diff --git a/src/main.rs b/src/main.rs index 16674f7..fd93c7f 100644 --- a/src/main.rs +++ b/src/main.rs @@ -58,6 +58,7 @@ fn reset_prepare(config: &Ldap0rConfig, keys: &Keys, email_address: &str) -> Res ldap.unbind()?; let (rs, _res) = result.success()?; + // check for less or more than 1 result if rs.len() != 1 { bail!("Invalid password reset request for '{}'", email_address); } @@ -101,76 +102,78 @@ fn set_password( key: &str, passwords: &PasswordsForm, ) -> Result> { - if passwords.password == passwords.password_control { - if passwords.password.len() >= 8 { - // key lookup - let keys = Arc::clone(&keys.keys); - if let Ok(mut keys) = keys.lock() { - let email = keys - .get(key) - .ok_or_else(|| anyhow!("Could not extract email"))? - .to_string(); - - // ldap lookup - let mut ldap = LdapConn::new(&config.ldap.server)?; - let result = ldap.search( - &config.ldap.base, - Scope::Subtree, - &format!("(&{}(mail={}))", &config.ldap.filter, &email), - vec!["cn"], - )?; - let (mut rs, _res) = result.success()?; - - // ldap set new password - let user = SearchEntry::construct( - rs.pop() - .ok_or_else(|| anyhow!("Could extract not receive LDAP result"))?, - ) - .attrs - .get("cn") - .ok_or_else(|| anyhow!("Could not extract 'cn' from LDAP entry"))?[0] - .to_string(); - let mut password = HashSet::new(); - password.insert(passwords.password.as_str()); - ldap.simple_bind(&config.ldap.bind, &config.ldap.password)? - .success()?; - ldap.with_controls(RelaxRules.critical()) - .modify( - &format!("cn={},{}", &user, &config.ldap.base), - vec![Mod::Replace("userPassword", password)], - )? - .success()?; - - ldap.unbind()?; - keys.remove(key); - - info!( - "New password set for user '{}' with email address '{}'", - &user, &email - ); - return Ok(Flash::success( - Redirect::to(uri!(reset)), - "New password was saved", - )); - } else { - error!("Could not aquire lock for keys"); - }; - } else { - return Ok(Flash::error( - Redirect::to(uri!(reset_key: key)), - "Password length has to be at least 8", - )); - } - } else { + if passwords.password != passwords.password_control { return Ok(Flash::error( Redirect::to(uri!(reset_key: key)), "Password does not match the password verification field", )); } - Ok(Flash::error( - Redirect::to(uri!(reset_key: key)), - "Setting new password failed", + if passwords.password.len() < 8 { + return Ok(Flash::error( + Redirect::to(uri!(reset_key: key)), + "Password length has to be at least 8", + )); + } + + // key lookup + let keys = Arc::clone(&keys.keys); + let mut keys = match keys.lock() { + Ok(keys) => keys, + Err(e) => { + error!("Could not aquire lock for keys: {}", e); + return Ok(Flash::error( + Redirect::to(uri!(reset_key: key)), + "Setting new password failed", + )); + } + }; + let email = keys + .get(key) + .ok_or_else(|| anyhow!("Could not extract email"))? + .to_string(); + + // ldap lookup + let mut ldap = LdapConn::new(&config.ldap.server)?; + let result = ldap.search( + &config.ldap.base, + Scope::Subtree, + &format!("(&{}(mail={}))", &config.ldap.filter, &email), + vec!["cn"], + )?; + let (mut rs, _res) = result.success()?; + + // ldap set new password + let user = SearchEntry::construct( + rs.pop() + .ok_or_else(|| anyhow!("Could extract not receive LDAP result"))?, + ) + .attrs + .get("cn") + .ok_or_else(|| anyhow!("Could not extract 'cn' from LDAP entry"))?[0] + .to_string(); + let mut password = HashSet::new(); + password.insert(passwords.password.as_str()); + ldap.simple_bind(&config.ldap.bind, &config.ldap.password)? + .success()?; + ldap.with_controls(RelaxRules.critical()) + .modify( + &format!("cn={},{}", &user, &config.ldap.base), + vec![Mod::Replace("userPassword", password)], + )? + .success()?; + + ldap.unbind()?; + keys.remove(key); + + info!( + "New password set for user '{}' with email address '{}'", + &user, &email + ); + + Ok(Flash::success( + Redirect::to(uri!(reset)), + "New password was saved", )) } @@ -241,6 +244,7 @@ fn reset_key(keys: State, key: String, flash: Option) -> Opt } else { error!("Could not aquire lock for keys"); } + None } @@ -252,16 +256,13 @@ fn reset_password( key: String, passwords: Form, ) -> Flash { - match set_password(&config, &keys, &key, &passwords) { - Ok(flash) => flash, - Err(e) => { - error!("{} from {}", e, remote_address); - Flash::error( - Redirect::to(uri!(reset_key: key)), - "Setting new password failed", - ) - } - } + set_password(&config, &keys, &key, &passwords).unwrap_or_else(|e| { + error!("{} from {}", e, remote_address); + Flash::error( + Redirect::to(uri!(reset_key: key)), + "Setting new password failed", + ) + }) } fn main() {