LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

(fix) avoid using for now the XSRF code for proxy-auth (fixes #3668)

pull/207/head
Ludovic Marcotte 2016-05-11 08:55:05 -04:00
parent d802a7d5e4
commit a30d620502
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
UI/SOGoUI/SOGoDirectAction.m
View File

@ -218,15 +218,17 @@ static SoProduct *commonProduct = nil;
NSString *value, *token;
NSArray *creds;
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled])
auth = [[WOApplication application]
authenticatorInContext: context];
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] ||
![auth isKindOfClass: [SOGoWebAuthenticator class]])
return [super performActionNamed: _actionName];
// We grab the X-XSRF-TOKEN header
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
// We compare it with our session key
auth = [[WOApplication application]
authenticatorInContext: context];
value = [[context request]
cookieValueForKey: [auth cookieNameInContext: context]];
creds = [auth parseCredentials: value];

1
UI/SOGoUI/UIxComponent.h
View File

@ -1,5 +1,4 @@
/*
Copyright (C) 2000-2005 SKYRIX Software AG
Copyright (C) 2007-2016 Inverse inc.
This file is part of SOGo

11
UI/SOGoUI/UIxComponent.m
View File

@ -1,6 +1,5 @@
/*
Copyright (C) 2007-2015 Inverse inc.
Copyright (C) 2004 SKYRIX Software AG
Copyright (C) 2007-2016 Inverse inc.
This file is part of SOGo
@ -775,7 +774,11 @@ static SoProduct *commonProduct = nil;
NSString *value, *token;
NSArray *creds;
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled])
auth = [[WOApplication application]
authenticatorInContext: context];
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] ||
![auth isKindOfClass: [SOGoWebAuthenticator class]])
return [super performActionNamed: _actionName];
// If the action is 'connect' (or 'logoff'), we let it go as the token
@ -790,8 +793,6 @@ static SoProduct *commonProduct = nil;
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
// We compare it with our session key
auth = [[WOApplication application]
authenticatorInContext: context];
value = [[context request]
cookieValueForKey: [auth cookieNameInContext: context]];
creds = [auth parseCredentials: value];