diff options
| author | Romain d'Alverny <rda@mageia.org> | 2012-06-28 17:14:29 +0000 |
|---|---|---|
| committer | Romain d'Alverny <rda@mageia.org> | 2012-06-28 17:14:29 +0000 |
| commit | 07ba94db23d61493f28c7b12ab9210642615f2be (patch) | |
| tree | 2d36dd5850600db3db2dc26c3845e50cce0e6732 /lib/CatDap/Controller | |
| parent | 96bea6f167974e4736d201336b385cbe6909471a (diff) | |
| parent | 70c9443f69df8abb3b48629eab16e5870d867806 (diff) | |
| download | identity-07ba94db23d61493f28c7b12ab9210642615f2be.tar identity-07ba94db23d61493f28c7b12ab9210642615f2be.tar.gz identity-07ba94db23d61493f28c7b12ab9210642615f2be.tar.bz2 identity-07ba94db23d61493f28c7b12ab9210642615f2be.tar.xz identity-07ba94db23d61493f28c7b12ab9210642615f2be.zip | |
Merge branch 'master' into stable
Diffstat (limited to 'lib/CatDap/Controller')
| -rw-r--r-- | lib/CatDap/Controller/admin.pm | 63 | ||||
| -rw-r--r-- | lib/CatDap/Controller/user.pm | 37 |
2 files changed, 58 insertions, 42 deletions
diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index 6c93212..5d9eed8 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -163,6 +163,7 @@ sub account_promote : Local { $c->assert_user_roles('Account Admins'); $c->stash( subpages => gensubpages('account') ); my @errors; + my @promoted; if ( defined $c->req->param('gid') and defined $c->req->param('username') ) { my $gid = $c->req->param('gid'); @@ -181,7 +182,7 @@ sub account_promote : Local { my $entry = $mesg->entry; $mesg = $c->model('user')->search("(objectclass=sambaUnixIdPool)"); if ( $mesg->entries gt 1 ) { - push @errors, "More than one ID Pool"; + push @errors, $c->loc("More than one ID Pool"); #TODO forward to error page } @@ -206,6 +207,8 @@ sub account_promote : Local { $idpool->replace( uidNumber => $uidnum ); $mesg = $idpool->update; $c->log->info("ERROR IdPool could not be reset to $uidnum: ", $mesg->error) if $mesg->code; + } else { + push @promoted, $uid; } } } @@ -221,6 +224,7 @@ sub account_promote : Local { } push @entries, \%new_entry; } + @entries = sort { $a->{'uid'} cmp $b->{'uid'} } @entries; $c->stash( entries => \@entries ); push @errors, $mesg->error if $mesg->code; @@ -228,6 +232,7 @@ sub account_promote : Local { my @groups = $mesg->entries; $c->stash( groups => \@groups ); $c->stash( errors => \@errors ); + $c->stash( promoted => \@promoted ); } sub account_modify : Local { @@ -507,7 +512,7 @@ sub password : Local { $mesg = $c->model('user')->search("uid=$uid"); push @errors,$mesg->error if $mesg->code; if ($mesg->entries gt 1) { - push @errors,'More than one entry matched'; + push @errors, $c->loc('More than one entry matched'); $c->detach; } $entry = $mesg->entry; @@ -520,14 +525,14 @@ sub password : Local { return 1; } if ($c->req->param('txnid') ne $c->session->{txnid}) { - push @errors,'Transaction ID mismatch'; + push @errors, $c->loc('Transaction ID mismatch'); $c->detach; } $newpass = Data::UUID->new->create_str(); my $pp = Net::LDAP::Control::PasswordPolicy->new; $mesg = $entry->replace( userPassword => $newpass,pwdReset => 'TRUE' )->update; if ($mesg->code) { - push @errors,"Password reset failed: " . $mesg->error; + push @errors, $c->loc("Password reset failed: ") . $mesg->error; $c->detach; } my $email = join(',',@mail); @@ -573,7 +578,7 @@ sub group : Local { $mainrole = 'group'; } else { - $c->res->forward('/user'); + $c->forward('/user'); } #$c->assert_any_user_role({['Account Admins','Group Admins']}); #$mainrole = 'account' if $c->check_user_roles('Account Admins'); @@ -583,14 +588,14 @@ sub group : Local { if ( not $c->req->param('attribute') and not $c->req->param('value') ) { $attribute = 'owner'; $value = $c->user->ldap_entry->dn; - $c->stash( heading => 'Groups you manage'); + $c->stash( heading => $c->loc('Groups you manage')); } else { $attribute = $c->req->param('attribute'); $attribute =~ s/[^\w\d]//g; $value = $c->req->param('value'); $value =~ s/[^\w\d\* ]//g; - $c->stash( heading => 'Groups matching search criteria'); + $c->stash( heading => $c->loc('Groups matching search criteria')); } my $mesg = $c->model('user') @@ -604,27 +609,44 @@ sub group : Local { sub group_modify : Local { my ( $self, $c, $group, $op, $attr, $value ) = @_; + $c->detach('/user/login') if not $c->user; + my $mainrole = 'account'; - if ( ! $c->check_user_roles('Account Admins') and ! $c->check_user_roles('Group Admins')) { - $c->res->forward('/user'); - } $mainrole = 'group' if (not $c->check_user_roles('Account Admins')); $c->stash( subpages => gensubpages($mainrole) ); + my @errors; my @entries; my $mesg; + $c->detach('/admin/group') if $group eq ''; - if ( $group !~ /^[\w\d ]*$/ ) { - push @errors, "Group contains illegal characters"; + if ( $group !