,function(err,result){ if(err || ! result){ // maybe currentPassword is not an {SSHA} value? if (user.userpassword.substr(0,6) != '{SSHA}' && user.userpassword == currentPassword ){ // okay to modify password saved in plaintext }else{ return next(new ForbiddenError('Wrong value for current password. Password not changed')); } } ssha.ssha_pass(req.param('userpassword'),function(err,hash){ if (err) return next(err); _resetPassword(req.param('userpassword'),function(err,hash,barePassword){ change.push(new ldap.Change({ operation: 'replace', modification: { userpassword: hash } })); user.userpassword = hash; handleNonPasswordFields(user,change,req,next); return null; }) return null; }) return null; });
function _resetPassword(barePassword,next){ if(_.isFunction(barePassword)){ next = barePassword barePassword = crypto.randomBytes(24).toString('base64') } return ssha.ssha_pass(barePassword,function(err,hash){ return next(err,hash,barePassword) }); }