pb password

alainabbas · alainabbas · commit 0c9b0238ed15 · 2025-01-28T18:13:37.000+01:00
diff --git a/src/bin/changepwd.py b/src/bin/changepwd.py
@@ -15,6 +15,6 @@
 config=u.read_config('../etc/config.conf')
 ad.set_config(config)
 if u.is_backend_concerned(entity):
-  ad.ad_exec_script(entity,'changepassword.template',entity['payload']['uid']+  " '"+ entity['payload']['oldPassword'] + "' '"+ entity['payload']['newPassword'] +"'")
+  ad.ad_exec_script(entity,'changepassword.template',entity['payload']['uid']+  ' "'+ entity['payload']['oldPassword'] + '" "'+ entity['payload']['newPassword'] +'"')
 else:
   u.returcode(0,"not concerned")
diff --git a/src/lib/ad_utils.py b/src/lib/ad_utils.py
@@ -97,7 +97,9 @@ def gen_script_from_template(entity,template):
         'path': dn_superior(compose_dn(entity)),
         'e': u.make_entry_array(entity),
         'config': u.get_config(),
+        'dataStatus' : entity['payload']['dataStatus']
     }
+
     environment = jinja2.Environment(loader=FileSystemLoader("../ps1_templates/"))
     template = environment.get_template(template)
     content=template.render(data)
diff --git a/src/ps1_templates/changepassword.template b/src/ps1_templates/changepassword.template
@@ -4,28 +4,37 @@ param (
     [string]$newp
 )
 
+
 Function Test-ADAuthentication {
     param(
-        $username,
-        $password)
-
-    (New-Object DirectoryServices.DirectoryEntry "",$username,$password).psbase.name -ne $null
+        [string]$username,
+        [string]$password)
+        ((New-Object DirectoryServices.DirectoryEntry -ArgumentList "",$username,$password).psbase.name) -ne $null
 }
-
-$test=Test-ADAuthentication -username $user -password $oldp
-if ($test -eq $false){
-    Write-Host "Invalid password"
-    exit 1
- }
-
-try{
-    Set-ADUser -Identity $user -CannotChangePassword $false
-    Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -reset
-    Set-ADUser -Identity $user -CannotChangePassword $true -PasswordNeverExpires $true
-}catch{
-    Write-Host $_
+{% if dataStatus == -2 %}
+ Set-ADUser -Identity $user -Enabled $True
+{% endif %}
+$userFound=get-aduser -Filter "SamAccountName -eq 'jcerri' -and Enabled -eq '$True' -and PasswordExpired -eq '$False'"
+if ( ! $userFound ){
+    Write-Host 'user not active or not found or password expired'
     exit 1
 }
-Set-ADUser -Identity $user -CannotChangePassword $true
-WriteHost "Password changed"
-Exit 0
+if (Test-ADAuthentication -username "$user" -password "$oldp"){
+    Write-Host "password ok"
+    try{
+        Set-ADUser -Identity $user -CannotChangePassword $false
+        # on lance 2 fois la commande car ne marche pas la premiere fois bug 2019 ?
+        Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -reset
+        Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -reset
+        Set-ADUser -Identity $user -CannotChangePassword $true -PasswordNeverExpires $true
+    }catch{
+        Write-Host $_
+        exit 1
+    }
+    Set-ADUser -Identity $user -CannotChangePassword $true
+    Write-Host "Password changed"
+    Exit 0
+ }else{
+     Write-Host "Authentication Invalid password"
+    exit 1
+ }
diff --git a/src/ps1_templates/resetpassword.template b/src/ps1_templates/resetpassword.template
@@ -5,6 +5,7 @@ param (
 try{
     Set-ADUser -Identity $user -CannotChangePassword $false -Enabled $true
     Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -Reset
+    Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -Reset
     Set-ADUser -Identity $user -CannotChangePassword $true
 }catch{
    Write-Host $_