~ /^[-\w\d ]*$/ ) { + push @errors, $c->loc('Group contains illegal characters'); $c->detach('/admin/group'); } + + my $mesg_group = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); + if ( $mesg_group->entries gt 1 ) { + push @errors, $c->loc('More than one entry matched'); + $c->detach('/admin/group'); + } + + #FIXME I am sure that the code can be smaller and leaner + @entries = $mesg_group->entries; + @entries = $entries[0]->get_value('owner'); + my $is_owner = grep { $_ eq $c->user->ldap_entry->dn } @entries; + + if ( ! $is_owner and ! $c->check_user_roles('Account Admins') and ! $c->check_user_roles('Group Admins')) { + $c->forward('/user'); + } + if (defined $op and $op eq 'delete') { - $mesg = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); - @entries = $mesg->entries; + @entries = $mesg_group->entries; $entries[0]->delete( $attr => $value)->update; $c->res->redirect("/admin/group_modify/$group"); - } + } + if ( defined $op and $op eq 'add' ) { my $member = $c->req->param('member'); $mesg = $c->model('user')->search("(uid=$member)"); @@ -637,17 +659,12 @@ sub group_modify : Local { } @entries = $mesg->entries; my $dn = $entries[0]->dn; - $mesg = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); - @entries = $mesg->entries; + @entries = $mesg_group->entries; $entries[0]->add( 'member' => $dn )->update; $c->res->redirect("/admin/group_modify/$group"); } - $mesg = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); - if ( $mesg->entries gt 1 ) { - push @errors, 'More than one entry matched'; - $c->detach('/admin/group'); - } - $c->stash( group => $mesg->entry ); + + $c->stash( group => $mesg_group->entry ); } =head2 index diff --git a/lib/CatDap/Controller/user.pm b/lib/CatDap/Controller/user.pm index f2171eb..e6cc7a1 100644 --- a/lib/CatDap/Controller/user.pm +++ b/lib/CatDap/Controller/user.pm @@ -87,7 +87,7 @@ sub auto : Private { -cipher => 'Blowfish' ) or die $!; $c->session->{enc_password} = $cipher->encrypt($c->req->param('password') || $c->req->param('key')); - $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; + $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; $c->stash(pages => roles2pages($c->user->roles)); $c->session->{dn} = $c->user->ldap_entry->dn; $c->session->{user} = $c->req->param('username'); @@ -103,7 +103,7 @@ sub auto : Private { $password = $cipher->decrypt($c->session->{enc_password}); $c->log->debug("Re-authenticating user " . $c->user->username); $c->authenticate({username => $c->user->username,password => $password}); - $c->res->cookies->{'key'} = {value => $key, expires => '+10m'}; + $c->res->cookies->{'key'} = {value => $key, expires => '+10m'}; $c->stash(pages => roles2pages($c->user->roles)); $c->log->info($@) if $@; @@ -279,29 +279,28 @@ sub password : Local { my ($mesg,$newpass,$cipher); $c->stash(subpages => gensubpages()); if ( not defined $c->req->param('password') or not defined $c->req->param('newpassword1') or not defined $c->req->param('newpassword2')) { - -#if ( not defined $c->req->param('newpassword1') or not defined $c->req->param('newpassword2')) { + #if ( not defined $c->req->param('newpassword1') or not defined $c->req->param('newpassword2')) { $c->detach; } # Re-authenticate to check the user has the right password if (not $c->authenticate({ - 'username' => $c->user->username, - 'password' => $c->req->param('password'), - }) - ) { - $c->stash(errors => [ $c->loc('Password incorrect') ]); - $c->detach; + 'username' => $c->user->username, + 'password' => $c->req->param('password'), + }) + ) { + $c->stash(errors => [ $c->loc('Password incorrect') ]); + $c->detach; } if ($c->req->param('newpassword1') eq $c->req->param('newpassword2')) { $newpass = $c->req->param('newpassword1'); } else { push @{${$c->stash}{'errors'}},$c->loc('New passwords dont match'); - $c->detach; + $c->detach; } my $pp = Net::LDAP::Control::PasswordPolicy->new; $mesg = $c->model('User')->set_password( - #oldpasswd => $c->req->param('password'), + #oldpasswd => $c->req->param('password'), newpasswd => $newpass, control => [ $pp ], ); @@ -319,7 +318,7 @@ sub password : Local { ) or die $!; $c->session->{enc_password} = $cipher->encrypt($newpass); push @{${$c->stash}{'errors'}},"Password change succeeded"; - #$c->res->redirect('/user'); + #$c->res->redirect('/user'); } } @@ -336,17 +335,17 @@ sub firstlogin : Local { username => $c->req->param('username'), password => $c->req->param('key')}) ) { $c->stash(errors => ['An error occurred']); - $c->log->info("Failed to authenticate user in first login: " . $c->req->param('key')); + $c->log->info("Failed to authenticate user in first login: " . $c->req->param('key')); $c->res->redirect('/user'); - } - # cache password for next request with form data + } + # cache password for next request with form data my $keyprefix = $self->get_keyprefix($c); - my $key = Data::UUID->new->create_str(); + my $key = Data::UUID->new->create_str(); $cipher = Crypt::CBC->new( -key => $keyprefix . $key, -cipher => 'Blowfish' ) or die $!; $c->session->{enc_password} = $cipher->encrypt($c->req->param('key')); - $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; + $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; $c->detach; } @@ -364,7 +363,7 @@ sub firstlogin : Local { ) or die $!; my $password = $cipher->decrypt($c->session->{enc_password}); $c->authenticate({username => $c->req->param('username'),password => $password}) - or $c->log->info("Authenticating user for first password change failed"); + or $c->log->info("Authenticating user for first password change failed"); my $pp = Net::LDAP::Control::PasswordPolicy->new; $mesg = $c->model('User')->set_password( |