fix changing password with non-existent user
This commit is contained in:
		| @@ -272,6 +272,10 @@ class LUSER(): | ||||
|         # Search LDAP entries that have object class inetOrgPerson and uid attribute equal to given user field | ||||
|         self.ldapconnection.search(search_base=self.base,search_filter=f'(&(objectClass=inetOrgPerson)(uid={user}))', attributes=['userPassword']) | ||||
|  | ||||
|         ## Check if user exists | ||||
|         if self.ldapconnection.response == []: | ||||
|             return False; | ||||
|  | ||||
|         # Return userPassword attribute from the response | ||||
|         userpass = self.ldapconnection.response[0]['attributes']['userPassword'][0] | ||||
|          | ||||
|   | ||||
| @@ -36,8 +36,14 @@ def changepassword(): | ||||
|         # Create a LUSER connection | ||||
|         luser = LUSER(LDAPHOST,LDAPADMINNAME,LDAPPASS,USERBASE,ALTUSERBASE) | ||||
|  | ||||
|         if ldap_salted_sha1.verify(oldpassword, luser.getpassword(username)) == False and oldpassword != LDAPPASS: | ||||
|                 return 'Wrong username/password combination' | ||||
|         # Retrive current password | ||||
|         currentpassword = luser.getpassword(username) | ||||
|  | ||||
|         if currentpassword == False: | ||||
|             return 'User doesn't exist' | ||||
|  | ||||
|         if ldap_salted_sha1.verify(oldpassword, currentpassword) == False and oldpassword != LDAPPASS: | ||||
|             return 'Wrong username/password combination' | ||||
|  | ||||
|         ldaphash = ldap_salted_sha1.hash(newpassword) | ||||
|         althash = sha512_crypt.hash(newpassword) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user