diff options
| -rw-r--r-- | catdap.yml | 1 | ||||
| -rw-r--r-- | lib/CatDap/Controller/forgot_password.pm | 30 | ||||
| -rw-r--r-- | root/email/forgot_password.tt | 2 |
3 files changed, 22 insertions, 11 deletions
@@ -40,6 +40,7 @@ forgot_password: path: '/tmp/' prefix: 'catdap-forgot_password-' timeout: 259200 + allow_filter: '(!(objectClass=posixAccount))' authentication: default_realm: ldap diff --git a/lib/CatDap/Controller/forgot_password.pm b/lib/CatDap/Controller/forgot_password.pm index 47d81b4..cda7802 100644 --- a/lib/CatDap/Controller/forgot_password.pm +++ b/lib/CatDap/Controller/forgot_password.pm @@ -57,25 +57,35 @@ sub check : Local { $c->log->debug("Searching for email $email with filter $emailfilter"); my $mesg = $c->model('Proxy')->search($emailfilter); - $c->log->info(printf("Search failed: %s"),$mesg->error) if ($mesg->code); + if ($mesg->code) { + $c->log->info(printf("Search failed: %s"),$mesg->error); + push @errors, $c->loc('Error while searching for account: ') . $mesg->error; + } my @entries = $mesg->entries; if (@entries != 1) { push @errors,$c->loc( 'This email address is not bound to an account' ); } + my $checkfilter = '(&' . $c->config->{'forgot_password'}{'allow_filter'} . + $emailfilter . ')'; + $c->log->info(sprintf("Checking if user passes allow_filter $checkfilter")); + $mesg = $c->model('Proxy')->search($checkfilter); + if ($mesg->code) { + $c->log->info(printf("Search failed: %s"),$mesg->error); + push @errors, $c->loc('Error while searching for account: ') . $mesg->error; - if (@errors) { - $c->stash(errors => \@errors); - $c->stash(template => 'forgot_password/index.tt'); - return; + } + my @checkentries = $mesg->entries; + if (@entries == 1 and @checkentries != 1) { + push @errors,$c->loc( + 'Privileged accounts may not recover passwords via this mechanism' + ); } - if ($mesg->code) { - push @errors,$mesg->error; - $c->log->info( sprintf("finding email $email failed: %s", $mesg->error) ); + if (@errors) { $c->stash(errors => \@errors); - $c->stash(template => 'register/index.tt'); + $c->stash(template => 'forgot_password/index.tt'); return; } @@ -89,7 +99,7 @@ sub check : Local { 'template' => 'forgot_password.tt', }, url => $c->uri_for('/forgot_password/confirm') . "?secret=$secret", - cn => @entries[0]->cn, + cn => $entries[0]->cn, ); $c->log->info("Sending forgot password mail to email address $email"); diff --git a/root/email/forgot_password.tt b/root/email/forgot_password.tt index 4826955..af9231f 100644 --- a/root/email/forgot_password.tt +++ b/root/email/forgot_password.tt @@ -4,4 +4,4 @@ [% url %] -- -http://mageia.org/ +[% c.config.project_url %] |