Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Maxime Besson
lemonldap-ng
Commits
c3f59604
Commit
c3f59604
authored
Mar 07, 2019
by
Yadd
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improvements + API calls
@maudoux
: could you review this?
parent
a9b02986
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
82 additions
and
78 deletions
+82
-78
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
...ap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+79
-73
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
...g-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
+3
-5
No files found.
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
View file @
c3f59604
...
...
@@ -58,17 +58,19 @@ sub check {
$msg
=
PE_TOKENEXPIRED
;
$token
=
$self
->
ott
->
createToken
(
$req
->
userData
);
}
my
$params
=
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
"
PE
$msg
",
ALERTE
=>
'
alert-warning
',
TOKEN
=>
$token
,
};
return
$self
->
p
->
sendJSONresponse
(
$req
,
$params
)
if
(
$req
->
wantJSON
);
return
$self
->
p
->
sendHtml
(
$req
,
'
checkuser
',
params
=>
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
"
PE
$msg
",
ALERTE
=>
'
alert-warning
',
TOKEN
=>
$token
,
}
params
=>
$params
,
)
if
$msg
;
}
...
...
@@ -77,28 +79,27 @@ sub check {
my
$url
=
$req
->
param
('
url
')
||
'';
my
$user
=
$req
->
param
('
user
')
||
'';
if
(
$user
)
{
unless
(
$user
=~
/$self->{conf}->{userControl}/o
)
{
$user
=
'';
$attrs
=
{};
return
$self
->
p
->
sendHtml
(
$req
,
'
checkuser
',
params
=>
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
'
PE
'
.
PE_MALFORMEDUSER
,
ALERTE
=>
'
alert-warning
',
LOGIN
=>
$req
->
{
user
},
TOKEN
=>
(
$self
->
conf
->
{
requireToken
}
?
$self
->
ott
->
createToken
(
$req
->
userData
)
:
''
)
}
);
}
if
(
$user
and
$user
!~
/$self->{conf}->{userControl}/o
)
{
$user
=
'';
$attrs
=
{};
return
$self
->
p
->
sendError
(
$req
,
'
Malformed user
',
400
)
if
(
$req
->
wantJSON
);
return
$self
->
p
->
sendHtml
(
$req
,
'
checkuser
',
params
=>
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
'
PE
'
.
PE_MALFORMEDUSER
,
ALERTE
=>
'
alert-warning
',
LOGIN
=>
$req
->
{
user
},
TOKEN
=>
(
$self
->
conf
->
{
requireToken
}
?
$self
->
ott
->
createToken
(
$req
->
userData
)
:
''
)
}
);
}
if
(
$user
eq
$req
->
{
user
}
or
!
$user
)
{
...
...
@@ -175,37 +176,40 @@ sub check {
if
(
$auth
eq
'
allowed
'
)
{
$alert_auth
=
'
alert-success
'
}
elsif
(
$auth
eq
'
forbidden
'
)
{
$alert_auth
=
'
alert-danger
'
}
# TODO:
my
$params
=
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
$msg
,
ALERTE
=>
(
$msg
eq
'
checkUser
'
?
'
alert-info
'
:
'
alert-warning
'
),
LOGIN
=>
(
$self
->
p
->
checkXSSAttack
(
'
LOGIN
',
$req
->
{
user
}
)
?
""
:
$req
->
{
user
}
),
URL
=>
(
$self
->
p
->
checkXSSAttack
(
'
URL
',
$url
)
?
""
:
$url
),
ALLOWED
=>
$auth
,
ALERTE_AUTH
=>
$alert_auth
,
HEADERS
=>
$array_hdrs
,
ATTRIBUTES
=>
$array_attrs
->
[
2
],
MACROS
=>
$array_attrs
->
[
1
],
GROUPS
=>
$array_attrs
->
[
0
],
TOKEN
=>
(
$self
->
conf
->
{
requireToken
}
?
$self
->
ott
->
createToken
(
$req
->
userData
)
:
''
)
};
return
$self
->
p
->
sendJSONresponse
(
$req
,
$params
)
if
(
$req
->
wantJSON
);
# Display form
return
$self
->
p
->
sendHtml
(
$req
,
'
checkuser
',
params
=>
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
$msg
,
ALERTE
=>
(
$msg
eq
'
checkUser
'
?
'
alert-info
'
:
'
alert-warning
'
),
LOGIN
=>
(
$self
->
p
->
checkXSSAttack
(
'
LOGIN
',
$req
->
{
user
}
)
?
""
:
$req
->
{
user
}
),
URL
=>
(
$self
->
p
->
checkXSSAttack
(
'
URL
',
$url
)
?
""
:
$url
),
ALLOWED
=>
$auth
,
ALERTE_AUTH
=>
$alert_auth
,
HEADERS
=>
$array_hdrs
,
ATTRIBUTES
=>
$array_attrs
->
[
2
],
MACROS
=>
$array_attrs
->
[
1
],
GROUPS
=>
$array_attrs
->
[
0
],
TOKEN
=>
(
$self
->
conf
->
{
requireToken
}
?
$self
->
ott
->
createToken
(
$req
->
userData
)
:
''
)
}
params
=>
$params
,
);
}
...
...
@@ -213,25 +217,27 @@ sub display {
my
(
$self
,
$req
)
=
@_
;
# Display form
my
$params
=
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
'
checkUser
',
ALERTE
=>
'
alert-info
',
LOGIN
=>
(
$self
->
p
->
checkXSSAttack
(
'
LOGIN
',
$req
->
{
user
}
)
?
""
:
$req
->
{
user
}
),
TOKEN
=>
(
$self
->
conf
->
{
requireToken
}
?
$self
->
ott
->
createToken
(
$req
->
userData
)
:
''
)
};
return
$self
->
sendJSONresponse
(
$req
,
$params
)
if
(
$req
->
wantJSON
);
return
$self
->
p
->
sendHtml
(
$req
,
'
checkuser
',
params
=>
{
PORTAL
=>
$self
->
conf
->
{
portal
},
MAIN_LOGO
=>
$self
->
conf
->
{
portalMainLogo
},
LANGS
=>
$self
->
conf
->
{
showLanguages
},
MSG
=>
'
checkUser
',
ALERTE
=>
'
alert-info
',
LOGIN
=>
(
$self
->
p
->
checkXSSAttack
(
'
LOGIN
',
$req
->
{
user
}
)
?
""
:
$req
->
{
user
}
),
TOKEN
=>
(
$self
->
conf
->
{
requireToken
}
?
$self
->
ott
->
createToken
(
$req
->
userData
)
:
''
)
}
params
=>
$params
,
);
}
...
...
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View file @
c3f59604
...
...
@@ -43,13 +43,11 @@ sub init {
sub
run
{
my
(
$self
,
$req
)
=
@_
;
if
(
$req
->
param
('
spoofId
')
)
{
unless
(
$req
->
param
('
spoofId
')
=~
/$self->{conf}->{userControl}/o
)
{
return
PE_MALFORMEDUSER
;
}
}
my
$spoofId
=
$req
->
param
('
spoofId
')
||
'';
if
(
$spoofId
and
$req
->
param
('
spoofId
')
!~
/$self->{conf}->{userControl}/o
)
{
return
PE_MALFORMEDUSER
;
}
# Skip if no submitted SpoofId
return
PE_OK
unless
$spoofId
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment