From 32d04dbac9cf4ba58ea9e66f938d1899710bc28e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Mon, 7 Jan 2019 10:12:08 +0100
Subject: [PATCH 1/3] Fix SSOwat crash after password change

---
 helpers.lua | 1 +
 1 file changed, 1 insertion(+)

diff --git a/helpers.lua b/helpers.lua
index afda962..ed5ed74 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -938,6 +938,7 @@ function logout()
         delete_cookie()
         cache:delete("session_"..authUser)
         cache:delete(authUser.."-"..conf["ldap_identifier"]) -- Ugly trick to reload cache
+        cache:delete(authUser.."-password")
         flash("info", t("logged_out"))
     end
 

From 437f3c238aca6fd625f77ab5ed5e31bb28ede581 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Thu, 17 Jan 2019 22:54:25 +0100
Subject: [PATCH 2/3] Fix when the user stay connected

---
 helpers.lua | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/helpers.lua b/helpers.lua
index ed5ed74..b20d62f 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -355,6 +355,15 @@ function set_headers(user)
             conf["ldap_identifier"].."=".. user ..","..conf["ldap_group"],
             cache:get(user.."-password")
         )
+        -- If the ldap connection fail (because the password was changed).
+        -- Logout the user and invalid the password
+        if not ldap then
+            ngx.log(ngx.NOTICE, "LDAP connection failled. Disconnect user : ".. user)
+            cache:delete(authUser.."-password")
+            flash("info", t("please_login"))
+            local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. uri_args_string()
+            return redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
+        end
         ngx.log(ngx.NOTICE, "Reloading LDAP values for: "..user)
         for dn, attribs in ldap:search {
             base = conf["ldap_identifier"].."=".. user ..","..conf["ldap_group"],

From a52ed73a117180c5c2c5b5ef2030e875c8ad5f3e Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 17 Jan 2019 23:21:30 +0100
Subject: [PATCH 3/3] Typo

---
 helpers.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helpers.lua b/helpers.lua
index b20d62f..c53e783 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -358,7 +358,7 @@ function set_headers(user)
         -- If the ldap connection fail (because the password was changed).
         -- Logout the user and invalid the password
         if not ldap then
-            ngx.log(ngx.NOTICE, "LDAP connection failled. Disconnect user : ".. user)
+            ngx.log(ngx.NOTICE, "LDAP connection failed. Disconnect user : ".. user)
             cache:delete(authUser.."-password")
             flash("info", t("please_login"))
             local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. uri_args_string()