Support password changes for LDAP auth backend
This commit is contained in:
parent
23f78c7573
commit
67cc38b5ac
2 changed files with 35 additions and 4 deletions
|
@ -83,6 +83,12 @@ def handle_call({:bind_user, name, password}, from, state) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def handle_call({:change_password, name, password, new_password}, _from, state) do
|
||||||
|
result = change_password(state[:handle], name, password, new_password)
|
||||||
|
|
||||||
|
{:reply, result, state, :hibernate}
|
||||||
|
end
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def terminate(_, state) do
|
def terminate(_, state) do
|
||||||
handle = Keyword.get(state, :handle)
|
handle = Keyword.get(state, :handle)
|
||||||
|
@ -162,17 +168,16 @@ defp connect do
|
||||||
end
|
end
|
||||||
|
|
||||||
defp bind_user(handle, name, password) do
|
defp bind_user(handle, name, password) do
|
||||||
uid = Config.get([:ldap, :uid], "cn")
|
dn = make_dn(name)
|
||||||
base = Config.get([:ldap, :base])
|
|
||||||
|
|
||||||
case :eldap.simple_bind(handle, "#{uid}=#{name},#{base}", password) do
|
case :eldap.simple_bind(handle, dn, password) do
|
||||||
:ok ->
|
:ok ->
|
||||||
case fetch_user(name) do
|
case fetch_user(name) do
|
||||||
%User{} = user ->
|
%User{} = user ->
|
||||||
user
|
user
|
||||||
|
|
||||||
_ ->
|
_ ->
|
||||||
register_user(handle, base, uid, name)
|
register_user(handle, ldap_base(), ldap_uid(), name)
|
||||||
end
|
end
|
||||||
|
|
||||||
# eldap does not inform us of socket closure
|
# eldap does not inform us of socket closure
|
||||||
|
@ -231,6 +236,14 @@ defp try_register(name, attributes) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp change_password(handle, name, password, new_password) do
|
||||||
|
dn = make_dn(name)
|
||||||
|
|
||||||
|
with :ok <- :eldap.simple_bind(handle, dn, password) do
|
||||||
|
:eldap.modify_password(handle, dn, to_charlist(new_password), to_charlist(password))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
defp decode_certfile(file) do
|
defp decode_certfile(file) do
|
||||||
with {:ok, data} <- File.read(file) do
|
with {:ok, data} <- File.read(file) do
|
||||||
data
|
data
|
||||||
|
@ -242,4 +255,13 @@ defp decode_certfile(file) do
|
||||||
[]
|
[]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp ldap_uid, do: to_charlist(Config.get([:ldap, :uid], "cn"))
|
||||||
|
defp ldap_base, do: to_charlist(Config.get([:ldap, :base]))
|
||||||
|
|
||||||
|
defp make_dn(name) do
|
||||||
|
uid = ldap_uid()
|
||||||
|
base = ldap_base()
|
||||||
|
~c"#{uid}=#{name},#{base}"
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -30,4 +30,13 @@ def get_user(%Plug.Conn{} = conn) do
|
||||||
error
|
error
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def change_password(user, password, new_password, new_password) do
|
||||||
|
case GenServer.call(LDAP, {:change_password, user.nickname, password, new_password}) do
|
||||||
|
:ok -> {:ok, user}
|
||||||
|
e -> e
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def change_password(_, _, _, _), do: {:error, :password_confirmation}
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue