YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

[fix] Skipped url should be really ignored.

Browse source
This commit is contained in:
opi 2016-04-30 12:42:53 +02:00
parent bf24cf5e50
commit 3fa02edaa5
1 changed files with 25 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
access.lua
View file

@ -227,25 +227,30 @@ end
-- it means that the URL should not be protected by the SSO and no header -- it means that the URL should not be protected by the SSO and no header
-- has to be sent, even if the user is already authenticated. -- has to be sent, even if the user is already authenticated.
-- --
function is_skipped()
if conf["skipped_urls"] then if conf["skipped_urls"] then
for _, url in ipairs(conf["skipped_urls"]) do for _, url in ipairs(conf["skipped_urls"]) do
if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url) if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
or hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url)) or hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
and not is_protected() then and not is_protected() then
return hlp.pass() hlp.pass()
return true
end
end end
end end
end
if conf["skipped_regex"] then if conf["skipped_regex"] then
for _, regex in ipairs(conf["skipped_regex"]) do for _, regex in ipairs(conf["skipped_regex"]) do
if (string.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex) if (string.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
or string.match(ngx.var.uri..hlp.uri_args_string(), regex)) or string.match(ngx.var.uri..hlp.uri_args_string(), regex))
and not is_protected() then and not is_protected() then
return hlp.pass() hlp.pass()
return true
end end
end end
end
return false
end end
@ -298,7 +303,7 @@ end
-- `/yunohost/sso/assets/js/ynhpanel.js` file. -- `/yunohost/sso/assets/js/ynhpanel.js` file.
-- --
if hlp.is_logged_in() then if hlp.is_logged_in() and not is_skipped() then
if string.match(ngx.var.uri, "^/ynhpanel.js$") then if string.match(ngx.var.uri, "^/ynhpanel.js$") then
hlp.serve("/yunohost/sso/assets/js/ynhpanel.js") hlp.serve("/yunohost/sso/assets/js/ynhpanel.js")
end end
@ -344,7 +349,6 @@ if auth_header then
end end
end end
-- --
-- 9. Redirect to login -- 9. Redirect to login
-- --
@ -352,6 +356,8 @@ end
-- The default is to protect every URL by default. -- The default is to protect every URL by default.
-- --
hlp.flash("info", hlp.t("please_login")) if not is_skipped() then
local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string() hlp.flash("info", hlp.t("please_login"))
return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url)) local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
end