[Mageia-sysadm] [337] Add a means to filter out users who arent allowed to reset passwords with only

Sat Jan 22 14:55:56 CET 2011

Revision: 337
+Author:   buchan
+Date:     2011-01-22 14:55:56 +0100 (Sat, 22 Jan 2011)
+Log Message:
+-----------
+Add a means to filter out users who arent allowed to reset passwords with only
+email verification (by default users who don't match (!(objectclass=posixAccount))
+Fix email template to use configurable project url
+
+Modified Paths:
+--------------
+    identity/CatDap/trunk/catdap.yml
+    identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm
+    identity/CatDap/trunk/root/email/forgot_password.tt
+
+Modified: identity/CatDap/trunk/catdap.yml
+===================================================================
+--- identity/CatDap/trunk/catdap.yml	2011-01-22 09:38:25 UTC (rev 336)
++++ identity/CatDap/trunk/catdap.yml	2011-01-22 13:55:56 UTC (rev 337)
+@@ -40,6 +40,7 @@
+                 path:   '/tmp/'
+                 prefix: 'catdap-forgot_password-'
+                 timeout: 259200
++        allow_filter: '(!(objectClass=posixAccount))'
+ 
+ authentication:
+         default_realm: ldap
+
+Modified: identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm
+===================================================================
+--- identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm	2011-01-22 09:38:25 UTC (rev 336)
++++ identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm	2011-01-22 13:55:56 UTC (rev 337)
+@@ -57,28 +57,38 @@
+ 	$c->log->debug("Searching for email $email with filter $emailfilter");
+ 	my $mesg = $c->model('Proxy')->search($emailfilter);
+ 
+-	$c->log->info(printf("Search failed: %s"),$mesg->error)	if ($mesg->code);
++	if ($mesg->code) {
++		$c->log->info(printf("Search failed: %s"),$mesg->error);
++		push @errors, $c->loc('Error while searching for account: ') . $mesg->error;
++	}
+ 	my @entries = $mesg->entries;
+ 	if (@entries != 1) {
+ 		push @errors,$c->loc(
+ 			'This email address is not bound to an account'
+ 		);
+ 	}
++	my $checkfilter = '(&' . $c->config->{'forgot_password'}{'allow_filter'} . 
++	  $emailfilter . ')';
++	$c->log->info(sprintf("Checking if user passes allow_filter $checkfilter"));
++	$mesg = $c->model('Proxy')->search($checkfilter);
++	if ($mesg->code) {
++		$c->log->info(printf("Search failed: %s"),$mesg->error);
++		push @errors, $c->loc('Error while searching for account: ') . $mesg->error;
+ 
++	}
++	my @checkentries = $mesg->entries;
++	if (@entries == 1 and @checkentries != 1) {
++		push @errors,$c->loc(
++			'Privileged accounts may not recover passwords via this mechanism'
++		);
++	}
++
+ 	if (@errors) {
+ 		$c->stash(errors => \@errors);
+ 		$c->stash(template => 'forgot_password/index.tt');
+ 		return;
+ 	}
+ 
+-	if ($mesg->code) {
+-		push @errors,$mesg->error;
+-		$c->log->info( sprintf("finding email $email failed: %s", $mesg->error) );
+-		$c->stash(errors => \@errors);
+-		$c->stash(template => 'register/index.tt');
+-		return;
+-	}
+-
+ 	my $secret = gen_secret($c, $email);
+ 
+ 	$c->stash(
+@@ -89,7 +99,7 @@
+ 			'template'	=> 'forgot_password.tt',
+ 		},
+ 		url => $c->uri_for('/forgot_password/confirm') . "?secret=$secret",
+-		cn => @entries[0]->cn,
++		cn => $entries[0]->cn,
+ 	);
+ 
+ 	$c->log->info("Sending forgot password mail to email address $email");
+
+Modified: identity/CatDap/trunk/root/email/forgot_password.tt
+===================================================================
+--- identity/CatDap/trunk/root/email/forgot_password.tt	2011-01-22 09:38:25 UTC (rev 336)
++++ identity/CatDap/trunk/root/email/forgot_password.tt	2011-01-22 13:55:56 UTC (rev 337)
+@@ -4,4 +4,4 @@
+ [% url %]
+ 
+ --
+-http://mageia.org/
++[% c.config.project_url %]
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20110122/71753e02/attachment.html>
+