Merge pull request #138 from Zentyal/jgarcia/fix-multidomain-web
Avoid reading emails from other domains (info@foo vs info@bar)
This commit is contained in:
commit
13f2ac9cbb
|
@ -427,7 +427,8 @@
|
||||||
{
|
{
|
||||||
currentUser = [users objectAtIndex: i];
|
currentUser = [users objectAtIndex: i];
|
||||||
field = [currentUser objectForKey: @"c_uid"];
|
field = [currentUser objectForKey: @"c_uid"];
|
||||||
if (enableDomainBasedUID)
|
if (enableDomainBasedUID &&
|
||||||
|
[field rangeOfString: @"@"].location == NSNotFound)
|
||||||
field = [NSString stringWithFormat: @"%@@%@", field, domain];
|
field = [NSString stringWithFormat: @"%@@%@", field, domain];
|
||||||
if (![field isEqualToString: login])
|
if (![field isEqualToString: login])
|
||||||
{
|
{
|
||||||
|
|
|
@ -362,6 +362,7 @@ static Class NSNullK;
|
||||||
NSDictionary *contactInfos;
|
NSDictionary *contactInfos;
|
||||||
NSString *login;
|
NSString *login;
|
||||||
SOGoDomainDefaults *dd;
|
SOGoDomainDefaults *dd;
|
||||||
|
SOGoSystemDefaults *sd;
|
||||||
|
|
||||||
contactInfos = [self contactInfosForUserWithUIDorEmail: uid
|
contactInfos = [self contactInfosForUserWithUIDorEmail: uid
|
||||||
inDomain: domain];
|
inDomain: domain];
|
||||||
|
@ -373,7 +374,19 @@ static Class NSNullK;
|
||||||
else
|
else
|
||||||
dd = [SOGoSystemDefaults sharedSystemDefaults];
|
dd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||||
|
|
||||||
login = [dd forceExternalLoginWithEmail] ? [self getEmailForUID: uid] : uid;
|
if ([dd forceExternalLoginWithEmail])
|
||||||
|
{
|
||||||
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||||
|
if ([sd enableDomainBasedUID])
|
||||||
|
// On multidomain environment we must use uid@domain
|
||||||
|
// for getEmailForUID method
|
||||||
|
login = [NSString stringWithFormat: @"%@@%@", uid, domain];
|
||||||
|
else
|
||||||
|
login = uid;
|
||||||
|
login = [self getEmailForUID: login];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
login = uid;
|
||||||
}
|
}
|
||||||
|
|
||||||
return login;
|
return login;
|
||||||
|
@ -485,27 +498,22 @@ static Class NSNullK;
|
||||||
grace: (int *) _grace
|
grace: (int *) _grace
|
||||||
useCache: (BOOL) useCache
|
useCache: (BOOL) useCache
|
||||||
{
|
{
|
||||||
NSMutableDictionary *currentUser, *failedCount;
|
NSMutableDictionary *currentUser;
|
||||||
|
NSDictionary *failedCount;
|
||||||
NSString *dictPassword, *username, *jsonUser;
|
NSString *dictPassword, *username, *jsonUser;
|
||||||
SOGoSystemDefaults *dd;
|
SOGoSystemDefaults *dd;
|
||||||
BOOL checkOK;
|
BOOL checkOK;
|
||||||
|
|
||||||
// We check for cached passwords. If the entry is cached, we
|
if (*_domain && [_login rangeOfString: @"@"].location == NSNotFound)
|
||||||
// check this immediately. If not, we'll go directly at the
|
|
||||||
// authentication source and try to validate there, then cache it.
|
|
||||||
if (*_domain != nil)
|
|
||||||
username = [NSString stringWithFormat: @"%@@%@", _login, *_domain];
|
username = [NSString stringWithFormat: @"%@@%@", _login, *_domain];
|
||||||
else
|
else
|
||||||
username = _login;
|
username = _login;
|
||||||
|
|
||||||
failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
|
|
||||||
dd = [SOGoSystemDefaults sharedSystemDefaults];
|
|
||||||
|
|
||||||
//
|
|
||||||
// We check the fail count per user in memcache (per server). If the
|
// We check the fail count per user in memcache (per server). If the
|
||||||
// fail count reaches X in Y minutes, we deny immediately the
|
// fail count reaches X in Y minutes, we deny immediately the
|
||||||
// authentications for Z minutes
|
// authentications for Z minutes
|
||||||
//
|
failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
|
||||||
|
dd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||||
if (failedCount)
|
if (failedCount)
|
||||||
{
|
{
|
||||||
unsigned int current_time, start_time, delta, block_time;
|
unsigned int current_time, start_time, delta, block_time;
|
||||||
|
@ -531,7 +539,9 @@ static Class NSNullK;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We check for cached passwords. If the entry is cached, we
|
||||||
|
// check this immediately. If not, we'll go directly at the
|
||||||
|
// authentication source and try to validate there, then cache it.
