Commit 750dd52c authored by Côme Bernigaud's avatar Côme Bernigaud Committed by Benoit Mortier
Browse files

Fixes #3383 Relocking user after password change

parent 3353fca4
......@@ -55,6 +55,10 @@ class UserPasswordAttribute extends CompositeAttribute
),
new HiddenAttribute(
$ldapName.'_hash'
),
new HiddenAttribute(
$ldapName.'_locked', FALSE,
FALSE
)
),
'', '', $acl, $label
......@@ -94,17 +98,19 @@ class UserPasswordAttribute extends CompositeAttribute
function readValues($value)
{
$pw_storage = $this->plugin->config->get_cfg_value('passwordDefaultHash', 'ssha');
$locked = FALSE;
if (preg_match ('/^{[^}]+}/', $value)) {
$tmp = passwordMethod::get_method($value);
if (is_object($tmp)) {
$pw_storage = $tmp->get_hash();
$locked = $tmp->is_locked($this->plugin->config, $this->plugin->dn);
}
} else {
if ($value != '') {
$pw_storage = 'clear';
}
}
return array($pw_storage, '', '', $value);
return array($pw_storage, '', '', $value, $locked);
}
function writeValues($values)
......@@ -128,6 +134,16 @@ class UserPasswordAttribute extends CompositeAttribute
return _('Passwords does not match');
}
}
function isLocked()
{
return $this->attributes[4]->getValue();
}
function getMethod()
{
return $this->attributes[0]->getValue();
}
}
class user extends simplePlugin
......@@ -135,6 +151,8 @@ class user extends simplePlugin
var $objectclasses = array('top','person','organizationalPerson','inetOrgPerson','gosaAccount');
var $mainTab = TRUE;
private $was_locked;
static function plInfo()
{
return array(
......@@ -334,11 +352,13 @@ class user extends simplePlugin
$filename = './plugins/users/images/default.jpg';
$fd = fopen ($filename, 'rb');
$this->attributesAccess['jpegPhoto']->setPlaceholder(fread ($fd, filesize($filename)));
$this->was_locked = $this->attributesAccess['userPassword']->isLocked();
}
function postCopyHook()
{
$this->attributesAccess['uid']->setDisabled($this->initially_was_account);
$this->attributesAccess['uid']->setDisabled($this->initially_was_account && !$this->is_template);
}
private function update_cn()
......@@ -385,6 +405,17 @@ class user extends simplePlugin
return parent::execute();
}
function ldap_save($cleanup = TRUE)
{
parent::ldap_save($cleanup);
if (!$this->is_template && $this->was_locked && $this->attributesAccess['userPassword']->hasChanged()) {
$methods = passwordMethod::get_available_methods();
$pmethod = new $methods[$this->attributesAccess['userPassword']->getMethod()]($this->config, $this->dn);
$pmethod->lock_account($this->config, $this->dn);
}
}
function save()
{
parent::save();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment