Passwords: check and create hashes, modify passwords #7
Conversation
|
At this point, the code is 100% untested. |
There was a problem hiding this comment.
Having these new functions seems a good idea. Thanks for the proposal @markus-96
I have some remarks about renaming.
The main missing point is now to add a test for each function.
src/Ltb/Ldap.php
Outdated
| * @param array $userdata the array, containing the new (hashed) password | ||
| * @return type | ||
| */ | ||
| static function change_password($ldap, $dn, $userdata): array { |
There was a problem hiding this comment.
This function is making a generic modification described by $userdata. I see no reason for no reason for calling this function "change_password"... Also this function seems quite simple, not sure it is really helpful.
There was a problem hiding this comment.
Thats true, and I thought much about including it here. The reason for including it was, as above, possible class abstraction.
nbproject/project.properties
Outdated
| src.dir=src | ||
| tags.asp=false | ||
| tags.short=false | ||
| web.root=. |
There was a problem hiding this comment.
Please remove the metadata from your IDE
nbproject/project.xml
Outdated
| @@ -0,0 +1,9 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | |||
There was a problem hiding this comment.
Please remove the metadata from your IDE
src/Ltb/Ldap.php
Outdated
| * Gets the value of the password attribute | ||
| * @param \LDAP\Connection|array $ldap An LDAP\Connection instance, returned by ldap_connect() | ||
| * @param string $dn the dn of the user | ||
| * @param type $pwdattribute the Attriubte that contains the password |
src/Ltb/Ldap.php
Outdated
| * @param type $pwdattribute the Attriubte that contains the password | ||
| * @return string the value of $pwdattribute | ||
| */ | ||
| static function get_hashed_password($ldap, $dn, $pwdattribute): string { |
There was a problem hiding this comment.
we should simply name this function get_password_value
At his step, we have no idea if the password is hashed or not. (it may be in cleartext)
We should clarify, and most importantly manage the returned values in these cases:
- what is returned if the password cannot be read (no permission)?
- what is returned if there is no password value at all?
src/Ltb/Ldap.php
Outdated
| } | ||
| if ($exop_passwd === TRUE) { | ||
| # If password change works update other data | ||
| if (!empty($userdata)) { |
There was a problem hiding this comment.
So this function does not only change the password, it also modify some attributes defined in $userdata?
It think it is preferable to do atomic actions only. If the calling program needs to modify the password + some other attribute, it should call two different functions.
There was a problem hiding this comment.
This comes from the fact that in SSP, you can also set some shadow, samba and ad data, see the appropriate functions set_xxx_data in Password.php. Of course, it can also be set in an additional ldap replace command, but I think one replace task is more appropriate.
src/Ltb/Ldap.php
Outdated
| $error_msg = ""; | ||
| $ctrls = array(); | ||
| $ppolicy_error_code = ""; | ||
| $ppolicy_replace = ldap_mod_replace_ext($ldap, $dn, $userdata, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]); |
There was a problem hiding this comment.
This function does a generic modification, it should not be called change_password...
Maybe modify_attribute_using_ppolicy?
There was a problem hiding this comment.
I thought about having an abstract class AbstractPasswordModify for password modification strategies and a concrete class for every strategy, ie PasswordModifyPPolicy, but this was what I ended up with.
Yes, in this state it should be called modify_attributes_using_ppolicy
| return check_md4_password($password, $hash); | ||
| default: | ||
| return $password == $hash; | ||
| } |
There was a problem hiding this comment.
I think there are some existing tests in ssp for verifying password functions.
Anyway, I think any of the function in ltb-ldap lib should have a unit test. This PR seems to be the opportunity to verify all the tests are done.
There was a problem hiding this comment.
Checking/verifying passwords against a hash is not yet part of SSP, I have written them for my PR with the custom password fields ;)
I wrote tests for the PR, but I did not fully understand how the tests are made here so I did not include them here. See CheckHashAlgorithms: https://github.com/ltb-project/self-service-password/pull/751/files#diff-a1417d309e512c458344b37ea7144ad35645a4310866ff963332078770c5886b (I hope this link is correct)
|
@markus-96 is this PR ready for you? If so, I am going to do a last review, and optionally fix last problems. |
|
I am right now finding out how to add some testing for the added functions in Ldap.php, did not use Mockery yet. But if you want to, I can leave it as is. |
Yes, no problem, I can take that in charge. Thanks for the last modifications you have done! I'll merge the pr when it's done. |
|
Ok, thanks a lot! Added the needed functions in PhpLDAP.php so that they can be mocked. Will then see how to include these functions in SD |
|
Done in PR #12 |
The code in this PR mainly comes from SSP, and is a bit factorized by me.
I will tell you why the functions should be included here:
make_xxx_passwordmake_password()check_xxx_passwordcheck_password()make_passwordcheck_password()make_ad_passwordget_hash_type$hash = "auto"set_samba_dataset_ad_dataset_shadow_dataget_hashed_password$hash = "auto", you first have to get the current hashchange_ad_password_as_userchange_password_using_ppolicy()andchange_password()make they way to here, it should also be includedchange_password_with_exopchange_password_using_ppolicychange_passwordA starting point for following:
This is a proposal, maybe a starting point for a discussion what should and what should not be included here. For example, SD and WP share a big amount of similarity in there smarty templates. Maybe this can also be included here? Where is the limit?