diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-January/002385.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2011-January/002385.html | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-January/002385.html b/zarb-ml/mageia-sysadm/2011-January/002385.html new file mode 100644 index 000000000..456592314 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-January/002385.html @@ -0,0 +1,168 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [337] Add a means to filter out users who arent allowed to reset passwords with only + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B337%5D%20Add%20a%20means%20to%20filter%20out%20users%20who%20arent%0A%20allowed%20to%20reset%20passwords%20with%20only&In-Reply-To=%3C20110122135556.CD32142D9A%40valstar.mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="002384.html"> + <LINK REL="Next" HREF="002386.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [337] Add a means to filter out users who arent allowed to reset passwords with only</H1> + <B>root at mageia.org</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B337%5D%20Add%20a%20means%20to%20filter%20out%20users%20who%20arent%0A%20allowed%20to%20reset%20passwords%20with%20only&In-Reply-To=%3C20110122135556.CD32142D9A%40valstar.mageia.org%3E" + TITLE="[Mageia-sysadm] [337] Add a means to filter out users who arent allowed to reset passwords with only">root at mageia.org + </A><BR> + <I>Sat Jan 22 14:55:56 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="002384.html">[Mageia-sysadm] [877] Change ACL for non-privileged users to not work on reset model, instead allow +</A></li> + <LI>Next message: <A HREF="002386.html">[Mageia-sysadm] [338] Ugly code rejecting submit when buildrequires are missing +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2385">[ date ]</a> + <a href="thread.html#2385">[ thread ]</a> + <a href="subject.html#2385">[ subject ]</a> + <a href="author.html#2385">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Revision: 337 +Author: buchan +Date: 2011-01-22 14:55:56 +0100 (Sat, 22 Jan 2011) +Log Message: +----------- +Add a means to filter out users who arent allowed to reset passwords with only +email verification (by default users who don't match (!(objectclass=posixAccount)) +Fix email template to use configurable project url + +Modified Paths: +-------------- + identity/CatDap/trunk/catdap.yml + identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm + identity/CatDap/trunk/root/email/forgot_password.tt + +Modified: identity/CatDap/trunk/catdap.yml +=================================================================== +--- identity/CatDap/trunk/catdap.yml 2011-01-22 09:38:25 UTC (rev 336) ++++ identity/CatDap/trunk/catdap.yml 2011-01-22 13:55:56 UTC (rev 337) +@@ -40,6 +40,7 @@ + path: '/tmp/' + prefix: 'catdap-forgot_password-' + timeout: 259200 ++ allow_filter: '(!(objectClass=posixAccount))' + + authentication: + default_realm: ldap + +Modified: identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm +=================================================================== +--- identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm 2011-01-22 09:38:25 UTC (rev 336) ++++ identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm 2011-01-22 13:55:56 UTC (rev 337) +@@ -57,28 +57,38 @@ + $c->log->debug("Searching for email $email with filter $emailfilter"); + my $mesg = $c->model('Proxy')->search($emailfilter); + +- $c->log->info(printf("Search failed: %s"),$mesg->error) if ($mesg->code); ++ if ($mesg->code) { ++ $c->log->info(printf("Search failed: %s"),$mesg->error); ++ push @errors, $c->loc('Error while searching for account: ') . $mesg->error; ++ } + my @entries = $mesg->entries; + if (@entries != 1) { + push @errors,$c->loc( + 'This email address is not bound to an account' + ); + } ++ my $checkfilter = '(&' . $c->config->{'forgot_password'}{'allow_filter'} . ++ $emailfilter . ')'; ++ $c->log->info(sprintf("Checking if user passes allow_filter $checkfilter")); ++ $mesg = $c->model('Proxy')->search($checkfilter); ++ if ($mesg->code) { ++ $c->log->info(printf("Search failed: %s"),$mesg->error); ++ push @errors, $c->loc('Error while searching for account: ') . $mesg->error; + ++ } ++ my @checkentries = $mesg->entries; ++ if (@entries == 1 and @checkentries != 1) { ++ push @errors,$c->loc( ++ 'Privileged accounts may not recover passwords via this mechanism' ++ ); ++ } ++ + if (@errors) { + $c->stash(errors => \@errors); + $c->stash(template => 'forgot_password/index.tt'); + return; + } + +- if ($mesg->code) { +- push @errors,$mesg->error; +- $c->log->info( sprintf("finding email $email failed: %s", $mesg->error) ); +- $c->stash(errors => \@errors); +- $c->stash(template => 'register/index.tt'); +- return; +- } +- + my $secret = gen_secret($c, $email); + + $c->stash( +@@ -89,7 +99,7 @@ + 'template' => 'forgot_password.tt', + }, + url => $c->uri_for('/forgot_password/confirm') . "?secret=$secret", +- cn => @entries[0]->cn, ++ cn => $entries[0]->cn, + ); + + $c->log->info("Sending forgot password mail to email address $email"); + +Modified: identity/CatDap/trunk/root/email/forgot_password.tt +=================================================================== +--- identity/CatDap/trunk/root/email/forgot_password.tt 2011-01-22 09:38:25 UTC (rev 336) ++++ identity/CatDap/trunk/root/email/forgot_password.tt 2011-01-22 13:55:56 UTC (rev 337) +@@ -4,4 +4,4 @@ + [% url %] + + -- +-<A HREF="http://mageia.org/">http://mageia.org/</A> ++[% c.config.project_url %] +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20110122/71753e02/attachment.html> +</PRE> + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="002384.html">[Mageia-sysadm] [877] Change ACL for non-privileged users to not work on reset model, instead allow +</A></li> + <LI>Next message: <A HREF="002386.html">[Mageia-sysadm] [338] Ugly code rejecting submit when buildrequires are missing +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2385">[ date ]</a> + <a href="thread.html#2385">[ thread ]</a> + <a href="subject.html#2385">[ subject ]</a> + <a href="author.html#2385">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |