YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Quick fix for CDA security issue

Browse source
This commit is contained in:
sidddy 2017-05-17 10:44:26 +02:00 committed by opi
parent 98a6879ab4
commit fc52f05459
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
access.lua
View file

@ -41,11 +41,11 @@ if ngx.var.host ~= conf["portal_domain"] and ngx.var.request_method == "GET" the
-- Use the `cache` shared table where a username is associated with -- Use the `cache` shared table where a username is associated with
-- a CDA key -- a CDA key
user = cache:get(cda_key) user = cache:get("CDA|"..cda_key)
if user then if user then
hlp.set_auth_cookie(user, ngx.var.host) hlp.set_auth_cookie(user, ngx.var.host)
ngx.log(ngx.NOTICE, "Cross-domain authentication: "..user.." connected on "..ngx.var.host) ngx.log(ngx.NOTICE, "Cross-domain authentication: "..user.." connected on "..ngx.var.host)
cache:delete(cda_key) cache:delete("CDA|"..cda_key)
end end
uri_args[conf.login_arg] = nil uri_args[conf.login_arg] = nil

2
helpers.lua
View file

@ -108,7 +108,7 @@ end
-- Set the Cross-Domain-Authentication key for a specific user -- Set the Cross-Domain-Authentication key for a specific user
function set_cda_key() function set_cda_key()
local cda_key = random_string() local cda_key = random_string()
cache:set(cda_key, authUser, 10) cache:set("CDA|"..cda_key, authUser, 10)
return cda_key return cda_key
end end