Decentrala/luser
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix changing password with non-existent user

Browse Source
This commit is contained in:
fram3d
2025-09-27 23:02:54 +02:00
parent fe0e8f8d0c
commit 6bc05bcca3
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
luser/models.py
View File

@@ -272,6 +272,10 @@ class LUSER():
# Search LDAP entries that have object class inetOrgPerson and uid attribute equal to given user field # Search LDAP entries that have object class inetOrgPerson and uid attribute equal to given user field
self.ldapconnection.search(search_base=self.base,search_filter=f'(&(objectClass=inetOrgPerson)(uid={user}))', attributes=['userPassword']) self.ldapconnection.search(search_base=self.base,search_filter=f'(&(objectClass=inetOrgPerson)(uid={user}))', attributes=['userPassword'])
## Check if user exists
if self.ldapconnection.response == []:
return False;
# Return userPassword attribute from the response # Return userPassword attribute from the response
userpass = self.ldapconnection.response[0]['attributes']['userPassword'][0] userpass = self.ldapconnection.response[0]['attributes']['userPassword'][0]

8
luser/routes.py
View File

@@ -36,7 +36,13 @@ def changepassword():
# Create a LUSER connection # Create a LUSER connection
luser = LUSER(LDAPHOST,LDAPADMINNAME,LDAPPASS,USERBASE,ALTUSERBASE) luser = LUSER(LDAPHOST,LDAPADMINNAME,LDAPPASS,USERBASE,ALTUSERBASE)
if ldap_salted_sha1.verify(oldpassword, luser.getpassword(username)) == False and oldpassword != LDAPPASS: # Retrive current password
currentpassword = luser.getpassword(username)
if currentpassword == False:
return 'User doesn't exist'
if ldap_salted_sha1.verify(oldpassword, currentpassword) == False and oldpassword != LDAPPASS:
return 'Wrong username/password combination' return 'Wrong username/password combination'
ldaphash = ldap_salted_sha1.hash(newpassword) ldaphash = ldap_salted_sha1.hash(newpassword)