fix(web): allow to change expired password from login page

Alinto · May 6, 2021 · bdd8e35 · bdd8e35
1 parent 8a10ae1
commit bdd8e35
Showing 1 changed file with 23 additions and 10 deletions.
diff --git a/SoObjects/SOGo/LDAPSource.m b/SoObjects/SOGo/LDAPSource.m
@@ -718,10 +718,15 @@ - (BOOL) changePasswordForLogin: (NSString *) login
                   }
                 else if (_passwordPolicy)
                   {
-                    didChange = [bindConnection changePasswordAtDn: userDN
-                                                       oldPassword: oldPassword
-                                                       newPassword: newPassword
-                                                              perr: (void *)perr];
+                    if ([bindConnection bindWithMethod: @"simple"
+                                                binddn: _sourceBindDN
+                                           credentials: _sourceBindPassword])
+                      {
+                        didChange = [bindConnection changePasswordAtDn: userDN
+                                                           oldPassword: oldPassword
+                                                           newPassword: newPassword
+                                                                  perr: (void *)perr];
+                      }
                   }
                 else
                   {
@@ -740,12 +745,20 @@ - (BOOL) changePasswordForLogin: (NSString *) login
 
                     if (encryptedPass != nil)
                       {
-                        *perr = PolicyNoError;
-                        didChange = [self _ldapModifyAttribute: @"userPassword"
-                                                     withValue: encryptedPass
-                                                        userDN: userDN
-                                                      password: oldPassword
-                                                    connection: bindConnection];
+                        if ([bindConnection bindWithMethod: @"simple"
+                                                    binddn: userDN
+                                               credentials: oldPassword])
+                          {
+                            didChange = [self _ldapModifyAttribute: @"userPassword"
+                                                         withValue: encryptedPass
+                                                            userDN: userDN
+                                                          password: oldPassword
+                                                        connection: bindConnection];
+                            if (didChange)
+                              {
+                                *perr = PolicyNoError;
+                              }
+                          }
                       }
                   }