Merge pull request #688 from Worteks/fix-password-check-ldap

Fix password check ldap
ltb-project · Aug 18, 2022 · da3bc75 · da3bc75
2 parents 79a9d8b + a59c952
commit da3bc75
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 14 deletions.
diff --git a/lib/functions.inc.php b/lib/functions.inc.php
@@ -314,17 +314,21 @@ function check_password_strength( $password, $oldpassword, $pwd_policy_config, $
     # Contains values from forbidden ldap fields?
     if ( !empty($pwd_forbidden_ldap_fields) ) {
         foreach ( $pwd_forbidden_ldap_fields as $field ) {
-            $values = $entry_array[$field];
-            if (!is_array($values)) {
-                $values = array($values);
-            }
-            foreach ($values as $key => $value) {
-                if ($key === 'count') {
-                    continue;
+            # if entry does not hold requested attribute, continue
+            if ( array_key_exists($field,$entry_array) )
+            {
+                $values = $entry_array[$field];
+                if (!is_array($values)) {
+                    $values = array($values);
                 }
-                if (stripos($password, $value) !== false) {
-                    $result = "forbiddenldapfields";
-                    break 2;
+                foreach ($values as $key => $value) {
+                    if ($key === 'count') {
+                        continue;
+                    }
+                    if (stripos($password, $value) !== false) {
+                        $result = "forbiddenldapfields";
+                        break 2;
+                    }
                 }
             }
         }

diff --git a/rest/v1/checkpassword.php b/rest/v1/checkpassword.php
@@ -9,6 +9,7 @@
 $oldpassword = "";
 $newpassword = "";
 $login = "";
+$ret = "";
 
 if (isset($_POST["login"]) and $_POST["login"]) {
     $login = $_POST["login"];
@@ -18,13 +19,14 @@
 }
 if (isset($_POST["newpassword"]) and $_POST["newpassword"]) {
     $newpassword = $_POST["newpassword"];
-    $ret = check_password_strength($newpassword, $oldpassword, $pwd_policy_config, $login, $entry);
+    $entry_array=array();
+    $ret = check_password_strength($newpassword, $oldpassword, $pwd_policy_config, $login, $entry_array);
     $result['error'] = 0;
-    $result['result'] = $ret;
-    $result['message'] = $messages[$ret];
 } else {
     $result['error'] = 1;
-    $result['message'] = "newpassword required";
+    $ret = "newpassword required";
 }
+$result['result'] = $ret;
+$result['message'] = array_key_exists($ret,$messages) ? $messages[$ret] : $ret;
 
 echo json_encode($result, JSON_UNESCAPED_UNICODE);