From 77a4efd4cd98ab9c892b856c240f5c029e4ff618 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 21 Nov 2014 13:28:33 +1000 Subject: [PATCH] = LDV::User->create --- lib/LDV/User.pm | 147 +++++++++++++++++++----------------------------- 1 file changed, 59 insertions(+), 88 deletions(-) diff --git a/lib/LDV/User.pm b/lib/LDV/User.pm index 1242f4f..d588480 100644 --- a/lib/LDV/User.pm +++ b/lib/LDV/User.pm @@ -6,10 +6,6 @@ use utf8; use Mojo::Base 'Mojolicious::Controller'; -use Net::LDAP; -use Net::LDAP::Util qw(ldap_error_name); # is really needed? -use Crypt::SaltedHash; - # pages sub login { my ($self) = @_; $self->render(); } sub register { my ($self) = @_; $self->render(); } @@ -42,109 +38,84 @@ sub auth { my $user = $self->req->param('username'); my $pass = $self->req->param('password'); - if (my $delay = $self->app->config->{ldap}->{auth_delay}) { - sleep $delay; - } + eval { + my $delay = $self->app->config->{ldap}->{auth_delay}; + sleep $delay if $delay; + ($user and $pass) + or die("empty username or password\n"); + ($user =~ m|^([a-z0-9_-]){3,64}$|oia) + or die("wrong username\n"); + $self->app->ldap->auth($user, $pass) + or die("wrong user or password\n"); + $self->session({useruid => $user}); + $self->redirect_to('/user/profile'); + } or do { + $self->flash({result => "Auth failed: $@"}); + $self->redirect_to('/user/login'); + }; - $self->redirect_to('/user/login'); + $self->rendered; + return; } -sub update { +sub create { my ($self) = @_; - my ($data, $login); - - unless ($login = $self->session('useruid')) { - $self->redirect_to('/user/login'); - return; - } eval { - my ($ldap, $mesg); - $ldap = Net::LDAP->new($self->app->config->{server}) - or die("$@"); - $mesg = $ldap->bind($self->app->config->{binddn}, - password => $self->app->config->{bindpass}); - if ($mesg->code) { - $self->app->log->error($mesg->error); - die("Can't connect to server\n"); - } - my $base = $self->app->config->{userbase}; - my $attrs = [ @{$self->app->config->{defattrs}} ]; - $mesg = $ldap->search(base => $base, scope => 'one', deref => 'never', - filter => '(&(uid=$login)(class=InetOrgPerson))', - attrs => $attrs); - die("User not found\n") - unless ($mesg->count); - my $entry = $mesg->pop_entry(); - 1; + my $error; + my $user = $self->req->param('username'); + my $pass = $self->req->param('password'); + my $mail = $self->req->param('mail'); + ($user and $pass and $email) + or die("please fill all fields\n"); + ($user =~ m|^([a-z0-9_-]){3,64}$|oia) + or die("wrong username\n"); + + $error = $self->app->ldap->create($user); + die("$error") if $error; + $error = $self->app->ldap->update($user, {mail => $mail}); + die("$error") if $error; + $error = $self->app->ldap->chpass($user, $pass); + die("$error") if $error; + + # TODO: confirmation email + + $self->redirect_to('/user/profile'); 1; } or do { + $self->app->log->error($@); + $self->flash({result => "Can't create user: $@"}); + $self->redirect_to('/user/create'); }; - $self->stash({user_data => $data}); - $self->render(); + $self->rendered(); + return 1; } -sub create -{ +sub update { my ($self) = @_; - my ($result); - $result = "Created"; eval { - my ($ldap, $mesg); - $ldap = Net::LDAP->new($self->app->config->{server}) - or die("$@"); - $mesg = $ldap->bind($self->app->config->{binddn}, - password => $self->app->config->{bindpass}); - if ($mesg->code) { - $self->app->log->error($mesg->error); - die("Can't connect to server\n"); - } - - my $base = $self->app->config->{userbase}; - my $login = $self->req->param('login'); - die ("Empty username\n") - unless ($login); - die ("Forbidden characters in username\n") - unless ($login =~ m|^[a-z]{2,36}$|oi); - $mesg = $ldap->search(base => $base, scope => 'one', deref => 'never', - filter => '(&(uid=$login)(class=InetOrgPerson))'); - die("This user already exists\n") - if ($mesg->count); - - my $attrs = {}; - $attrs->{objectclass} = [ "top", @{$self->app->config->{defclasses}} ]; - $attrs->{mail} = $self->req->param('mail'); - $attrs->{displayname} = $self->req->param('displayname') || ''; - if ($attrs->{displayname} =~ m|^(\S+)\s+(?:.*\s+)?(\S+)$|oi) { - $attrs->{cn} = $1; - $attrs->{sn} = $2; - } else { - $attrs->{cn} = '!not set!'; - $attrs->{sn} = '!not set!'; - } - - $attrs->{uid} = $login; - my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1'); - $csh->add($self->req->param('pass')); - $attrs->{userpassword} = $csh->generate(); - - $mesg = $ldap->add("uid=$login,$base", attrs => [ %$attrs ]); - if ($mesg->code) { - $self->app->log->error($mesg->error); - die("Can't add user\n"); + my $user = $self->session('useruid') + or die("not logged in\n"); + my $pass = $self->req->param('password') + or die("need current password\n"); + $self->app->ldap->auth($user, $pass) + or die("wrong password\n"); + + my %attrs = (); + foreach my $key (qw(displayname mail org mobile)) { + my $value = $self->req->param($key) or next; + $attrs{$key} = $value; } - - $ldap->unbind(); 1; + my $error = $self->app->ldap->update($user, %attrs); + die("$error\n") if $error; 1; } or do { - $self->app->log->error($@); - $result = "Error: $@"; + $self->flash({result => "Can't save profile: $@"}); + $self->redirect_to('/user/login'); }; - $self->flash({result => $result}); - $self->redirect_to('/user/create'); $self->rendered(); - return 1; + return; } 1;