amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-19 02:15:36 +00:00
Code Issues Projects Releases Wiki Activity

feat(password-recovery): Add LDAP password recovery

Browse Source
This commit is contained in:
smizrahi
2022-10-16 14:46:19 +02:00
parent cddfdb90f9
commit d50080ea5b
5 changed files with 65 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Documentation/SOGoInstallationGuide.asciidoc
+1 -1
View File
@@ -787,7 +787,7 @@ authentication and global address books. Multiple sources can be
specified as an array of dictionaries.
|S |SOGoPasswordRecoveryEnabled
|Boolean enable password recovery with secret question or secondary e-mail. Only for database user source.
|Boolean enable password recovery with secret question or secondary e-mail.
|S |SOGoPasswordRecoveryDomains
|List of domains where password recovery is enabled. If empty, enabled for all domains
SoObjects/SOGo/LDAPSource.m
+61 -10
View File
@@ -708,6 +708,39 @@ groupObjectClasses: (NSArray *) newGroupObjectClasses
return didChange;
}
- (BOOL) _ldapAdminModifyAttribute: (NSString *) theAttribute
withValue: (NSString *) theValue
userDN: (NSString *) theUserDN
connection: (NGLdapConnection *) bindConnection
{
NGLdapModification *mod;
NGLdapAttribute *attr;
NSArray *changes;
BOOL didChange;
attr = [[NGLdapAttribute alloc] initWithAttributeName: theAttribute];
[attr addStringValue: theValue];
mod = [NGLdapModification replaceModification: attr];
changes = [NSArray arrayWithObject: mod];
if ([bindConnection bindWithMethod: @"simple"
binddn: _bindDN
credentials: _password])
{
didChange = [bindConnection modifyEntryWithDN: theUserDN
changes: changes];
}
else
didChange = NO;
RELEASE(attr);
return didChange;
}
/**
* Change a user's password.
* @param login the user's login name.
@@ -787,20 +820,38 @@ groupObjectClasses: (NSArray *) newGroupObjectClasses
if (encryptedPass != nil)
{
if ([bindConnection bindWithMethod: @"simple"
if (!passwordRecovery) {
if ([bindConnection bindWithMethod: @"simple"
binddn: userDN
credentials: oldPassword])
{
didChange = [self _ldapModifyAttribute: @"userPassword"
withValue: encryptedPass
userDN: userDN
password: oldPassword
connection: bindConnection];
if (didChange)
{
*perr = PolicyNoError;
didChange = [self _ldapModifyAttribute: @"userPassword"
withValue: encryptedPass
userDN: userDN
password: oldPassword
connection: bindConnection];
if (didChange)
{
*perr = PolicyNoError;
}
}
}
} else {
// Password recovery
// As old password is unknown, we use admin binding
if ([bindConnection bindWithMethod: @"simple"
binddn: _bindDN
credentials: _password])
{
didChange = [self _ldapAdminModifyAttribute: @"userPassword"
withValue: encryptedPass
userDN: userDN
connection: bindConnection];
if (didChange)
{
*perr = PolicyNoError;
}
}
}
}
}
UI/WebServerResources/js/Main.js
+1 -1
View File
File diff suppressed because one or more lines are too long
UI/WebServerResources/js/Main.js.map
+1 -1
View File
File diff suppressed because one or more lines are too long
UI/WebServerResources/js/Main/Main.app.js
+1 -3
View File
@@ -153,9 +153,7 @@
this.restoreLogin = function() {
vm.loginState = false;
delete vm.creds.verificationCode;
if (vm.isInPasswordRecoveryMode()) {
vm.passwordRecoveryAbort();
}
vm.passwordRecoveryAbort();
};
this.continueLogin = function() {