Merge pull request #5366 from Ylianst/ldap-changepassword-temp-fix

deny sspi and ldap password change
This commit is contained in:
Ylian Saint-Hilaire 2023-09-24 11:47:11 -07:00 committed by GitHub
commit b087ed0f50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1821,6 +1821,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// If this account is settings locked, return here. // If this account is settings locked, return here.
if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return; if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return;
// Do not allow change password if sspi or ldap
if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) return;
// Change our own password // Change our own password
if (common.validateString(command.oldpass, 1, 256) == false) break; if (common.validateString(command.oldpass, 1, 256) == false) break;
if (common.validateString(command.newpass, 1, 256) == false) break; if (common.validateString(command.newpass, 1, 256) == false) break;