Project

General

Profile

« Previous | Next » 

Revision 8185

Added by Jing Tao about 11 years ago

Add the new feature for the email verification.

View differences:

src/perl/ldapweb.cgi
270 270
              'initchangepass'    => \&handleInitialChangePassword,
271 271
              'resetpass'         => \&handleResetPassword,
272 272
              'initresetpass'     => \&handleInitialResetPassword,
273
              'emailverification' => \&handleEmailVerification,
273 274
             );
274 275

  
275 276
# call the appropriate routine based on the stage
......
870 871
sub createTemporaryAccount {
871 872
    my $allParams = shift;
872 873
    my $org = $query->param('o'); 
873
    #my $org = 'unaffiliated';
874 874
    my $ou = $query->param('ou');
875
    #my $ou = 'LTER';
875

  
876 876
    
877 877
    ################## Search LDAP for matching o or ou that already exist
878
    my $tmpSearchBase = 'dc=tmp,' . $authBase; 
878
    my $orgAuthBase; 
879 879
    my $filter;   
880 880
    if($org) {
881 881
        $filter = "(o" 
882 882
                  . "=" . $org .
883 883
                 ")";
884
        $orgAuthBase = $ldapConfig->{$org}{'base'};
884 885
    } else {
885 886
        $filter = "(ou" 
886 887
                  . "=" . $ou .
887 888
                 ")";
889
        $orgAuthBase = $ldapConfig->{$ou}{'base'};
888 890
    }
891
    my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; 
889 892
    debug("search filer " . $filter);
890 893
    debug("ldap server ". $ldapurl);
891 894
    debug("sesarch base " . $tmpSearchBase);
......
976 979
                $$additions[$#$additions + 1] = $query->param('title');
977 980
    }
978 981
    my $dn;
982
    my $orgStr;
979 983
    if($org) {
980 984
        $$additions[$#$additions + 1] = 'o';
981 985
        $$additions[$#$additions + 1] = $org;
982 986
        $dn='uid=' . $query->param('uid') . ',' . 'o=' . $org . ',' . $tmpSearchBase;
987
        $orgStr='o=' . $org;
983 988
    } else {
984 989
        $$additions[$#$additions + 1] = 'ou';
985 990
        $$additions[$#$additions + 1] = $ou;
986 991
        $dn='uid=' . $query->param('uid') . ',' . 'ou=' . $ou . ',' . $tmpSearchBase;
992
        $orgStr='ou=' . $ou;
987 993
    }
988 994
    my $tmp = 1;
989 995
    createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams);
990 996
    
991 997
    
992 998
    ####################send the verification email to the user
993
    my $link = $contextUrl. '/cgi-bin/ldapweb.cgi?cfg=' . $skinName . '&' . 'stage=' . $emailVerification . '&' . 'dn=' . $dn . '&' . 'hash=' . $randomStr;
999
    my $link = $contextUrl. '/cgi-bin/ldapweb.cgi?cfg=' . $skinName . '&' . 'stage=' . $emailVerification . '&' . 'dn=' . $dn . '&' . 'hash=' . $randomStr . '&' . $orgStr . '&uid=' . $query->param('uid');
994 1000
    
995 1001
    my $mailhost = $properties->getProperty('email.mailhost');
996 1002
    my $sender =  $properties->getProperty('email.sender');
......
1050 1056
    if ($ldap) {
1051 1057
            $ldap->start_tls( verify => 'none');
1052 1058
            debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
1053
            $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword );
1054
            debug(" 1 here is the additions " . $additions); 
1055
            debug(" 2 here is the additions " . @$additions);
1056
            debug(" 3 here is the additions " . [@$additions]);  
1059
            $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); 
1057 1060
            my $result = $ldap->add ( 'dn' => $dn, 'attr' => [@$additions ]);
1058 1061
            if ($result->code()) {
1059 1062
                fullTemplate(@failureTemplate, { stage => "register",
......
1163 1166
    }
1164 1167
}
1165 1168