|
||||||
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username];
|
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username];
|
||||||
currentUser = [jsonUser objectFromJSONString];
|
currentUser = [jsonUser objectFromJSONString];
|
||||||
dictPassword = [currentUser objectForKey: @"password"];
|
dictPassword = [currentUser objectForKey: @"password"];
|
||||||
|
@ -632,7 +642,8 @@ static Class NSNullK;
|
||||||
// internal cache.
|
// internal cache.
|
||||||
[currentUser setObject: [newPassword asSHA1String] forKey: @"password"];
|
[currentUser setObject: [newPassword asSHA1String] forKey: @"password"];
|
||||||
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||||
if ([sd enableDomainBasedUID])
|
if ([sd enableDomainBasedUID] &&
|
||||||
|
[login rangeOfString: @"@"].location == NSNotFound)
|
||||||
userLogin = [NSString stringWithFormat: @"%@@%@", login, domain];
|
userLogin = [NSString stringWithFormat: @"%@@%@", login, domain];
|
||||||
else
|
else
|
||||||
userLogin = login;
|
userLogin = login;
|
||||||
|
@ -785,24 +796,20 @@ static Class NSNullK;
|
||||||
withLogin: (NSString *) login
|
withLogin: (NSString *) login
|
||||||
{
|
{
|
||||||
NSEnumerator *emails;
|
NSEnumerator *emails;
|
||||||
NSString *key;
|
NSString *key, *user_json;
|
||||||
|
|
||||||
[[SOGoCache sharedCache]
|
user_json = [newUser jsonRepresentation];
|
||||||
setUserAttributes: [newUser jsonRepresentation]
|
[[SOGoCache sharedCache] setUserAttributes: user_json
|
||||||
forLogin: login];
|
forLogin: login];
|
||||||
if (![newUser isKindOfClass: NSNullK])
|
if (![newUser isKindOfClass: NSNullK])
|
||||||
{
|
{
|
||||||
key = [newUser objectForKey: @"c_uid"];
|
|
||||||
if (key && ![key isEqualToString: login])
|
|
||||||
[[SOGoCache sharedCache]
|
|
||||||
setUserAttributes: [newUser jsonRepresentation]
|
|
||||||
forLogin: key];
|
|
||||||
|
|
||||||
emails = [[newUser objectForKey: @"emails"] objectEnumerator];
|
emails = [[newUser objectForKey: @"emails"] objectEnumerator];
|
||||||
while ((key = [emails nextObject]))
|
while ((key = [emails nextObject]))
|
||||||
[[SOGoCache sharedCache]
|
{
|
||||||
setUserAttributes: [newUser jsonRepresentation]
|
if (![key isEqualToString: login])
|
||||||
forLogin: key];
|
[[SOGoCache sharedCache] setUserAttributes: user_json
|
||||||
|
forLogin: key];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -228,7 +228,8 @@
|
||||||
if ([domain isNotNull])
|
if ([domain isNotNull])
|
||||||
{
|
{
|
||||||
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||||
if ([sd enableDomainBasedUID])
|
if ([sd enableDomainBasedUID] &&
|
||||||
|
[username rangeOfString: @"@"].location == NSNotFound)
|
||||||
username = [NSString stringWithFormat: @"%@@%@", username, domain];
|
username = [NSString stringWithFormat: @"%@@%@", username, domain];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -587,7 +588,8 @@
|
||||||
if ([domain isNotNull])
|
if ([domain isNotNull])
|
||||||
{
|
{
|
||||||
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||||
if ([sd enableDomainBasedUID])
|
if ([sd enableDomainBasedUID] &&
|
||||||
|
[username rangeOfString: @"@"].location == NSNotFound)
|
||||||
username = [NSString stringWithFormat: @"%@@%@", username, domain];
|
username = [NSString stringWithFormat: @"%@@%@", username, domain];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue