check credential, corrections

Author: alainabbas

src/bin/resetpwd.py

@@ -16,6 +16,6 @@
 ad.set_config(config)
 ad.__DEBUG__=1
 if u.is_backend_concerned(entity):
-  ad.ad_exec_script(entity,'resetpassword.template',entity['payload']['uid']+ " '"+ entity['payload']['newPassword']) +"'"
+  ad.ad_exec_script(entity,'resetpassword.template',"-user " + entity['payload']['uid']+ " -newp " + entity['payload']['newPassword'])
 else:
   u.returcode(0,"not concerned")

src/ps1_templates/changepassword.template

@@ -3,10 +3,25 @@ param (
     [string]$oldp,
     [string]$newp
 )
+
+Function Test-ADAuthentication {
+    param(
+        $username,
+        $password)
+
+    (New-Object DirectoryServices.DirectoryEntry "",$username,$password).psbase.name -ne $null
+}
+
+$test=Test-ADAuthentication -username $user -password $oldp
+if ($test -eq $false){
+    Write-Host "Invalid password"
+    exit 1
+ }
+
 try{
     Set-ADUser -Identity $user -CannotChangePassword $false
-    Set-ADAccountPassword -Identity $user -OldPassword (ConvertTo-SecureString -AsPlainText $oldp -Force) -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force)
-    Set-ADUser -Identity $user -CannotChangePassword $true
+    Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -reset
+    Set-ADUser -Identity $user -CannotChangePassword $true -PasswordNeverExpires $true
 }catch{
     Write-Host $_
     exit 1