  
1169
#
1170
# This subroutine will handle a email verification:
1171
# If the hash string matches the one store in the ldap, the account will be
1172
# copied from the temporary space to the permanent tree and the account in 
1173
# the temporary space will be removed.
1174
sub handleEmailVerification {
1175

  
1176
    my $cfg = $query->param('cfg');
1177
    my $dn = $query->param('dn');
1178
    my $hash = $query->param('hash');
1179
    my $org = $query->param('o');
1180
    my $ou = $query->param('ou');
1181
    my $uid = $query->param('uid');
1182
    
1183
    my $orgAttributeName;
1184
    my $ldapUsername;
1185
    my $ldapPassword;
1186
    my $ldaporg;
1187
    my $orgAuthBase;
1188
    if($org) {
1189
        $ldapUsername = $ldapConfig->{$org}{'user'};
1190
        $ldapPassword = $ldapConfig->{$org}{'password'};
1191
        $orgAttributeName = 'o';
1192
        $ldaporg = $org;
1193
        $orgAuthBase = $ldapConfig->{$org}{'base'};
1194
    } else {
1195
        $ldapUsername = $ldapConfig->{$ou}{'user'};
1196
        $ldapPassword = $ldapConfig->{$ou}{'password'};
1197
        $orgAttributeName = 'ou';
1198
        $ldaporg = $ou;
1199
        $orgAuthBase = $ldapConfig->{$org}{'base'};
1200
    }
1201
    debug("LDAP connection to $ldapurl...");    
1202
    
1203

  
1204
   print "Content-type: text/html\n\n";
1205
   #if main ldap server is down, a html file containing warning message will be returned
1206
   my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1207
   if ($ldap) {
1208
        $ldap->start_tls( verify => 'none');
1209
        $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword );
1210
        my $mesg = $ldap->search(base => $dn, scope => 'base', filter => '(objectClass=*)');
1211
        my $max = $mesg->count;
1212
        debug("the count is " . $max);
1213
        if($max < 1) {
1214
            $ldap->unbind;   # take down session
1215
            fullTemplate( ['registerFailed'], {errorMessage => "No record was founded to matche the dn " . $dn . " for the verification."});
1216
            #handleLDAPBindFailure($ldapurl);
1217
            exit(0);
1218
        } else {
1219
            #check if the hash string match
1220
            my $entry = $mesg->entry (0);
1221
            my $hashStrFromLdap = $entry->get_value('employeeNumber');
1222
            if( $hashStrFromLdap eq $hash) {
1223
                #my $additions = [ ];
1224
                #foreach my $attr ( $entry->attributes ) {
1225
                    #if($attr ne 'employeeNumber') {
1226
                        #$$additions[$#$additions + 1] = $attr;
1227
                        #$$additions[$#$additions + 1] = $entry->get_value( $attr );
1228
                    #}
1229
                #}
1230
                #my $tmp=0;
1231
                #my $allParams="";
1232
                $mesg = $ldap->moddn(
1233
                            dn => $dn,
1234
                            deleteoldrdn => 1,
1235
                            newrdn => "uid=" . $uid,
1236
                            newsuperior  => $orgAttributeName . "=" . $ldaporg . "," . $orgAuthBase);
1237
                $ldap->unbind;   # take down session
1238
                if(mesg->code()) {
1239
                    fullTemplate( ['registerFailed'], {errorMessage => "Cannot move the account from the inactive area to the ative area since " . $mesg->error()});
1240
                    exit(0);
1241
                } else {
1242
                    fullTemplate( ['success'] );
1243
                }
1244
                #createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams);
1245
            } else {
1246
                $ldap->unbind;   # take down session
1247
                fullTemplate( ['registerFailed'], {errorMessage => "The hash string " . $hash . " from your link doesn't match our record."});
1248
                exit(0);
1249
            }
1250
            
1251
        }
1252
    } else {   
1253
        handleLDAPBindFailure($ldapurl);
1254
        exit(0);
1255
    }
1256

  
1257
}
1258

  
1166 1259
sub handleResponseMessage {
1167 1260

  
1168 1261
  print "Content-type: text/html\n\n";

Also available in: Unified diff