[Plugin] LDAP: Fixed password change

This commit is contained in:
Ferdinand Thiessen 2020-10-28 20:30:21 +01:00
parent 005abd6f56
commit 97b6d9d979
1 changed files with 3 additions and 2 deletions

View File

@ -1,6 +1,6 @@
import ssl import ssl
from ldap3.utils.hashed import hashed from ldap3.utils.hashed import hashed
from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_SHA512 from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_SHA512, HASHED_SALTED_MD5
from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
from flask import current_app as app from flask import current_app as app
from flask_ldapconn import LDAPConn from flask_ldapconn import LDAPConn
@ -99,7 +99,8 @@ class AuthLDAP(AuthPlugin):
if hasattr(user, name): if hasattr(user, name):
modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])] modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])]
if new_password: if new_password:
salted_password = hashed(HASHED_SALTED_SHA512, new_password) # TODO: Use secure hash!
salted_password = hashed(HASHED_SALTED_MD5, new_password)
modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])] modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])]
ldap_conn.modify(dn, modifier) ldap_conn.modify(dn, modifier)
except (LDAPPasswordIsMandatoryError, LDAPBindError): except (LDAPPasswordIsMandatoryError, LDAPBindError):