YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

check permission after unprotected

Browse source
This commit is contained in:
Kay0u 2020-01-29 18:24:51 +07:00
parent f74619020d
commit 9628d51d2d
No known key found for this signature in database
GPG key ID: 7FF262C033518333
1 changed files with 22 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
access.lua
View file

@ -334,7 +334,9 @@ function serveThemeFile(filename)
serveAsset("/ynhtheme/"..filename, "themes/"..conf.theme.."/"..filename) serveAsset("/ynhtheme/"..filename, "themes/"..conf.theme.."/"..filename)
end end
if hlp.is_logged_in() then function serveYnhpanel()
logger.debug("Serving ynhpanel")
-- serve ynhpanel files -- serve ynhpanel files
serveAsset("/ynh_portal.js", "js/ynh_portal.js") serveAsset("/ynh_portal.js", "js/ynh_portal.js")
serveAsset("/ynh_overlay.css", "css/ynh_overlay.css") serveAsset("/ynh_overlay.css", "css/ynh_overlay.css")
@ -343,20 +345,8 @@ if hlp.is_logged_in() then
-- but I didn't succeed to figure out where is the current location of the script -- but I didn't succeed to figure out where is the current location of the script
-- if you call it from "portal/assets/themes/" the ls fails -- if you call it from "portal/assets/themes/" the ls fails
scandir("/usr/share/ssowat/portal/assets/themes/"..conf.theme, serveThemeFile) scandir("/usr/share/ssowat/portal/assets/themes/"..conf.theme, serveThemeFile)
-- If user has no access to this URL, redirect him to the portal
if not hlp.has_access() then
return hlp.redirect(conf.portal_url)
end
-- If the user is authenticated and has access to the URL, set the headers
-- and let it be
hlp.set_headers()
return hlp.pass()
end end
-- --
-- 7. Unprotected URLs -- 7. Unprotected URLs
-- --
@ -375,6 +365,8 @@ if conf["unprotected_urls"] then
or hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url)) or hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
and not is_protected() then and not is_protected() then
if hlp.is_logged_in() then if hlp.is_logged_in() then
serveYnhpanel()
hlp.set_headers() hlp.set_headers()
end end
logger.debug(ngx.var.uri.." is in unprotected_urls") logger.debug(ngx.var.uri.." is in unprotected_urls")
@ -389,6 +381,8 @@ if conf["unprotected_regex"] then
or hlp.match(ngx.var.uri..hlp.uri_args_string(), regex)) or hlp.match(ngx.var.uri..hlp.uri_args_string(), regex))
and not is_protected() then and not is_protected() then
if hlp.is_logged_in() then if hlp.is_logged_in() then
serveYnhpanel()
hlp.set_headers() hlp.set_headers()
end end
logger.debug(ngx.var.uri.." is in unprotected_regex") logger.debug(ngx.var.uri.." is in unprotected_regex")
@ -398,6 +392,20 @@ if conf["unprotected_regex"] then
end end
if hlp.is_logged_in() then
serveYnhpanel()
-- If user has no access to this URL, redirect him to the portal
if not hlp.has_access() then
return hlp.redirect(conf.portal_url)
end
-- If the user is authenticated and has access to the URL, set the headers
-- and let it be
hlp.set_headers()
return hlp.pass()
end
-- --
-- 8. Basic HTTP Authentication -- 8. Basic HTTP Authentication
@ -452,6 +460,6 @@ end
-- when trying to access http://main.domain.tld/ (SSOwat finds that user aint -- when trying to access http://main.domain.tld/ (SSOwat finds that user aint
-- logged in, therefore redirects to SSO, which redirects to the back_url, which -- logged in, therefore redirects to SSO, which redirects to the back_url, which
-- redirect to SSO, ..) -- redirect to SSO, ..)
logger.debug("No rule found for this url. By default, redirecting to portal") logger.debug("No rule found for "..ngx.var.uri..". By default, redirecting to portal")
local back_url = "https://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string() local back_url = "https://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url)) return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))