entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity

ldap: use current password if we already know it (#30577) 

No need to look it in the session.
This commit is contained in:
Benjamin Dauvergne 2019-02-12 23:48:37 +01:00
parent 75025ab544
commit 93a0935e49
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/authentic2/backends/ldap_backend.py
View File

@ -174,16 +174,17 @@ class LDAPUser(get_user_model()):
except ldap.LDAPError, e:
log.error('LDAPUser.check_password() failed: %s', e)
return False
self.old_password = raw_password
self._current_password = raw_password
return True
def set_password(self, new_password):
# Allow change password to work in all cases, as the form does a check_password() first
# if the verify pass, we have the old password stored in self.old_password
old_password = getattr(self, 'old_password', None) or self.get_password_in_session()
if old_password != new_password:
# if the verify pass, we have the old password stored in self._current_password
_current_password = getattr(self, '_current_password', None) or self.get_password_in_session()
if _current_password != new_password:
conn = self.get_connection()
self.ldap_backend.modify_password(conn, self.block, self.dn, old_password, new_password)
self.ldap_backend.modify_password(conn, self.block, self.dn, _current_password, new_password)
self._current_password = new_password
self.keep_password_in_session(new_password)
if self.block['keep_password']:
super(LDAPUser, self).set_password(new_password)
@ -194,7 +195,7 @@ class LDAPUser(get_user_model()):
return True
def get_connection(self):
ldap_password = self.get_password_in_session()
ldap_password = getattr(self, '_current_password', None) or self.get_password_in_session()
credentials = ()
if ldap_password:
credentials = (self.dn, ldap_password)