Something went wrong while setting issue due date.

adding "lock/unlock entry" function to the webservice

Hi,

Currently you can't lock or unlock an account from the webservice, which is blocking to my user registration workflow and especially account activation by email (which looks like any user registration workflow on the web btw).

Here is the code I've added to expose the function, it need review (and probably tweaks):

  protected function _lockEntry($entry, $type = 'toggle')
  {
    global $config, $ui;
    // Filter out entries we are not allowed to modify
    $disallowed = array();
    $dns        = array();

    if(!is_array($entry)) {
      $entry = array($entry);
    }

    foreach ($entry as $dn) {
      if (!preg_match('/w/', $ui->get_permissions($dn, 'user/password'))) {
        $disallowed[] = $dn;
      } else {
        $allowed[] = $dn;
      }
    }
    if (count($disallowed)) {
      return array('errors' => array(sprintf(_('Permission issue: cannot update lock status.'))));
    }
    // Try to lock/unlock the rest of the entries.
    $ldap = $config->get_ldap_link();
    foreach ($allowed as $dn) {
      $ldap->cat($dn, array('userPassword'));
      if ($ldap->count() == 1) {

        // We can't lock empty passwords.
        $val = $ldap->fetch();
        if (!isset($val['userPassword'])) {
          continue;
        }
        // Detect the password method and try to lock/unlock.
        $pwd      = $val['userPassword'][0];
        $method   = passwordMethod::get_method($pwd, $val['dn']);
        $success  = TRUE;
        if ($method instanceOf passwordMethod) {
          if ($type == 'toggle') {
            if ($method->is_locked($val['dn'])) {
              $success = $method->unlock_account($val['dn']);
            } else {
              $success = $method->lock_account($val['dn']);
            }
          } elseif ($type == 'lock' && !$method->is_locked($val['dn'])) {
            $success = $method->lock_account($val['dn']);
          } elseif ($type == 'unlock' && $method->is_locked($val['dn'])) {
            $success = $method->unlock_account($val['dn']);
          }

          // Check if everything went fine.
          if (!$success) {
            $hn = $method->get_hash_name();
            if (is_array($hn)) {
              $hn = $hn[0];
            }
            return array('errors' => array(sprintf(_('Password method does not support locking'))));
          }
        } else {
          // Can't lock unknown methods.
        }
      }
    }
  }

(from redmine: issue id 4854, created on 2016-06-06, closed on 2016-06-09)

Changesets:
- Revision f5c2651b by Côme Chilliet on 2016-06-07T07:33:20.000Z:

Fixes #4854 adding "lock/unlock entry" function to the webservice

Revision ef7510df by Côme Chilliet on 2016-06-07T07:34:03.000Z:

Fixes #4854 adding "lock/unlock entry" function to the webservice

Custom Fields:
- Bug in version: 1.0.12

Tasks

No tasks are currently assigned. Use tasks to break down this issue into smaller parts.

Activity

Côme Chilliet @cchilliet · 8 years ago

Reporter

Merged. I renamed the method to lockUser.

(from redmine: written on 2016-06-07)
mhamant @mhamant · 8 years ago

Author Reporter

It works! thanks.

(from redmine: written on 2016-06-09)
bmortier @bmortier · 8 years ago

Maintainer

Close issue

(from redmine: written on 2016-06-09)
bmortier closed 7 years ago

closed
bmortier added Added user-manual labels 6 years ago

added Added user-manual labels

Please register or sign in to reply

Milestone

None

Due date

None

Confidentiality

Not confidential

0 Participants

Reference:

adding "lock/unlock entry" function to the webservice

Tasks

Linked items 0

Activity

Linked items
0