diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2014-05-23 15:54:18 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2014-06-26 12:37:38 +0200 |
| commit | 896920ed12a4601a60ac6a7e6f4f13d9ca48df77 (patch) | |
| tree | 27a633de6a5a985838ded7583afa1a084107b121 /ipaserver | |
| parent | 7fca783ec554e525465221af13e17f419769c760 (diff) | |
| download | freeipa-896920ed12a4601a60ac6a7e6f4f13d9ca48df77.tar.gz freeipa-896920ed12a4601a60ac6a7e6f4f13d9ca48df77.tar.xz freeipa-896920ed12a4601a60ac6a7e6f4f13d9ca48df77.zip | |
rpcserver: add otp support to change_password handler
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/rpcserver.py | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index ff1b7fe65..30b974639 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -1043,7 +1043,7 @@ class change_password(Backend, HTTP_Status): return self.bad_request(environ, start_response, "cannot parse query data") data = {} - for field in ('user', 'old_password', 'new_password'): + for field in ('user', 'old_password', 'new_password', 'otp'): value = query_dict.get(field, None) if value is not None: if len(value) == 1: @@ -1051,7 +1051,7 @@ class change_password(Backend, HTTP_Status): else: return self.bad_request(environ, start_response, "more than one %s parameter" % field) - else: + elif field != 'otp': # otp is optional return self.bad_request(environ, start_response, "no %s specified" % field) # start building the response @@ -1066,9 +1066,12 @@ class change_password(Backend, HTTP_Status): self.api.env.container_user, self.api.env.basedn) try: + pw = data['old_password'] + if data.get('otp'): + pw = data['old_password'] + data['otp'] conn = ldap2(shared_instance=False, ldap_uri=self.api.env.ldap_uri) - conn.connect(bind_dn=bind_dn, bind_pw=data['old_password']) + conn.connect(bind_dn=bind_dn, bind_pw=pw) except (NotFound, ACIError): result = 'invalid-password' message = 'The old password or username is not correct.' @@ -1078,7 +1081,7 @@ class change_password(Backend, HTTP_Status): data['user'], str(e)) else: try: - conn.modify_password(bind_dn, data['new_password'], data['old_password']) + conn.modify_password(bind_dn, data['new_password'], data['old_password'], skip_bind=True) except ExecutionError, e: result = 'policy-error' policy_error = escape(str(e)) |