fix changing password with non-existent user
This commit is contained in:
@@ -272,6 +272,10 @@ class LUSER():
|
||||
# Search LDAP entries that have object class inetOrgPerson and uid attribute equal to given user field
|
||||
self.ldapconnection.search(search_base=self.base,search_filter=f'(&(objectClass=inetOrgPerson)(uid={user}))', attributes=['userPassword'])
|
||||
|
||||
## Check if user exists
|
||||
if self.ldapconnection.response == []:
|
||||
return False;
|
||||
|
||||
# Return userPassword attribute from the response
|
||||
userpass = self.ldapconnection.response[0]['attributes']['userPassword'][0]
|
||||
|
||||
|
@@ -36,8 +36,14 @@ def changepassword():
|
||||
# Create a LUSER connection
|
||||
luser = LUSER(LDAPHOST,LDAPADMINNAME,LDAPPASS,USERBASE,ALTUSERBASE)
|
||||
|
||||
if ldap_salted_sha1.verify(oldpassword, luser.getpassword(username)) == False and oldpassword != LDAPPASS:
|
||||
return 'Wrong username/password combination'
|
||||
# Retrive current password
|
||||
currentpassword = luser.getpassword(username)
|
||||
|
||||
if currentpassword == False:
|
||||
return 'User doesn't exist'
|
||||
|
||||
if ldap_salted_sha1.verify(oldpassword, currentpassword) == False and oldpassword != LDAPPASS:
|
||||
return 'Wrong username/password combination'
|
||||
|
||||
ldaphash = ldap_salted_sha1.hash(newpassword)
|
||||
althash = sha512_crypt.hash(newpassword)
|
||||
|
Reference in New Issue
Block a user