[Jifty-commit] r6111 - in jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication: .

Jifty commits jifty-commit at lists.jifty.org
Mon Dec 15 05:00:48 EST 2008 

Author: yves
Date: Mon Dec 15 05:00:47 2008
New Revision: 6111

Modified:
   jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
   jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm

Log:
small Plugin::Authentication::Ldap improvements
* Ldap.pm: add a safer current_user_can example
* Dispatcher.pm: add LDAPLogout as a safe action
* Dispatcher.pm: add redirect to / on logout


Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm	(original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm	Mon Dec 15 05:00:47 2008
@@ -55,8 +55,15 @@
       my $type = shift;
       my %args = (@_);
       
-      return 1;
-  }
+    return 1 if
+          $self->current_user->is_superuser;
+    
+    # all logged in users can read this table
+    return 1
+        if ($type eq 'read' &&  && $self->current_user->id);
+    
+    return $self->SUPER::current_user_can($type, @_);
+  };
   
   1;
 

Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm	(original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm	Mon Dec 15 05:00:47 2008
@@ -6,6 +6,9 @@
 
 # Put any plugin-specific dispatcher rules here.
 
+# whitelist safe actions to avoid cross-site scripting
+before '*' => run { Jifty->api->allow('LDAPLogout') };
+
 # Log out
 before 'ldaplogout' => run {
     Jifty->web->request->add_action(
@@ -14,6 +17,9 @@
     );
 };
 
+on ldaplogout  => run {
+        redirect '/';
+};
 
 # Login
 on 'ldaplogin' => run {

More information about the Jifty-commit mailing list