Browse Source

= LDV::User->create

master
Alex 'AdUser' Z 10 years ago
parent
commit
77a4efd4cd
  1. 147
      lib/LDV/User.pm

147
lib/LDV/User.pm

@ -6,10 +6,6 @@ use utf8;
use Mojo::Base 'Mojolicious::Controller'; use Mojo::Base 'Mojolicious::Controller';
use Net::LDAP;
use Net::LDAP::Util qw(ldap_error_name); # is really needed?
use Crypt::SaltedHash;
# pages # pages
sub login { my ($self) = @_; $self->render(); } sub login { my ($self) = @_; $self->render(); }
sub register { my ($self) = @_; $self->render(); } sub register { my ($self) = @_; $self->render(); }
@ -42,109 +38,84 @@ sub auth {
my $user = $self->req->param('username'); my $user = $self->req->param('username');
my $pass = $self->req->param('password'); my $pass = $self->req->param('password');
if (my $delay = $self->app->config->{ldap}->{auth_delay}) { eval {
sleep $delay; my $delay = $self->app->config->{ldap}->{auth_delay};
} sleep $delay if $delay;
($user and $pass)
or die("empty username or password\n");
($user =~ m|^([a-z0-9_-]){3,64}$|oia)
or die("wrong username\n");
$self->app->ldap->auth($user, $pass)
or die("wrong user or password\n");
$self->session({useruid => $user});
$self->redirect_to('/user/profile');
} or do {
$self->flash({result => "Auth failed: $@"});
$self->redirect_to('/user/login'); $self->redirect_to('/user/login');
};
$self->rendered;
return;
} }
sub update { sub create {
my ($self) = @_; my ($self) = @_;
my ($data, $login);
unless ($login = $self->session('useruid')) {
$self->redirect_to('/user/login');
return;
}
eval { eval {
my ($ldap, $mesg); my $error;
$ldap = Net::LDAP->new($self->app->config->{server}) my $user = $self->req->param('username');
or die("$@"); my $pass = $self->req->param('password');
$mesg = $ldap->bind($self->app->config->{binddn}, my $mail = $self->req->param('mail');
password => $self->app->config->{bindpass}); ($user and $pass and $email)
if ($mesg->code) { or die("please fill all fields\n");
$self->app->log->error($mesg->error); ($user =~ m|^([a-z0-9_-]){3,64}$|oia)
die("Can't connect to server\n"); or die("wrong username\n");
}
my $base = $self->app->config->{userbase}; $error = $self->app->ldap->create($user);
my $attrs = [ @{$self->app->config->{defattrs}} ]; die("$error") if $error;
$mesg = $ldap->search(base => $base, scope => 'one', deref => 'never', $error = $self->app->ldap->update($user, {mail => $mail});
filter => '(&(uid=$login)(class=InetOrgPerson))', die("$error") if $error;
attrs => $attrs); $error = $self->app->ldap->chpass($user, $pass);
die("User not found\n") die("$error") if $error;
unless ($mesg->count);
my $entry = $mesg->pop_entry(); # TODO: confirmation email
1;
$self->redirect_to('/user/profile'); 1;
} or do { } or do {
$self->app->log->error($@);
$self->flash({result => "Can't create user: $@"});
$self->redirect_to('/user/create');
}; };
$self->stash({user_data => $data}); $self->rendered();
$self->render(); return 1;
} }
sub create sub update {
{
my ($self) = @_; my ($self) = @_;
my ($result);
$result = "Created";
eval { eval {
my ($ldap, $mesg); my $user = $self->session('useruid')
$ldap = Net::LDAP->new($self->app->config->{server}) or die("not logged in\n");
or die("$@"); my $pass = $self->req->param('password')
$mesg = $ldap->bind($self->app->config->{binddn}, or die("need current password\n");
password => $self->app->config->{bindpass}); $self->app->ldap->auth($user, $pass)
if ($mesg->code) { or die("wrong password\n");
$self->app->log->error($mesg->error);
die("Can't connect to server\n"); my %attrs = ();
} foreach my $key (qw(displayname mail org mobile)) {
my $value = $self->req->param($key) or next;
my $base = $self->app->config->{userbase}; $attrs{$key} = $value;
my $login = $self->req->param('login');
die ("Empty username\n")
unless ($login);
die ("Forbidden characters in username\n")
unless ($login =~ m|^[a-z]{2,36}$|oi);
$mesg = $ldap->search(base => $base, scope => 'one', deref => 'never',
filter => '(&(uid=$login)(class=InetOrgPerson))');
die("This user already exists\n")
if ($mesg->count);
my $attrs = {};
$attrs->{objectclass} = [ "top", @{$self->app->config->{defclasses}} ];
$attrs->{mail} = $self->req->param('mail');
$attrs->{displayname} = $self->req->param('displayname') || '';
if ($attrs->{displayname} =~ m|^(\S+)\s+(?:.*\s+)?(\S+)$|oi) {
$attrs->{cn} = $1;
$attrs->{sn} = $2;
} else {
$attrs->{cn} = '!not set!';
$attrs->{sn} = '!not set!';
}
$attrs->{uid} = $login;
my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1');
$csh->add($self->req->param('pass'));
$attrs->{userpassword} = $csh->generate();
$mesg = $ldap->add("uid=$login,$base", attrs => [ %$attrs ]);
if ($mesg->code) {
$self->app->log->error($mesg->error);
die("Can't add user\n");
} }
my $error = $self->app->ldap->update($user, %attrs);
$ldap->unbind(); 1; die("$error\n") if $error; 1;
} or do { } or do {
$self->app->log->error($@); $self->flash({result => "Can't save profile: $@"});
$result = "Error: $@"; $self->redirect_to('/user/login');
}; };
$self->flash({result => $result});
$self->redirect_to('/user/create');
$self->rendered(); $self->rendered();
return 1; return;
} }
1; 1;

Loading…
Cancel
Save