[Mageia-sysadm] [337] Add a means to filter out users who arent allowed to reset passwords with only
root at mageia.org
root at mageia.org
Sat Jan 22 14:55:56 CET 2011
Revision: 337
Author: buchan
Date: 2011-01-22 14:55:56 +0100 (Sat, 22 Jan 2011)
Log Message:
-----------
Add a means to filter out users who arent allowed to reset passwords with only
email verification (by default users who don't match (!(objectclass=posixAccount))
Fix email template to use configurable project url
Modified Paths:
--------------
identity/CatDap/trunk/catdap.yml
identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm
identity/CatDap/trunk/root/email/forgot_password.tt
Modified: identity/CatDap/trunk/catdap.yml
===================================================================
--- identity/CatDap/trunk/catdap.yml 2011-01-22 09:38:25 UTC (rev 336)
+++ identity/CatDap/trunk/catdap.yml 2011-01-22 13:55:56 UTC (rev 337)
@@ -40,6 +40,7 @@
path: '/tmp/'
prefix: 'catdap-forgot_password-'
timeout: 259200
+ allow_filter: '(!(objectClass=posixAccount))'
authentication:
default_realm: ldap
Modified: identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm
===================================================================
--- identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm 2011-01-22 09:38:25 UTC (rev 336)
+++ identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm 2011-01-22 13:55:56 UTC (rev 337)
@@ -57,28 +57,38 @@
$c->log->debug("Searching for email $email with filter $emailfilter");
my $mesg = $c->model('Proxy')->search($emailfilter);
- $c->log->info(printf("Search failed: %s"),$mesg->error) if ($mesg->code);
+ if ($mesg->code) {
+ $c->log->info(printf("Search failed: %s"),$mesg->error);
+ push @errors, $c->loc('Error while searching for account: ') . $mesg->error;
+ }
my @entries = $mesg->entries;
if (@entries != 1) {
push @errors,$c->loc(
'This email address is not bound to an account'
);
}
+ my $checkfilter = '(&' . $c->config->{'forgot_password'}{'allow_filter'} .
+ $emailfilter . ')';
+ $c->log->info(sprintf("Checking if user passes allow_filter $checkfilter"));
+ $mesg = $c->model('Proxy')->search($checkfilter);
+ if ($mesg->code) {
+ $c->log->info(printf("Search failed: %s"),$mesg->error);
+ push @errors, $c->loc('Error while searching for account: ') . $mesg->error;
+ }
+ my @checkentries = $mesg->entries;
+ if (@entries == 1 and @checkentries != 1) {
+ push @errors,$c->loc(
+ 'Privileged accounts may not recover passwords via this mechanism'
+ );
+ }
+
if (@errors) {
$c->stash(errors => \@errors);
$c->stash(template => 'forgot_password/index.tt');
return;
}
- if ($mesg->code) {
- push @errors,$mesg->error;
- $c->log->info( sprintf("finding email $email failed: %s", $mesg->error) );
- $c->stash(errors => \@errors);
- $c->stash(template => 'register/index.tt');
- return;
- }
-
my $secret = gen_secret($c, $email);
$c->stash(
@@ -89,7 +99,7 @@
'template' => 'forgot_password.tt',
},
url => $c->uri_for('/forgot_password/confirm') . "?secret=$secret",
- cn => @entries[0]->cn,
+ cn => $entries[0]->cn,
);
$c->log->info("Sending forgot password mail to email address $email");
Modified: identity/CatDap/trunk/root/email/forgot_password.tt
===================================================================
--- identity/CatDap/trunk/root/email/forgot_password.tt 2011-01-22 09:38:25 UTC (rev 336)
+++ identity/CatDap/trunk/root/email/forgot_password.tt 2011-01-22 13:55:56 UTC (rev 337)
@@ -4,4 +4,4 @@
[% url %]
--
-http://mageia.org/
+[% c.config.project_url %]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20110122/71753e02/attachment.html>
More information about the Mageia-sysadm
mailing list