From: Ben Rosser Date: Fri, 1 Jan 2016 20:43:07 +0000 (-0500) Subject: Add password changing checks X-Git-Tag: travis-deploy-test~282 X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=fdf6853d42bbd3279d5bc85df9006145382b0ea6;ds=sidebyside Add password changing checks Don't allow passwords to be changed if it's forbidden by the auth provider. --- diff --git a/src/core/authenticator.h b/src/core/authenticator.h index e0d4370d..30f469e1 100644 --- a/src/core/authenticator.h +++ b/src/core/authenticator.h @@ -61,6 +61,9 @@ public slots: //! Returns a list of properties required to use the authenticator backend virtual QStringList setupKeys() const = 0; + //! Checks if the authenticator allows manual password changes from inside quassel. + virtual bool canChangePassword() const = 0; + //! Returns a map where the keys are are properties to use the authenticator backend /* the values are QVariants with default values */ virtual QVariantMap setupDefaults() const = 0; diff --git a/src/core/core.cpp b/src/core/core.cpp index 04dd3bb2..a9e1b8f5 100644 --- a/src/core/core.cpp +++ b/src/core/core.cpp @@ -933,6 +933,12 @@ bool Core::changeUserPass(const QString &username) return false; } + if (!canChangeUserPassword(userId)) + { + out << "User " << username << " is configured through an auth provider that has forbidden manual password changing." << endl; + return false; + } + out << "Change password for user: " << username << endl; disableStdInEcho(); @@ -971,9 +977,29 @@ bool Core::changeUserPassword(UserId userId, const QString &password) if (!isConfigured() || !userId.isValid()) return false; + if (!canChangeUserPassword(userId)) + return false; + return instance()->_storage->updateUser(userId, password); } +// XXX: this code isn't currently 100% optimal because the core +// doesn't know it can have multiple auth providers configured (there aren't +// multiple auth providers at the moment anyway) and we have hardcoded the +// Database provider to be always allowed. +bool Core::canChangeUserPassword(UserId userId) +{ + QString authProvider = instance()->_storage->getUserAuthenticator(userId); + if (authProvider != "Database") + { + if (authProvider != instance()->_authenticator->displayName()) { + return false; + } else if (instance()->_authenticator->canChangePassword()) { + return false; + } + } + return true; +} AbstractSqlMigrationReader *Core::getMigrationReader(Storage *storage) { diff --git a/src/core/core.h b/src/core/core.h index 835e7879..7811b119 100644 --- a/src/core/core.h +++ b/src/core/core.h @@ -114,6 +114,13 @@ public: */ static bool changeUserPassword(UserId userId, const QString &password); + //! Check if we can change a user password. + /** + * \param userID The user's ID + * \return true, if we can change their password, false otherwise + */ + static bool canChangeUserPassword(UserId userId); + //! Store a user setting persistently /** * \param userId The users Id diff --git a/src/core/ldapauthenticator.h b/src/core/ldapauthenticator.h index cf146940..a0c8720d 100644 --- a/src/core/ldapauthenticator.h +++ b/src/core/ldapauthenticator.h @@ -55,6 +55,8 @@ public slots: virtual QStringList setupKeys() const; virtual QVariantMap setupDefaults() const; + virtual inline bool canChangePassword() const { return false; } + bool setup(const QVariantMap &settings = QVariantMap()); State init(const QVariantMap &settings = QVariantMap()); UserId validateUser(const QString &user, const QString &password); diff --git a/src/core/sqlauthenticator.h b/src/core/sqlauthenticator.h index 51d051e1..378a9d4b 100644 --- a/src/core/sqlauthenticator.h +++ b/src/core/sqlauthenticator.h @@ -39,6 +39,8 @@ public slots: virtual inline QStringList setupKeys() const { return QStringList(); } virtual inline QVariantMap setupDefaults() const { return QVariantMap(); } + virtual inline bool canChangePassword() const { return true; } + bool setup(const QVariantMap &settings = QVariantMap()); State init(const QVariantMap &settings = QVariantMap()); UserId validateUser(const QString &user, const QString &password);