diff options
author | Buchan Milne <buchan@mageia.org> | 2011-01-22 13:55:56 +0000 |
---|---|---|
committer | Buchan Milne <buchan@mageia.org> | 2011-01-22 13:55:56 +0000 |
commit | bf51f6530087b954dcecd45673128653a57b44fc (patch) | |
tree | d0d4522c5095cd42efa502cc90b29328d417ab7e /lib/CatDap/Controller | |
parent | 923f05432e5639c025af3a42614f8960a6233777 (diff) | |
download | identity-bf51f6530087b954dcecd45673128653a57b44fc.tar identity-bf51f6530087b954dcecd45673128653a57b44fc.tar.gz identity-bf51f6530087b954dcecd45673128653a57b44fc.tar.bz2 identity-bf51f6530087b954dcecd45673128653a57b44fc.tar.xz identity-bf51f6530087b954dcecd45673128653a57b44fc.zip |
Add a means to filter out users who arent allowed to reset passwords with only email verification (by default users who don't match (!(objectclass=posixAccount)) Fix email template to use configurable project url
Diffstat (limited to 'lib/CatDap/Controller')
-rw-r--r-- | lib/CatDap/Controller/forgot_password.pm | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/lib/CatDap/Controller/forgot_password.pm b/lib/CatDap/Controller/forgot_password.pm index 47d81b4..cda7802 100644 --- a/lib/CatDap/Controller/forgot_password.pm +++ b/lib/CatDap/Controller/forgot_password.pm @@ -57,25 +57,35 @@ sub check : Local { $c->log->debug("Searching for email $email with filter $emailfilter"); my $mesg = $c->model('Proxy')->search($emailfilter); - $c->log->info(printf("Search failed: %s"),$mesg->error) if ($mesg->code); + if ($mesg->code) { + $c->log->info(printf("Search failed: %s"),$mesg->error); + push @errors, $c->loc('Error while searching for account: ') . $mesg->error; + } my @entries = $mesg->entries; if (@entries != 1) { push @errors,$c->loc( 'This email address is not bound to an account' ); } + my $checkfilter = '(&' . $c->config->{'forgot_password'}{'allow_filter'} . + $emailfilter . ')'; + $c->log->info(sprintf("Checking if user passes allow_filter $checkfilter")); + $mesg = $c->model('Proxy')->search($checkfilter); + if ($mesg->code) { + $c->log->info(printf("Search failed: %s"),$mesg->error); + push @errors, $c->loc('Error while searching for account: ') . $mesg->error; - if (@errors) { - $c->stash(errors => \@errors); - $c->stash(template => 'forgot_password/index.tt'); - return; + } + my @checkentries = $mesg->entries; + if (@entries == 1 and @checkentries != 1) { + push @errors,$c->loc( + 'Privileged accounts may not recover passwords via this mechanism' + ); } - if ($mesg->code) { - push @errors,$mesg->error; - $c->log->info( sprintf("finding email $email failed: %s", $mesg->error) ); + if (@errors) { $c->stash(errors => \@errors); - $c->stash(template => 'register/index.tt'); + $c->stash(template => 'forgot_password/index.tt'); return; } @@ -89,7 +99,7 @@ sub check : Local { 'template' => 'forgot_password.tt', }, url => $c->uri_for('/forgot_password/confirm') . "?secret=$secret", - cn => @entries[0]->cn, + cn => $entries[0]->cn, ); $c->log->info("Sending forgot password mail to email address $email"); |