Support password changes for LDAP auth backend - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: 67cc38b5ac0cb009a38de3b182f34bbcb97467da
parent 23f78c75738aac49a79de2834490048cde817669
Author: Mark Felder <feld@feld.me>
Date:   Fri, 11 Oct 2024 15:39:38 -0400

Support password changes for LDAP auth backend

Diffstat:
M lib/pleroma/ldap.ex 30 ++++++++++++++++++++++++++----
M lib/pleroma/web/auth/ldap_authenticator.ex 9 +++++++++

2 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/lib/pleroma/ldap.ex b/lib/pleroma/ldap.ex
@@ -83,6 +83,12 @@ defmodule Pleroma.LDAP do
     end
   end
 
+  def handle_call({:change_password, name, password, new_password}, _from, state) do
+    result = change_password(state[:handle], name, password, new_password)
+
+    {:reply, result, state, :hibernate}
+  end
+
   @impl true
   def terminate(_, state) do
     handle = Keyword.get(state, :handle)
@@ -162,17 +168,16 @@ defmodule Pleroma.LDAP do
   end
 
   defp bind_user(handle, name, password) do
-    uid = Config.get([:ldap, :uid], "cn")
-    base = Config.get([:ldap, :base])
+    dn = make_dn(name)
 
-    case :eldap.simple_bind(handle, "#{uid}=#{name},#{base}", password) do
+    case :eldap.simple_bind(handle, dn, password) do
       :ok ->
         case fetch_user(name) do
           %User{} = user ->
             user
 
           _ ->
-            register_user(handle, base, uid, name)
+            register_user(handle, ldap_base(), ldap_uid(), name)
         end
 
       # eldap does not inform us of socket closure
@@ -231,6 +236,14 @@ defmodule Pleroma.LDAP do
     end
   end
 
+  defp change_password(handle, name, password, new_password) do
+    dn = make_dn(name)
+
+    with :ok <- :eldap.simple_bind(handle, dn, password) do
+      :eldap.modify_password(handle, dn, to_charlist(new_password), to_charlist(password))
+    end
+  end
+
   defp decode_certfile(file) do
     with {:ok, data} <- File.read(file) do
       data
@@ -242,4 +255,13 @@ defmodule Pleroma.LDAP do
         []
     end
   end
+
+  defp ldap_uid, do: to_charlist(Config.get([:ldap, :uid], "cn"))
+  defp ldap_base, do: to_charlist(Config.get([:ldap, :base]))
+
+  defp make_dn(name) do
+    uid = ldap_uid()
+    base = ldap_base()
+    ~c"#{uid}=#{name},#{base}"
+  end
 end
diff --git a/lib/pleroma/web/auth/ldap_authenticator.ex b/lib/pleroma/web/auth/ldap_authenticator.ex
@@ -30,4 +30,13 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
         error
     end
   end
+
+  def change_password(user, password, new_password, new_password) do
+    case GenServer.call(LDAP, {:change_password, user.nickname, password, new_password}) do
+      :ok -> {:ok, user}
+      e -> e
+    end
+  end
+
+  def change_password(_, _, _, _), do: {:error, :password_confirmation}
 end

M	lib/pleroma/ldap.ex	30	++++++++++++++++++++++++++----
M	lib/pleroma/web/auth/ldap_authenticator.ex	9	+++++++++