= LDV::User->create

10 years ago · 77a4efd4cd
1 changed files with 59 additions and 88 deletions
--- a/lib/LDV/User.pm
+++ b/lib/LDV/User.pm
@ -6,10 +6,6 @@ use utf8;

 use Mojo::Base 'Mojolicious::Controller';

-use Net::LDAP;
-use Net::LDAP::Util qw(ldap_error_name); # is really needed?
-use Crypt::SaltedHash;
-
 # pages
 sub login    { my ($self) = @_; $self->render(); }
 sub register { my ($self) = @_; $self->render(); }
@ -42,109 +38,84 @@ sub auth {
  my $user = $self->req->param('username');
  my $pass = $self->req->param('password');

-  if (my $delay = $self->app->config->{ldap}->{auth_delay}) {
-    sleep $delay;
-  }
+  eval {
+    my $delay = $self->app->config->{ldap}->{auth_delay};
+    sleep $delay if $delay;
+    ($user and $pass)
+      or die("empty username or password\n");
+    ($user =~ m|^([a-z0-9_-]){3,64}$|oia)
+      or die("wrong username\n");
+    $self->app->ldap->auth($user, $pass)
+      or die("wrong user or password\n");
+    $self->session({useruid => $user});
+    $self->redirect_to('/user/profile');
+  } or do {
+    $self->flash({result => "Auth failed: $@"});
+    $self->redirect_to('/user/login');
+  };

-  $self->redirect_to('/user/login');
+  $self->rendered;
+  return;
 }

-sub update {
+sub create {
  my ($self) = @_;
-  my ($data, $login);
-
-  unless ($login = $self->session('useruid')) {
-    $self->redirect_to('/user/login');
-    return;
-  }

  eval {
-    my ($ldap, $mesg);
-    $ldap = Net::LDAP->new($self->app->config->{server})
-      or die("$@");
-    $mesg = $ldap->bind($self->app->config->{binddn},
-            password => $self->app->config->{bindpass});
-    if ($mesg->code) {
-      $self->app->log->error($mesg->error);
-      die("Can't connect to server\n");
-    }
-    my $base = $self->app->config->{userbase};
-    my $attrs = [ @{$self->app->config->{defattrs}} ];
-    $mesg = $ldap->search(base   => $base, scope => 'one', deref => 'never',
-                          filter => '(&(uid=$login)(class=InetOrgPerson))',
-                          attrs  => $attrs);
-    die("User not found\n")
-      unless ($mesg->count);
-    my $entry = $mesg->pop_entry();
-    1;
+    my $error;
+    my $user = $self->req->param('username');
+    my $pass = $self->req->param('password');
+    my $mail = $self->req->param('mail');
+    ($user and $pass and $email)
+      or die("please fill all fields\n");
+    ($user =~ m|^([a-z0-9_-]){3,64}$|oia)
+      or die("wrong username\n");
+
+    $error = $self->app->ldap->create($user);
+    die("$error") if $error;
+    $error = $self->app->ldap->update($user, {mail => $mail});
+    die("$error") if $error;
+    $error = $self->app->ldap->chpass($user, $pass);
+    die("$error") if $error;
+
+    # TODO: confirmation email
+
+    $self->redirect_to('/user/profile'); 1;
  } or do {
+    $self->app->log->error($@);
+    $self->flash({result => "Can't create user: $@"});
+    $self->redirect_to('/user/create');
  };

-  $self->stash({user_data => $data});
-  $self->render();
+  $self->rendered();
+  return 1;
 }

-sub create
-{
+sub update {
  my ($self) = @_;
-  my ($result);

-  $result = "Created";
  eval {
-    my ($ldap, $mesg);
-    $ldap = Net::LDAP->new($self->app->config->{server})
-      or die("$@");
-    $mesg = $ldap->bind($self->app->config->{binddn},
-            password => $self->app->config->{bindpass});
-    if ($mesg->code) {
-      $self->app->log->error($mesg->error);
-      die("Can't connect to server\n");
-    }
-
-    my $base = $self->app->config->{userbase};
-    my $login = $self->req->param('login');
-    die ("Empty username\n")
-      unless ($login);
-    die ("Forbidden characters in username\n")
-      unless ($login =~ m|^[a-z]{2,36}$|oi);
-    $mesg = $ldap->search(base   => $base, scope => 'one', deref => 'never',
-                          filter => '(&(uid=$login)(class=InetOrgPerson))');
-    die("This user already exists\n")
-      if ($mesg->count);
-
-    my $attrs = {};
-    $attrs->{objectclass} = [ "top", @{$self->app->config->{defclasses}} ];
-    $attrs->{mail}        = $self->req->param('mail');
-    $attrs->{displayname} = $self->req->param('displayname') || '';
-    if ($attrs->{displayname} =~ m|^(\S+)\s+(?:.*\s+)?(\S+)$|oi) {
-      $attrs->{cn}        = $1;
-      $attrs->{sn}        = $2;
-    } else {
-      $attrs->{cn}        = '!not set!';
-      $attrs->{sn}        = '!not set!';
-    }
-
-    $attrs->{uid}         = $login;
-    my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1');
-    $csh->add($self->req->param('pass'));
-    $attrs->{userpassword} = $csh->generate();
-
-    $mesg = $ldap->add("uid=$login,$base", attrs => [ %$attrs ]);
-    if ($mesg->code) {
-      $self->app->log->error($mesg->error);
-      die("Can't add user\n");
+    my $user = $self->session('useruid')
+      or die("not logged in\n");
+    my $pass = $self->req->param('password')
+      or die("need current password\n");
+    $self->app->ldap->auth($user, $pass)
+      or die("wrong password\n");
+
+    my %attrs = ();
+    foreach my $key (qw(displayname mail org mobile)) {
+      my $value = $self->req->param($key) or next;
+      $attrs{$key} = $value;
    }
-
-    $ldap->unbind(); 1;
+    my $error = $self->app->ldap->update($user, %attrs);
+    die("$error\n") if $error; 1;
  } or do {
-    $self->app->log->error($@);
-    $result = "Error: $@";
+    $self->flash({result => "Can't save profile: $@"});
+    $self->redirect_to('/user/login');
  };

-  $self->flash({result => $result});
-  $self->redirect_to('/user/create');
  $self->rendered();
-  return 1;
+  return;
 }

 1;