YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

portalapi: don't leak the full list of users nor private apps

Browse source
This commit is contained in:
Alexandre Aubin 2024-01-22 21:30:46 +01:00
parent 16d7f77f91
commit 045869283c
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/portal.py
View file

@ -115,7 +115,16 @@ def portal_public():
"""Get public settings """Get public settings
If the portal is set as public, it will include the list of public apps If the portal is set as public, it will include the list of public apps
""" """
return _get_portal_settings()
portal_settings = _get_portal_settings()
del portal_settings["portal_user_intro"]
# Prevent leaking the list of users
for infos in portal_settings["apps"].values():
del infos["users"]
return portal_settings
def portal_me(): def portal_me():
@ -131,6 +140,10 @@ def portal_me():
# Get user allowed apps # Get user allowed apps
apps = _get_portal_settings(domain, username)["apps"] apps = _get_portal_settings(domain, username)["apps"]
# Prevent leaking the list of users
for infos in apps.values():
del infos["users"]
result_dict = { result_dict = {
"username": username, "username": username,
"fullname": user["cn"][0], "fullname": user["cn"][0],