|
|
@ -6,10 +6,6 @@ use utf8; |
|
|
|
|
|
|
|
|
|
|
|
use Mojo::Base 'Mojolicious::Controller'; |
|
|
|
use Mojo::Base 'Mojolicious::Controller'; |
|
|
|
|
|
|
|
|
|
|
|
use Net::LDAP; |
|
|
|
|
|
|
|
use Net::LDAP::Util qw(ldap_error_name); # is really needed? |
|
|
|
|
|
|
|
use Crypt::SaltedHash; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# pages |
|
|
|
# pages |
|
|
|
sub login { my ($self) = @_; $self->render(); } |
|
|
|
sub login { my ($self) = @_; $self->render(); } |
|
|
|
sub register { my ($self) = @_; $self->render(); } |
|
|
|
sub register { my ($self) = @_; $self->render(); } |
|
|
@ -42,109 +38,84 @@ sub auth { |
|
|
|
my $user = $self->req->param('username'); |
|
|
|
my $user = $self->req->param('username'); |
|
|
|
my $pass = $self->req->param('password'); |
|
|
|
my $pass = $self->req->param('password'); |
|
|
|
|
|
|
|
|
|
|
|
if (my $delay = $self->app->config->{ldap}->{auth_delay}) { |
|
|
|
eval { |
|
|
|
sleep $delay; |
|
|
|
my $delay = $self->app->config->{ldap}->{auth_delay}; |
|
|
|
} |
|
|
|
sleep $delay if $delay; |
|
|
|
|
|
|
|
($user and $pass) |
|
|
|
|
|
|
|
or die("empty username or password\n"); |
|
|
|
|
|
|
|
($user =~ m|^([a-z0-9_-]){3,64}$|oia) |
|
|
|
|
|
|
|
or die("wrong username\n"); |
|
|
|
|
|
|
|
$self->app->ldap->auth($user, $pass) |
|
|
|
|
|
|
|
or die("wrong user or password\n"); |
|
|
|
|
|
|
|
$self->session({useruid => $user}); |
|
|
|
|
|
|
|
$self->redirect_to('/user/profile'); |
|
|
|
|
|
|
|
} or do { |
|
|
|
|
|
|
|
$self->flash({result => "Auth failed: $@"}); |
|
|
|
|
|
|
|
$self->redirect_to('/user/login'); |
|
|
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
$self->redirect_to('/user/login'); |
|
|
|
$self->rendered; |
|
|
|
|
|
|
|
return; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
sub update { |
|
|
|
sub create { |
|
|
|
my ($self) = @_; |
|
|
|
my ($self) = @_; |
|
|
|
my ($data, $login); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
unless ($login = $self->session('useruid')) { |
|
|
|
|
|
|
|
$self->redirect_to('/user/login'); |
|
|
|
|
|
|
|
return; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
eval { |
|
|
|
eval { |
|
|
|
my ($ldap, $mesg); |
|
|
|
my $error; |
|
|
|
$ldap = Net::LDAP->new($self->app->config->{server}) |
|
|
|
my $user = $self->req->param('username'); |
|
|
|
or die("$@"); |
|
|
|
my $pass = $self->req->param('password'); |
|
|
|
$mesg = $ldap->bind($self->app->config->{binddn}, |
|
|
|
my $mail = $self->req->param('mail'); |
|
|
|
password => $self->app->config->{bindpass}); |
|
|
|
($user and $pass and $email) |
|
|
|
if ($mesg->code) { |
|
|
|
or die("please fill all fields\n"); |
|
|
|
$self->app->log->error($mesg->error); |
|
|
|
($user =~ m|^([a-z0-9_-]){3,64}$|oia) |
|
|
|
die("Can't connect to server\n"); |
|
|
|
or die("wrong username\n"); |
|
|
|
} |
|
|
|
|
|
|
|
my $base = $self->app->config->{userbase}; |
|
|
|
$error = $self->app->ldap->create($user); |
|
|
|
my $attrs = [ @{$self->app->config->{defattrs}} ]; |
|
|
|
die("$error") if $error; |
|
|
|
$mesg = $ldap->search(base => $base, scope => 'one', deref => 'never', |
|
|
|
$error = $self->app->ldap->update($user, {mail => $mail}); |
|
|
|
filter => '(&(uid=$login)(class=InetOrgPerson))', |
|
|
|
die("$error") if $error; |
|
|
|
attrs => $attrs); |
|
|
|
$error = $self->app->ldap->chpass($user, $pass); |
|
|
|
die("User not found\n") |
|
|
|
die("$error") if $error; |
|
|
|
unless ($mesg->count); |
|
|
|
|
|
|
|
my $entry = $mesg->pop_entry(); |
|
|
|
# TODO: confirmation email |
|
|
|
1; |
|
|
|
|
|
|
|
|
|
|
|
$self->redirect_to('/user/profile'); 1; |
|
|
|
} or do { |
|
|
|
} or do { |
|
|
|
|
|
