From 97b6d9d979b304174d06db9506037a12fa3cebfc Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Wed, 28 Oct 2020 20:30:21 +0100 Subject: [PATCH] [Plugin] LDAP: Fixed password change --- flaschengeist/modules/auth_ldap/__init__.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/flaschengeist/modules/auth_ldap/__init__.py b/flaschengeist/modules/auth_ldap/__init__.py index 17fbe84..ddc0fb1 100644 --- a/flaschengeist/modules/auth_ldap/__init__.py +++ b/flaschengeist/modules/auth_ldap/__init__.py @@ -1,6 +1,6 @@ import ssl from ldap3.utils.hashed import hashed -from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_SHA512 +from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_SHA512, HASHED_SALTED_MD5 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError from flask import current_app as app from flask_ldapconn import LDAPConn @@ -99,7 +99,8 @@ class AuthLDAP(AuthPlugin): if hasattr(user, name): modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])] if new_password: - salted_password = hashed(HASHED_SALTED_SHA512, new_password) + # TODO: Use secure hash! + salted_password = hashed(HASHED_SALTED_MD5, new_password) modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])] ldap_conn.modify(dn, modifier) except (LDAPPasswordIsMandatoryError, LDAPBindError):