YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #149 from YunoHost/check-skipped-before-protected

Browse source 
Check skipped_urls before protected_urls
This commit is contained in:
Alexandre Aubin 2019-12-02 20:47:36 +01:00 committed by GitHub
commit d85579de93
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
access.lua
View file

@ -254,7 +254,37 @@ end
-- --
-- 4. Protected URLs -- 4. Skipped URLs
--
-- If the URL matches one of the `skipped_urls` in the configuration file,
-- it means that the URL should not be protected by the SSO and no header
-- has to be sent, even if the user is already authenticated.
--
if conf["skipped_urls"] then
for _, url in ipairs(conf["skipped_urls"]) do
if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
or hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
then
logger.debug("Skipping "..ngx.var.uri)
return hlp.pass()
end
end
end
if conf["skipped_regex"] then
for _, regex in ipairs(conf["skipped_regex"]) do
if (match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
or match(ngx.var.uri..hlp.uri_args_string(), regex))
then
logger.debug("Skipping "..ngx.var.uri)
return hlp.pass()
end
end
end
--
-- 5. Protected URLs
-- --
-- If the URL matches one of the `protected_urls` in the configuration file, -- If the URL matches one of the `protected_urls` in the configuration file,
-- we have to protect it even if the URL is also set in the `unprotected_urls`. -- we have to protect it even if the URL is also set in the `unprotected_urls`.
@ -289,37 +319,6 @@ function is_protected()
return false return false
end end
--
-- 5. Skipped URLs
--
-- If the URL matches one of the `skipped_urls` in the configuration file,
-- it means that the URL should not be protected by the SSO and no header
-- has to be sent, even if the user is already authenticated.
--
if conf["skipped_urls"] then
for _, url in ipairs(conf["skipped_urls"]) do
if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
or hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
and not is_protected() then
logger.debug("Skipping "..ngx.var.uri)
return hlp.pass()
end
end
end
if conf["skipped_regex"] then
for _, regex in ipairs(conf["skipped_regex"]) do
if (match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
or match(ngx.var.uri..hlp.uri_args_string(), regex))
and not is_protected() then
logger.debug("Skipping "..ngx.var.uri)
return hlp.pass()
end
end
end
-- --
-- 6. Specific files (used in YunoHost) -- 6. Specific files (used in YunoHost)
-- --