diff --git a/src/server/lib/encodePassword.ts b/src/server/lib/encodePassword.ts index ec022ed..44fe157 100644 --- a/src/server/lib/encodePassword.ts +++ b/src/server/lib/encodePassword.ts @@ -1,12 +1,14 @@ -export function encodePassword(password: string): string { - let newPassword = '' +function encodePassword(password: string): string { + let encodedPassword = '' + password = '"' + password + '"' - for (let i = 0; i < password.length; i++) { - newPassword += String.fromCharCode( + for (let i = 0; i < password.length; i++) + encodedPassword += String.fromCharCode( password.charCodeAt(i) & 0xff, (password.charCodeAt(i) >>> 8) & 0xff ) - } - return `"${newPassword}"` + return encodedPassword } + +export { encodePassword } diff --git a/src/server/lib/updatePassword.ts b/src/server/lib/updatePassword.ts index 564819a..d079911 100644 --- a/src/server/lib/updatePassword.ts +++ b/src/server/lib/updatePassword.ts @@ -8,26 +8,30 @@ import { import { encodePassword } from './encodePassword' const ldapClient = new Client({ - url: process.env.LDAP_URL || 'ldap://10.1.0.16' + url: process.env.AD_URL || 'ldaps://10.1.0.16', + tlsOptions: { + requestCert: true + } }) -const bindUser = process.env.AD_BIND_USER || '' -const bindPassword = process.env.AD_BIND_PASSWORD || '' +const adminUser = process.env.AD_BIND_USER || '' +const adminPassword = process.env.AD_BIND_PASSWORD || '' const baseDN = process.env.AD_BASE_DN || '' async function getUserDN(username: string): Promise { try { - await ldapClient.bind(bindUser, bindPassword) + await ldapClient.bind(adminUser, adminPassword) const { searchEntries } = await ldapClient.search(baseDN, { - scope: 'sub', attributes: ['dn'], filter: `(sAMAccountName=${username})` }) + console.log('searchEntries', searchEntries) + return searchEntries[0]?.dn } catch (err) { - console.error(err) + console.error('Error finding user:', err) } finally { await ldapClient.unbind() } @@ -47,31 +51,41 @@ export async function updatePassword({ try { const userDN = await getUserDN(username) + // Check if user can bind with current password await ldapClient.bind(userDN, password) + await ldapClient.unbind() - console.log('binded') + // Bind with admin user to change password + await ldapClient.bind(adminUser, adminPassword) await ldapClient.modify(userDN, [ new Change({ - operation: 'delete', - modification: new Attribute({ - type: 'unicodePwd', - values: [encodePassword(password)] - }) - }), - new Change({ - operation: 'add', + operation: 'replace', modification: new Attribute({ type: 'unicodePwd', values: [encodePassword(newPassword)] }) }) + // new Change({ + // operation: 'delete', + // modification: new Attribute({ + // type: 'unicodePwd', + // values: [encodePassword(password)] + // }) + // }), + + // new Change({ + // operation: 'add', + // modification: new Attribute({ + // type: 'unicodePwd', + // values: [encodePassword(newPassword)] + // }) + // }) ]) return 'SUCCESS' } catch (err: any) { console.log(err) - if (err instanceof InvalidCredentialsError) { throw new Error('Usuário ou senha atual incorreta.') } @@ -80,10 +94,12 @@ export async function updatePassword({ throw new Error( 'A senha atual está correta, mas o servidor recusou a alteração. Verifique se a nova senha atende aos requisitos de complexidade.' ) - } else throw err + } else { + console.log('Error updating password') + } + throw err } finally { await ldapClient.unbind() console.log('unbinded') } - return 'FAIL' } diff --git a/src/server/trpc.ts b/src/server/trpc.ts index d258681..d294dfa 100644 --- a/src/server/trpc.ts +++ b/src/server/trpc.ts @@ -29,6 +29,8 @@ export const appRouter = router({ password, newPassword }) + + return 'SUCCESS' } catch (err: any) { throw new TRPCError({ code: 'BAD_REQUEST',