Commit a3f4990f authored by ale's avatar ale

Set ASPs on the user object directly

parent 8e05961d
Pipeline #1603 passed with stages
in 1 minute and 41 seconds
......@@ -120,11 +120,11 @@ func newUser(entry *ldap.Entry) (*as.RawUser, error) {
uidNumber, _ := strconv.Atoi(entry.GetAttributeValue(uidNumberLDAPAttr)) // nolint
user := &as.RawUser{
User: as.User{
Name: entry.GetAttributeValue("uid"),
Lang: entry.GetAttributeValue(preferredLanguageLDAPAttr),
UID: uidNumber,
Status: entry.GetAttributeValue("status"),
Shard: entry.GetAttributeValue("host"),
Name: entry.GetAttributeValue("uid"),
Lang: entry.GetAttributeValue(preferredLanguageLDAPAttr),
UID: uidNumber,
Status: entry.GetAttributeValue("status"),
Shard: entry.GetAttributeValue("host"),
LastPasswordChangeStamp: decodeShadowTimestamp(entry.GetAttributeValue(passwordLastChangeLDAPAttr)),
AccountRecoveryHint: entry.GetAttributeValue(recoveryHintLDAPAttr),
U2FRegistrations: decodeU2FRegistrations(entry.GetAttributeValues(u2fRegistrationsLDAPAttr)),
......@@ -328,41 +328,21 @@ func excludeASPFromList(asps []*appSpecificPassword, id string) []*appSpecificPa
return out
}
func (tx *backendTX) setASPOnResource(ctx context.Context, r *as.Resource, info *as.AppSpecificPasswordInfo, encryptedPassword string) {
dn, err := tx.backend.resources.GetDN(r.ID)
if err != nil {
return
}
// Obtain the full list of ASPs from the backend and replace/append the new one.
func (tx *backendTX) SetApplicationSpecificPassword(ctx context.Context, user *as.User, info *as.AppSpecificPasswordInfo, encryptedPassword string) error {
dn := tx.getUserDN(user)
asps := decodeAppSpecificPasswords(tx.readAttributeValues(ctx, dn, aspLDAPAttr))
asps = append(excludeASPFromList(asps, info.ID), newAppSpecificPassword(*info, encryptedPassword))
outASPs := encodeAppSpecificPasswords(asps)
tx.setAttr(dn, aspLDAPAttr, outASPs...)
}
func (tx *backendTX) SetApplicationSpecificPassword(ctx context.Context, user *as.User, info *as.AppSpecificPasswordInfo, encryptedPassword string) error {
for _, r := range user.GetResourcesByType(as.ResourceTypeEmail) {
tx.setASPOnResource(ctx, r, info, encryptedPassword)
}
return nil
}
func (tx *backendTX) deleteASPOnResource(ctx context.Context, r *as.Resource, id string) {
dn, err := tx.backend.resources.GetDN(r.ID)
if err != nil {
return
}
func (tx *backendTX) DeleteApplicationSpecificPassword(ctx context.Context, user *as.User, id string) error {
dn := tx.getUserDN(user)
asps := decodeAppSpecificPasswords(tx.readAttributeValues(ctx, dn, aspLDAPAttr))
asps = excludeASPFromList(asps, id)
outASPs := encodeAppSpecificPasswords(asps)
tx.setAttr(dn, aspLDAPAttr, outASPs...)
}
func (tx *backendTX) DeleteApplicationSpecificPassword(ctx context.Context, user *as.User, id string) error {
for _, r := range user.GetResourcesByType(as.ResourceTypeEmail) {
tx.deleteASPOnResource(ctx, r, id)
}
return nil
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment