fixed Active Directory issue after password change #112

twocanoes · Dec 1, 2023 · 14e2a7c · 14e2a7c
1 parent e47832e
commit 14e2a7c
Show file tree

Hide file tree

Showing 9 changed files with 82 additions and 38 deletions.
diff --git a/NomadLogin/UI/SignIn.xib b/NomadLogin/UI/SignIn.xib
@@ -40,7 +40,7 @@
         <customObject id="-3" userLabel="Application" customClass="NSObject"/>
         <window allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" releasedWhenClosed="NO" animationBehavior="default" titlebarAppearsTransparent="YES" id="F0z-JX-Cv5" customClass="NoLoWindow" customModule="XCredsLoginPlugin" customModuleProvider="target">
             <rect key="contentRect" x="276" y="219" width="521" height="511"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="3440" height="1415"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1496" height="910"/>
             <view key="contentView" wantsLayer="YES" id="se5-gp-TjO">
                 <rect key="frame" x="0.0" y="0.0" width="521" height="511"/>
                 <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
@@ -216,7 +216,7 @@ DQ
         <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" hasShadow="NO" releasedWhenClosed="NO" frameAutosaveName="" animationBehavior="default" titlebarAppearsTransparent="YES" id="fMw-MO-1g7">
             <windowPositionMask key="initialPositionMask" topStrut="YES" bottomStrut="YES"/>
             <rect key="contentRect" x="457" y="200" width="1000" height="16"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="3440" height="1415"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1496" height="910"/>
             <view key="contentView" id="Mnu-l1-Giw">
                 <rect key="frame" x="0.0" y="0.0" width="1000" height="16"/>
                 <autoresizingMask key="autoresizingMask"/>

diff --git a/NomadLogin/UI/SignInWindowController.swift b/NomadLogin/UI/SignInWindowController.swift
@@ -93,6 +93,7 @@ class SignInWindowController: NSWindowController, DSQueryable {
     //MARK: - UI Methods
 
 
+
     override func awakeFromNib() {
         TCSLogWithMark()
 
@@ -243,13 +244,16 @@ class SignInWindowController: NSWindowController, DSQueryable {
     }
 
 
-    fileprivate func loginAppearance() {
+    func loginAppearance() {
         TCSLogWithMark()
         os_log("Setting window level", log: uiLog, type: .debug)
 
         self.window?.level = .normal
         self.window?.orderFrontRegardless()
 
+        localOnlyCheckBox.isEnabled=true
+        signIn.isEnabled=true
+        signIn.isHidden = false
 
         // make things look better
 
@@ -381,6 +385,7 @@ class SignInWindowController: NSWindowController, DSQueryable {
 //                break
 //            }
 //        }
+
         TCSLogWithMark()
 //        loginWindowTextWindow.level = .screenSaver
 //        loginWindowTextWindow.backgroundColor = .clear
@@ -627,6 +632,13 @@ class SignInWindowController: NSWindowController, DSQueryable {
     ///
     /// - Parameter authResult:`Authorizationresult` enum value that indicates if login should proceed.
     fileprivate func completeLogin(authResult: AuthorizationResult) {
+        if let delegate = delegate {
+
+        }
+        else {
+            TCSLogWithMark("delegate not defined")
+
+        }
         switch authResult {
         case .allow:
             TCSLogWithMark("Complete login process with allow")
@@ -635,7 +647,7 @@ class SignInWindowController: NSWindowController, DSQueryable {
 
         case .deny:
             TCSLogWithMark("Complete login process with deny")
-            delegate?.denyLogin(message:"Login Denied")
+            delegate?.denyLogin(message:nil)
 
 //            window?.close()
 
@@ -678,28 +690,56 @@ class SignInWindowController: NSWindowController, DSQueryable {
     fileprivate func showPasswordSync() {
         // hide other possible boxes
         TCSLogWithMark()
-        self.migrateBox.isHidden = true
-        self.loginStack.isHidden = true
-        self.signIn.isHidden = true
-        self.signIn.isEnabled = true
-        self.MigrateNo.isHidden = true
-        self.migrateUsers.isHidden = true
-        self.usernameLabel.isHidden = true
-
-        // show migration box
-        self.migrateOverwrite.isHidden = false
-        let overwriteRed: [NSAttributedString.Key : Any] = [.foregroundColor: NSColor.red]
-        self.migrateOverwrite.attributedTitle = NSMutableAttributedString(string: self.migrateOverwrite.title, attributes: overwriteRed)
-        self.migrateBox.isHidden = false
-        self.migrateSpinner.isHidden = false
-
-        if self.didUpdateFail == true {
-            self.migrateText.stringValue = "Invalid password. Try again."
-        } else {
-            self.migrateText.stringValue = getManagedPreference(key: .MessagePasswordSync) as? String ?? "Active Directory password does not match local password. Please enter your previous local password to update it."
+
+        let passwordWindowController = LoginPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController"))
+
+        passwordWindowController.window?.canBecomeVisibleWithoutLogin=true
+        passwordWindowController.window?.isMovable = false
+        passwordWindowController.window?.canBecomeVisibleWithoutLogin = true
+        passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
+        var isDone = false
+        while (!isDone){
+            DispatchQueue.main.async{
+                TCSLogWithMark("resetting level")
+                passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
+            }
+
+            let response = NSApp.runModal(for: passwordWindowController.window!)
+            passwordWindowController.window?.close()
+
+            if response == .cancel {
+                isDone=true
+                TCSLogWithMark("User cancelled resetting keychain or entering password. Denying login")
+                completeLogin(authResult: .deny)
+
+                return
+            }
+
+            let localPassword = passwordWindowController.password
+            guard let localPassword = localPassword else {
+                continue
+            }
+            do {
+                os_log("Password doesn't match existing local. Try to change local pass to match.", log: uiLog, type: .default)
+                let localUser = try getLocalRecord(shortName)
+                try localUser.changePassword(localPassword, toPassword: passString)
+                os_log("Password sync worked, allowing login", log: uiLog, type: .default)
+
+                isDone=true
+                delegate?.setHint(type: .migratePass, hint: localPassword)
+                completeLogin(authResult: .allow)
+                return
+            } catch {
+                os_log("Unable to sync local password to Network password. Reload and try again", log: uiLog, type: .error)
+                return
+            }
+
+
         }
+
     }
 
+
     fileprivate func showMigration() {
 
         //RunLoop.main.perform {
@@ -920,12 +960,12 @@ extension SignInWindowController: NoMADUserSessionDelegate {
 //            }
         default:
             TCSLogErrorWithMark("NoMAD Login Authentication failed with: \(description)")
-            if PasswordUtils.verifyUser(name: shortName, auth: passString)  {
-                setRequiredHintsAndContext()
-                completeLogin(authResult: .allow)
-            } else {
+//            if PasswordUtils.verifyUser(name: shortName, auth: passString)  {
+//                setRequiredHintsAndContext()
+//                completeLogin(authResult: .allow)
+//            } else {
                 authFail()
-            }
+//            }
             return
         }
     }

diff --git a/Profile Manifest/com.twocanoes.xcreds.plist b/Profile Manifest/com.twocanoes.xcreds.plist
@@ -5,7 +5,7 @@
 	<key>pfm_app_url</key>
 	<string>https://github.com/twocanoes/xcreds</string>
 	<key>pfm_description</key>
-	<string>XCreds 3.3 (5310) OAuth Settings</string>
+	<string>XCreds 3.3 (5311) OAuth Settings</string>
 	<key>pfm_documentation_url</key>
 	<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 	<key>pfm_domain</key>

diff --git a/XCreds/LoginPasswordWindowController.xib b/XCreds/LoginPasswordWindowController.xib
@@ -19,7 +19,7 @@
             <windowStyleMask key="styleMask" titled="YES"/>
             <windowPositionMask key="initialPositionMask" leftStrut="YES" rightStrut="YES" topStrut="YES" bottomStrut="YES"/>
             <rect key="contentRect" x="537" y="504" width="497" height="206"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="3440" height="1415"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1496" height="910"/>
             <view key="contentView" id="keP-aO-VT7">
                 <rect key="frame" x="0.0" y="0.0" width="497" height="206"/>
                 <autoresizingMask key="autoresizingMask"/>

diff --git a/XCreds/TCSUnifiedLogger.m b/XCreds/TCSUnifiedLogger.m
@@ -64,6 +64,7 @@ + (TCSUnifiedLogger *)sharedLogger
 
         //not root
         } else {
+            system("/usr/bin/touch /tmp/xcd");
             NSString *homePath = [[NSFileManager defaultManager] realHomeFolder];
             logFolderURL = [NSURL fileURLWithPath:[NSString stringWithFormat:@"%@/Library/Logs", homePath]];
             if (![fm fileExistsAtPath:logFolderURL.path]) {

diff --git a/XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift b/XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift
@@ -297,11 +297,14 @@ import Network
             if let signInWindowController = signInWindowController {
                 signInWindowController.delegate=self
                 if signInWindowController.username != nil {
+                    signInWindowController.username.isEnabled=true
                     signInWindowController.username.stringValue=""
                 }
                 if signInWindowController.password != nil {
+                    signInWindowController.password.isEnabled=true
                     signInWindowController.password.stringValue=""
                 }
+                signInWindowController.loginAppearance()
                 signInWindowController.window?.orderFrontRegardless()
                 signInWindowController.window?.makeKeyAndOrderFront(self)
             }

diff --git a/xCreds.xcodeproj/project.pbxproj b/xCreds.xcodeproj/project.pbxproj
@@ -1253,7 +1253,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5310;
+				CURRENT_PROJECT_VERSION = 5327;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1291,7 +1291,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5310;
+				CURRENT_PROJECT_VERSION = 5327;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1411,7 +1411,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5310;
+				CURRENT_PROJECT_VERSION = 5327;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1448,7 +1448,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5310;
+				CURRENT_PROJECT_VERSION = 5327;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1598,7 +1598,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5310;
+				CURRENT_PROJECT_VERSION = 5327;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1639,7 +1639,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5310;
+				CURRENT_PROJECT_VERSION = 5327;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (

diff --git a/...deproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/UserInterfaceState.xcuserstate b/...deproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/UserInterfaceState.xcuserstate
diff --git a/xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcschemes/xcschememanagement.plist b/xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcschemes/xcschememanagement.plist
@@ -32,7 +32,7 @@
 		<key>auth_mech_fixup.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>8</integer>
+			<integer>7</integer>
 		</dict>
 		<key>authrights.xcscheme_^#shared#^_</key>
 		<dict>
@@ -42,7 +42,7 @@
 		<key>test.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>7</integer>
+			<integer>8</integer>
 		</dict>
 	</dict>
 	<key>SuppressBuildableAutocreation</key>