[Jifty-commit] r6111 - in jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication: .
Jifty commits
jifty-commit at lists.jifty.org
Mon Dec 15 05:00:48 EST 2008
Author: yves
Date: Mon Dec 15 05:00:47 2008
New Revision: 6111
Modified:
jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm
Log:
small Plugin::Authentication::Ldap improvements
* Ldap.pm: add a safer current_user_can example
* Dispatcher.pm: add LDAPLogout as a safe action
* Dispatcher.pm: add redirect to / on logout
Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm (original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm Mon Dec 15 05:00:47 2008
@@ -55,8 +55,15 @@
my $type = shift;
my %args = (@_);
- return 1;
- }
+ return 1 if
+ $self->current_user->is_superuser;
+
+ # all logged in users can read this table
+ return 1
+ if ($type eq 'read' && && $self->current_user->id);
+
+ return $self->SUPER::current_user_can($type, @_);
+ };
1;
Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm (original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm Mon Dec 15 05:00:47 2008
@@ -6,6 +6,9 @@
# Put any plugin-specific dispatcher rules here.
+# whitelist safe actions to avoid cross-site scripting
+before '*' => run { Jifty->api->allow('LDAPLogout') };
+
# Log out
before 'ldaplogout' => run {
Jifty->web->request->add_action(
@@ -14,6 +17,9 @@
);
};
+on ldaplogout => run {
+ redirect '/';
+};
# Login
on 'ldaplogin' => run {
More information about the Jifty-commit
mailing list