|
|
$self->app->log->error($@); |
|
|
|
|
|
|
|
$self->flash({result => "Can't create user: $@"}); |
|
|
|
|
|
|
|
$self->redirect_to('/user/create'); |
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
$self->stash({user_data => $data}); |
|
|
|
$self->rendered(); |
|
|
|
$self->render(); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
sub create |
|
|
|
sub update { |
|
|
|
{ |
|
|
|
|
|
|
|
my ($self) = @_; |
|
|
|
my ($self) = @_; |
|
|
|
my ($result); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$result = "Created"; |
|
|
|
|
|
|
|
eval { |
|
|
|
eval { |
|
|
|
my ($ldap, $mesg); |
|
|
|
my $user = $self->session('useruid') |
|
|
|
$ldap = Net::LDAP->new($self->app->config->{server}) |
|
|
|
or die("not logged in\n"); |
|
|
|
or die("$@"); |
|
|
|
my $pass = $self->req->param('password') |
|
|
|
$mesg = $ldap->bind($self->app->config->{binddn}, |
|
|
|
or die("need current password\n"); |
|
|
|
password => $self->app->config->{bindpass}); |
|
|
|
$self->app->ldap->auth($user, $pass) |
|
|
|
if ($mesg->code) { |
|
|
|
or die("wrong password\n"); |
|
|
|
$self->app->log->error($mesg->error); |
|
|
|
|
|
|
|
die("Can't connect to server\n"); |
|
|
|
my %attrs = (); |
|
|
|
} |
|
|
|
foreach my $key (qw(displayname mail org mobile)) { |
|
|
|
|
|
|
|
my $value = $self->req->param($key) or next; |
|
|
|
my $base = $self->app->config->{userbase}; |
|
|
|
$attrs{$key} = $value; |
|
|
|
my $login = $self->req->param('login'); |
|
|
|
|
|
|
|
die ("Empty username\n") |
|
|
|
|
|
|
|
unless ($login); |
|
|
|
|
|
|
|
die ("Forbidden characters in username\n") |
|
|
|
|
|
|
|
unless ($login =~ m|^[a-z]{2,36}$|oi); |
|
|
|
|
|
|
|
$mesg = $ldap->search(base => $base, scope => 'one', deref => 'never', |
|
|
|
|
|
|
|
filter => '(&(uid=$login)(class=InetOrgPerson))'); |
|
|
|
|
|
|
|
die("This user already exists\n") |
|
|
|
|
|
|
|
if ($mesg->count); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
my $attrs = {}; |
|
|
|
|
|
|
|
$attrs->{objectclass} = [ "top", @{$self->app->config->{defclasses}} ]; |
|
|
|
|
|
|
|
$attrs->{mail} = $self->req->param('mail'); |
|
|
|
|
|
|
|
$attrs->{displayname} = $self->req->param('displayname') || ''; |
|
|
|
|
|
|
|
if ($attrs->{displayname} =~ m|^(\S+)\s+(?:.*\s+)?(\S+)$|oi) { |
|
|
|
|
|
|
|
$attrs->{cn} = $1; |
|
|
|
|
|
|
|
$attrs->{sn} = $2; |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
$attrs->{cn} = '!not set!'; |
|
|
|
|
|
|
|
$attrs->{sn} = '!not set!'; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$attrs->{uid} = $login; |
|
|
|
|
|
|
|
my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1'); |
|
|
|
|
|
|
|
$csh->add($self->req->param('pass')); |
|
|
|
|
|
|
|
$attrs->{userpassword} = $csh->generate(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$mesg = $ldap->add("uid=$login,$base", attrs => [ %$attrs ]); |
|
|
|
|
|
|
|
if ($mesg->code) { |
|
|
|
|
|
|
|
$self->app->log->error($mesg->error); |
|
|
|
|
|
|
|
die("Can't add user\n"); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
my $error = $self->app->ldap->update($user, %attrs); |
|
|
|
$ldap->unbind(); 1; |
|
|
|
die("$error\n") if $error; 1; |
|
|
|
} or do { |
|
|
|
} or do { |
|
|
|
$self->app->log->error($@); |
|
|
|
$self->flash({result => "Can't save profile: $@"}); |
|
|
|
$result = "Error: $@"; |
|
|
|
$self->redirect_to('/user/login'); |
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
$self->flash({result => $result}); |
|
|
|
|
|
|
|
$self->redirect_to('/user/create'); |
|
|
|
|
|
|
|
$self->rendered(); |
|
|
|
$self->rendered(); |
|
|
|
return 1; |
|
|
|
return; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
1; |
|
|
|
1; |
|
|
|