DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-12-26 06:04:08 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Pass the password along directly instead of retrieving it from the Input or Request

Browse source
This commit is contained in:
Brady Wetherington 2022-05-16 10:58:27 -07:00
parent 93e509bd79
commit 6c86a28d18
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Controllers/Auth/LoginController.php
View file

@ -185,7 +185,7 @@ class LoginController extends Controller
Log::debug("Local user ".$request->input('username')." does not exist"); Log::debug("Local user ".$request->input('username')." does not exist");
Log::debug("Creating local user ".$request->input('username')); Log::debug("Creating local user ".$request->input('username'));
if ($user = Ldap::createUserFromLdap($ldap_user)) { //this handles passwords on its own if ($user = Ldap::createUserFromLdap($ldap_user, $request->input('password'))) {
Log::debug("Local user created."); Log::debug("Local user created.");
} else { } else {
Log::debug("Could not create local user."); Log::debug("Could not create local user.");

5
app/Models/Ldap.php
View file

@ -233,7 +233,7 @@ class Ldap extends Model
* @param $ldapatttibutes * @param $ldapatttibutes
* @return array|bool * @return array|bool
*/ */
public static function createUserFromLdap($ldapatttibutes) public static function createUserFromLdap($ldapatttibutes, $password)
{ {
$item = self::parseAndMapLdapAttributes($ldapatttibutes); $item = self::parseAndMapLdapAttributes($ldapatttibutes);
@ -246,7 +246,8 @@ class Ldap extends Model
$user->email = $item['email']; $user->email = $item['email'];
if (Setting::getSettings()->ldap_pw_sync == '1') { if (Setting::getSettings()->ldap_pw_sync == '1') {
$user->password = bcrypt(Input::get('password'));
$user->password = bcrypt($password);
} else { } else {
$pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 25); $pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 25);
$user->password = bcrypt($pass); $user->password = bcrypt($pass);