WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

support password change with old password

This commit is contained in:
Roland Gruber 2015-03-01 16:48:25 +00:00
parent af5191366f
commit acd5de4abf
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -8,6 +8,7 @@ March 2015
-> Personal: support image file size limit and cropping (requires php-imagick) in self service -> Personal: support image file size limit and cropping (requires php-imagick) in self service
-> Password self reset: allow to enter custom security questions (RFE 115) -> Password self reset: allow to enter custom security questions (RFE 115)
-> Unix groups (rfc2307bis): allow to sync members from group of (unique) names (RFE 116) -> Unix groups (rfc2307bis): allow to sync members from group of (unique) names (RFE 116)
-> Self Service: support password change with old password (requires PHP >= 5.4.26)
- Fixed bugs: - Fixed bugs:
-> Self Service shows password reuse error after password change was required -> Self Service shows password reuse error after password change was required

26
lam/lib/modules/posixAccount.inc
View File

@ -194,6 +194,10 @@ class posixAccount extends baseModule implements passwordService {
$loginShellsHelp = new htmlHelpLink('loginShells', get_class($this)); $loginShellsHelp = new htmlHelpLink('loginShells', get_class($this));
$loginShellsHelp->alignment = htmlElement::ALIGN_TOP; $loginShellsHelp->alignment = htmlElement::ALIGN_TOP;
$selfServiceContainer->addElement($loginShellsHelp, true); $selfServiceContainer->addElement($loginShellsHelp, true);
if (version_compare(phpversion(), '5.4.26') >= 0) {
$selfServiceContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_useOldPwd', false, _('Password change with old password')));
$selfServiceContainer->addElement(new htmlHelpLink('useOldPwd', get_class($this)), true);
}
$return['selfServiceSettings'] = $selfServiceContainer; $return['selfServiceSettings'] = $selfServiceContainer;
} }
// profile checks // profile checks
@ -537,6 +541,10 @@ class posixAccount extends baseModule implements passwordService {
'cn' => array ( 'cn' => array (
"Headline" => _("Common name"), 'attr' => 'cn', "Headline" => _("Common name"), 'attr' => 'cn',
"Text" => _("This is the natural name of the user. If empty, the first and last name or user name is used.") "Text" => _("This is the natural name of the user. If empty, the first and last name or user name is used.")
),
'useOldPwd' => array (
"Headline" => _('Password change with old password'),
"Text" => _('Sends the old password together with the new password when the user sets a new password.')
) )
), ),
'host' => array( 'host' => array(
@ -2550,6 +2558,11 @@ class posixAccount extends baseModule implements passwordService {
if (in_array('password', $fields)) { if (in_array('password', $fields)) {
$pwdTable = new htmlTable(); $pwdTable = new htmlTable();
$pwdTable->colspan = 3; $pwdTable->colspan = 3;
if (!empty($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd']) && ($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd'][0] == 'true')) {
$pwd0 = new htmlTableExtendedInputField(_('Old password'), 'posixAccount_passwordOld');
$pwd0->setIsPassword(true, true);
$pwdTable->addElement($pwd0, true);
}
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'posixAccount_password'); $pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'posixAccount_password');
$pwd1->setIsPassword(true, true); $pwd1->setIsPassword(true, true);
$pwdTable->addElement($pwd1, true); $pwdTable->addElement($pwd1, true);
@ -2629,7 +2642,13 @@ class posixAccount extends baseModule implements passwordService {
} }
$pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password'], $userName, $additionalAttrs); $pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password'], $userName, $additionalAttrs);
if ($pwdPolicyResult === true) { if ($pwdPolicyResult === true) {
$return['mod'][$this->getPasswordAttrName()][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]); if (empty($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd']) || ($this->selfServiceSettings->moduleSettings['posixAccount_useOldPwd'][0] != 'true')) {
$return['mod'][$this->getPasswordAttrName()][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
}
else {
$return['add'][$this->getPasswordAttrName()][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
$return['del'][$this->getPasswordAttrName()][0] = $_POST['posixAccount_passwordOld'];
}
$return['info']['userPasswordClearText'][0] = $_POST['posixAccount_password']; $return['info']['userPasswordClearText'][0] = $_POST['posixAccount_password'];
if (isset($attributes['shadowLastChange'][0])) { if (isset($attributes['shadowLastChange'][0])) {
$return['mod']['shadowLastChange'][0] = intval(time()/3600/24); $return['mod']['shadowLastChange'][0] = intval(time()/3600/24);
@ -2643,9 +2662,11 @@ class posixAccount extends baseModule implements passwordService {
} }
} }
} }
// stop processing if only a password change is done
if ($passwordChangeOnly) { if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done return $return;
} }
// cn
if (in_array('cn', $fields) && !in_array('cn', $readOnlyFields)) { if (in_array('cn', $fields) && !in_array('cn', $readOnlyFields)) {
if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) { if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) {
if (!get_preg($_POST['posixAccount_cn'], 'cn')) { if (!get_preg($_POST['posixAccount_cn'], 'cn')) {
@ -2659,6 +2680,7 @@ class posixAccount extends baseModule implements passwordService {
$return['messages'][] = $this->messages['cn'][0]; $return['messages'][] = $this->messages['cn'][0];
} }
} }
// shell
if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) { if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
$shelllist = $this->getShells(); // list of all valid shells $shelllist = $this->getShells(); // list of all valid shells
if (in_array($_POST['posixAccount_loginShell'], $shelllist) if (in_array($_POST['posixAccount_loginShell'], $shelllist)