ldap_password_change_10084.diff - Redmine

       def auth_source_partial_name(auth_source)
         "form_#{auth_source.class.name.underscore}"
       end
       module Encryption
         # Return an array of password encryptions
         def self.encryptiontypes
           ["MD5","SSHA","CLEAR"]
         end
       end
     end

     require 'iconv'
     require 'net/ldap'
     require 'net/ldap/dn'
     require 'digest'
     require 'base64'
     class AuthSourceLdap < AuthSource
       validates_presence_of :host, :port, :attr_login
-...
         "LDAP"
       end
       def allow_password_changes?
         return self.enabled_passwd
       end
       def encode_password(clear_password)
         chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
         salt = ''
 .times { |i| salt << chars[rand(chars.size-1)] }
         if self.password_encryption == "MD5"
           logger.debug "Encode as md5"
           return "{MD5}"+Base64.encode64(Digest::MD5.digest(clear_password)).chomp!
         end
         if self.password_encryption == "SSHA"
            logger.debug "Encode as ssha"
           return "{SSHA}"+Base64.encode64(Digest::SHA1.digest(clear_password+salt)+salt).chomp!
         end
         if self.password_encryption == "CLEAR"
            logger.debug "Encode as cleartype"
           return clear_password
         end
       end
       # change password
       def change_password(login,password,newPassword)
         begin
           attrs = get_user_dn(login, password)
           if attrs
             if self.account.blank? || self.account_password.blank?
               logger.debug "Binding with user account"
               ldap_con = initialize_ldap_con(attrs[:dn], password)
             else
               logger.debug "Binding with administrator account"
               ldap_con = initialize_ldap_con(self.account, self.account_password)
             end
     	ops = [
     		[:delete, :userPassword, password],
     		[:add, :userPassword, newPassword]
+    	]
     	return ldap_con.modify :dn => attrs[:dn], :operations => ops
     	# This is another password change method, probably more common
             #return ldap_con.replace_attribute attrs[:dn], :userPassword, encode_password(newPassword)
           end
         rescue
           return false
         end
         return false
       end
       private
       def ldap_filter

         end
       end
       def isExternal?
         return auth_source_id.present?
       end
       def changeExternalPassword(password,newPassword,newPasswordConfirm)
         return false if newPassword == "" || newPassword.length < 4
         return false if newPassword != newPasswordConfirm
         if (self.isExternal?)
           return self.auth_source.change_password(self.login,password,newPassword)
         end
         return false
       end
       protected
       def validate_password_length

         end
         if request.post?
           if @user.check_password?(params[:password])
             @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
             if @user.save
               flash[:notice] = l(:notice_account_password_updated)
               redirect_to :action => 'account'
             if @user.isExternal?
               if @user.changeExternalPassword(params[:password],params[:new_password], params[:new_password_confirmation])
                 flash[:notice] = l(:notice_account_password_updated)
                 redirect_to :action => 'account'
               else
                 flash[:error] = l(:notice_external_password_error)
               end
             else
               @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
               if @user.save
                 flash[:notice] = l(:notice_account_password_updated)
                 redirect_to :action => 'account'
               end
             end
           else
             flash[:error] = l(:notice_account_wrong_password)

     <p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
     <%= check_box 'auth_source', 'onthefly_register' %></p>
     <p><label for="auth_source_enabled_passwd"><%=l(:field_enabled_passwd)%></label>
     <%= check_box 'auth_source', 'enabled_passwd' %></p>
     </div>
     <fieldset class="box"><legend><%=l(:label_attribute_plural)%></legend>
-...
     <p><label for="auth_source_attr_mail"><%=l(:field_mail)%></label>
     <%= text_field 'auth_source', 'attr_mail', :size => 20  %></p>
     <p><label for="auth_source_password_encryption"><%=l(:field_password_encryption)%></label>
     <%= select 'auth_source', 'password_encryption', AuthSourcesHelper::Encryption.encryptiontypes %>
     </p>
     </fieldset>
     <!--[eoform:auth_source]-->

       general_pdf_encoding: UTF-8
       general_first_day_of_week: '7'
       notice_external_password_error: Error changing external password.
       notice_account_updated: Account was successfully updated.
       notice_account_invalid_creditentials: Invalid user or password
       notice_account_password_updated: Password was successfully updated.
-...
       field_attr_lastname: Lastname attribute
       field_attr_mail: Email attribute
       field_onthefly: On-the-fly user creation
       field_password_encryption: Encryption
       field_enabled_passwd: Enabled password changing
       field_start_date: Start date
       field_done_ratio: "% Done"
       field_auth_source: Authentication mode

Project

General

Profile

Redmine

Patch #5690 » ldap_password_change_10084.diff