Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:self-service-password:latest:config_posthook [2018/07/09 11:38]
documentation:self-service-password:latest:config_posthook [2018/07/09 11:38] (current)
Line 1: Line 1:
 +====== Post Hook configuration ======
 +
 +You can write a script that will be called it the password was changed. This allow for example to update a file or a database on password change.
 +
 +This script must be executable by the user running Apache. It will take 3 arguments:
 +  * ''​$login''​ : the user login
 +  * ''​$newpassword''​ : the new password
 +  * ''​$oldpassword''​ : the old password
 +
 +<note tip>The old password is only provided on standard password change, not on password reset</​note>​
 +
 +To declare this script, use:
 +<file php>
 +$posthook = "/​usr/​share/​self-service-password/​posthook.sh";​
 +</​file>​
 +
 +You can choose to display an error if the script return code is greater than 0:
 +<file php>
 +$display_posthook_error = true;
 +</​file>​
 +
 +The displayed message will be the first line of the script output.
 +
 +Here is an example of a simple posthook script:
 +<file bash>
 +#!/bin/bash
 +
 +LOGIN=$1
 +NEWPASSWORD=$2
 +OLDPASSWORD=$3
 +
 +echo `date` >> /​tmp/​posthook.log
 +echo "​$LOGIN / $NEWPASSWORD / $OLDPASSWORD"​ >> /​tmp/​posthook.log
 +
 +... there is an error ...
 +echo "​Posthook script has failed"​
 +exit 1
 +... there is no error ...
 +exit 0
 +</​file>​
 +
 +<note warning>​This script is an example, do use not it in production: passwords should never be put in logs. Write your own script to propagate the password in a safe place</​note> ​
 +
 +<note warning>​If you are using systemd, it is possible that the PrivateTmp feature is enabled by default for Apache (in your httpd.service or apache2.service).
 +
 +When enabled, all logs written from posthook.sh to /tmp will be redirected to /​tmp/​systemd-private-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-apache2.service-XXXXXX/​tmp or similar.</​note>​