Commit 99de4172 authored by Côme Chilliet's avatar Côme Chilliet

🚑 fix(templates) Fix userPassword handling in templates

When hash is set but not the password value (which is the default if you
 leave the template fields empty), applying the template to a user would
 result in changing its password, even if he already uses the same hash
 method.
With this change it will leave its password alone if it already uses the
 method, and if the method changed it should complain and ask for a new
 password.
This should avoid users erasing passwords by mistake.

issue #6035
parent 5981b180
......@@ -68,22 +68,18 @@ class template
return $result;
}
function __construct ($type, $dn, $targetdn = NULL)
function __construct ($type, $dn)
{
$this->type = $type;
$this->dn = $dn;
list($this->attrs, $depends) = templateHandling::fetch($this->dn);
$this->needed = templateHandling::neededAttrs($this->attrs, $depends);
$this->needed[] = 'base';
if ($targetdn === NULL) {
$this->tabObject = objects::create($this->type);
} else {
trigger_error("This should not be used for now");
$this->tabObject = objects::open($this->dn, $this->type);
}
$tempTabObject = objects::open($this->dn, $this->type); /* Used to know which tab is activated */
$this->attributes = [];
$this->tabObject = objects::create($this->type);
/* Used to know which tab is activated */
$tempTabObject = objects::open($this->dn, $this->type);
$tempTabObject->setActiveTabs($this->tabObject);
$this->attributes = [];
foreach ($this->tabObject->by_object as $class => $tab) {
if ($tab->is_account || $tab->ignore_account) {
$this->attributes[$class] = [];
......@@ -114,11 +110,7 @@ class template
$this->tabObject = objects::create($this->type);
/* Used to know which tab is activated */
$tempTabObject = objects::open($this->dn, $this->type);
foreach ($tempTabObject->by_object as $class => $plugin) {
if ($plugin->is_account || $plugin->ignore_account) {
$this->tabObject->by_object[$class]->is_account = $plugin->is_account;
}
}
$tempTabObject->setActiveTabs($this->tabObject);
$this->applied = FALSE;
}
......
......@@ -1913,7 +1913,7 @@ class simplePlugin implements SimpleTab
throw new FusionDirectoryException(_('Failed to create a unique DN'));
}
/*
/*!
* \brief Adapt from template
*
* Adapts fields to the values from a template.
......@@ -2010,7 +2010,10 @@ class simplePlugin implements SimpleTab
return TRUE;
}
/* Returns TRUE if this attribute should be asked in the creation by template dialog */
/*! \brief Returns TRUE if this attribute should be asked in the creation by template dialog
*
* \return bool whether this attribute should be asked
*/
function showInTemplate (string $attr, array $templateAttrs): bool
{
if (isset($templateAttrs[$attr])) {
......
......@@ -199,6 +199,11 @@ class UserPasswordAttribute extends CompositeAttribute
$pw_storage = $tmp->get_hash();
$locked = $tmp->is_locked('', $value);
}
if ($istemplate && empty($password)) {
/* Do not store hash for templates,
* we have the password anyway, and this avoids problems with empty passwords */
$value = $this->attributes[3]->getValue();
}
}
return [$pw_storage, $password, $password, $value, ($locked ? 'TRUE' : 'FALSE')];
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment