1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[337] Add a means to filter out users who arent allowed to reset passwords with only</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd>337</dd>
<dt>Author</dt> <dd>buchan</dd>
<dt>Date</dt> <dd>2011-01-22 14:55:56 +0100 (Sat, 22 Jan 2011)</dd>
</dl>
<h3>Log Message</h3>
<pre>Add a means to filter out users who arent allowed to reset passwords with only
email verification (by default users who don't match (!(objectclass=posixAccount))
Fix email template to use configurable project url</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#identityCatDaptrunkcatdapyml">identity/CatDap/trunk/catdap.yml</a></li>
<li><a href="#identityCatDaptrunklibCatDapControllerforgot_passwordpm">identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm</a></li>
<li><a href="#identityCatDaptrunkrootemailforgot_passwordtt">identity/CatDap/trunk/root/email/forgot_password.tt</a></li>
</ul>
</div>
<div id="patch"><pre>
<a id="identityCatDaptrunkcatdapyml">Modified: identity/CatDap/trunk/catdap.yml</a>
===================================================================
--- identity/CatDap/trunk/catdap.yml 2011-01-22 09:38:25 UTC (rev 336)
+++ identity/CatDap/trunk/catdap.yml 2011-01-22 13:55:56 UTC (rev 337)
@@ -40,6 +40,7 @@
path: '/tmp/'
prefix: 'catdap-forgot_password-'
timeout: 259200
+ allow_filter: '(!(objectClass=posixAccount))'
authentication:
default_realm: ldap
<a id="identityCatDaptrunklibCatDapControllerforgot_passwordpm">Modified: identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm</a>
===================================================================
--- identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm 2011-01-22 09:38:25 UTC (rev 336)
+++ identity/CatDap/trunk/lib/CatDap/Controller/forgot_password.pm 2011-01-22 13:55:56 UTC (rev 337)
@@ -57,28 +57,38 @@
$c->log->debug("Searching for email $email with filter $emailfilter");
my $mesg = $c->model('Proxy')->search($emailfilter);
- $c->log->info(printf("Search failed: %s"),$mesg->error) if ($mesg->code);
+ if ($mesg->code) {
+ $c->log->info(printf("Search failed: %s"),$mesg->error);
+ push @errors, $c->loc('Error while searching for account: ') . $mesg->error;
+ }
my @entries = $mesg->entries;
if (@entries != 1) {
push @errors,$c->loc(
'This email address is not bound to an account'
);
}
+ my $checkfilter = '(&' . $c->config->{'forgot_password'}{'allow_filter'} .
+ $emailfilter . ')';
+ $c->log->info(sprintf("Checking if user passes allow_filter $checkfilter"));
+ $mesg = $c->model('Proxy')->search($checkfilter);
+ if ($mesg->code) {
+ $c->log->info(printf("Search failed: %s"),$mesg->error);
+ push @errors, $c->loc('Error while searching for account: ') . $mesg->error;
+ }
+ my @checkentries = $mesg->entries;
+ if (@entries == 1 and @checkentries != 1) {
+ push @errors,$c->loc(
+ 'Privileged accounts may not recover passwords via this mechanism'
+ );
+ }
+
if (@errors) {
$c->stash(errors => \@errors);
$c->stash(template => 'forgot_password/index.tt');
return;
}
- if ($mesg->code) {
- push @errors,$mesg->error;
- $c->log->info( sprintf("finding email $email failed: %s", $mesg->error) );
- $c->stash(errors => \@errors);
- $c->stash(template => 'register/index.tt');
- return;
- }
-
my $secret = gen_secret($c, $email);
$c->stash(
@@ -89,7 +99,7 @@
'template' => 'forgot_password.tt',
},
url => $c->uri_for('/forgot_password/confirm') . "?secret=$secret",
- cn => @entries[0]->cn,
+ cn => $entries[0]->cn,
);
$c->log->info("Sending forgot password mail to email address $email");
<a id="identityCatDaptrunkrootemailforgot_passwordtt">Modified: identity/CatDap/trunk/root/email/forgot_password.tt</a>
===================================================================
--- identity/CatDap/trunk/root/email/forgot_password.tt 2011-01-22 09:38:25 UTC (rev 336)
+++ identity/CatDap/trunk/root/email/forgot_password.tt 2011-01-22 13:55:56 UTC (rev 337)
@@ -4,4 +4,4 @@
[% url %]
--
-http://mageia.org/
+[% c.config.project_url %]
</pre></div>
</body>
</html>
|
