if !pw_keep_same {
|
||||||
// really easy to update password once ye know how
|
// really easy to update password once ye know how
|
||||||
|
|
||||||
let tmp = PasswordModify {
|
let tmp = PasswordModify {
|
||||||
// none as we are staying on the same connection
|
// none as we are staying on the same connection
|
||||||
user_id: None,
|
user_id: None,
|
||||||
|
|
||||||
old_pass: Some(&pass_old),
|
old_pass: Some(&pass_old),
|
||||||
new_pass: Some(&pass_new),
|
new_pass: Some(&pass_new),
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue