Don't allow passwords to be changed if it's forbidden by the auth
provider.
//! Returns a list of properties required to use the authenticator backend
virtual QStringList setupKeys() const = 0;
//! Returns a list of properties required to use the authenticator backend
virtual QStringList setupKeys() const = 0;
+ //! Checks if the authenticator allows manual password changes from inside quassel.
+ virtual bool canChangePassword() const = 0;
+
//! Returns a map where the keys are are properties to use the authenticator backend
/* the values are QVariants with default values */
virtual QVariantMap setupDefaults() const = 0;
//! Returns a map where the keys are are properties to use the authenticator backend
/* the values are QVariants with default values */
virtual QVariantMap setupDefaults() const = 0;
+ if (!canChangeUserPassword(userId))
+ {
+ out << "User " << username << " is configured through an auth provider that has forbidden manual password changing." << endl;
+ return false;
+ }
+
out << "Change password for user: " << username << endl;
disableStdInEcho();
out << "Change password for user: " << username << endl;
disableStdInEcho();
if (!isConfigured() || !userId.isValid())
return false;
if (!isConfigured() || !userId.isValid())
return false;
+ if (!canChangeUserPassword(userId))
+ return false;
+
return instance()->_storage->updateUser(userId, password);
}
return instance()->_storage->updateUser(userId, password);
}
+// XXX: this code isn't currently 100% optimal because the core
+// doesn't know it can have multiple auth providers configured (there aren't
+// multiple auth providers at the moment anyway) and we have hardcoded the
+// Database provider to be always allowed.
+bool Core::canChangeUserPassword(UserId userId)
+{
+ QString authProvider = instance()->_storage->getUserAuthenticator(userId);
+ if (authProvider != "Database")
+ {
+ if (authProvider != instance()->_authenticator->displayName()) {
+ return false;
+ } else if (instance()->_authenticator->canChangePassword()) {
+ return false;
+ }
+ }
+ return true;
+}
AbstractSqlMigrationReader *Core::getMigrationReader(Storage *storage)
{
AbstractSqlMigrationReader *Core::getMigrationReader(Storage *storage)
{
*/
static bool changeUserPassword(UserId userId, const QString &password);
*/
static bool changeUserPassword(UserId userId, const QString &password);
+ //! Check if we can change a user password.
+ /**
+ * \param userID The user's ID
+ * \return true, if we can change their password, false otherwise
+ */
+ static bool canChangeUserPassword(UserId userId);
+
//! Store a user setting persistently
/**
* \param userId The users Id
//! Store a user setting persistently
/**
* \param userId The users Id
virtual QStringList setupKeys() const;
virtual QVariantMap setupDefaults() const;
virtual QStringList setupKeys() const;
virtual QVariantMap setupDefaults() const;
+ virtual inline bool canChangePassword() const { return false; }
+
bool setup(const QVariantMap &settings = QVariantMap());
State init(const QVariantMap &settings = QVariantMap());
UserId validateUser(const QString &user, const QString &password);
bool setup(const QVariantMap &settings = QVariantMap());
State init(const QVariantMap &settings = QVariantMap());
UserId validateUser(const QString &user, const QString &password);
virtual inline QStringList setupKeys() const { return QStringList(); }
virtual inline QVariantMap setupDefaults() const { return QVariantMap(); }
virtual inline QStringList setupKeys() const { return QStringList(); }
virtual inline QVariantMap setupDefaults() const { return QVariantMap(); }
+ virtual inline bool canChangePassword() const { return true; }
+
bool setup(const QVariantMap &settings = QVariantMap());
State init(const QVariantMap &settings = QVariantMap());
UserId validateUser(const QString &user, const QString &password);
bool setup(const QVariantMap &settings = QVariantMap());
State init(const QVariantMap &settings = QVariantMap());
UserId validateUser(const QString &user, const QString &password);
projects / quassel.git / commitdiff