(fix) avoid using for now the XSRF code for proxy-auth (fixes #3668)
parent
d802a7d5e4
commit
a30d620502
|
@ -218,15 +218,17 @@ static SoProduct *commonProduct = nil;
|
||||||
NSString *value, *token;
|
NSString *value, *token;
|
||||||
NSArray *creds;
|
NSArray *creds;
|
||||||
|
|
||||||
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled])
|
auth = [[WOApplication application]
|
||||||
|
authenticatorInContext: context];
|
||||||
|
|
||||||
|
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] ||
|
||||||
|
![auth isKindOfClass: [SOGoWebAuthenticator class]])
|
||||||
return [super performActionNamed: _actionName];
|
return [super performActionNamed: _actionName];
|
||||||
|
|
||||||
// We grab the X-XSRF-TOKEN header
|
// We grab the X-XSRF-TOKEN header
|
||||||
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
|
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
|
||||||
|
|
||||||
// We compare it with our session key
|
// We compare it with our session key
|
||||||
auth = [[WOApplication application]
|
|
||||||
authenticatorInContext: context];
|
|
||||||
value = [[context request]
|
value = [[context request]
|
||||||
cookieValueForKey: [auth cookieNameInContext: context]];
|
cookieValueForKey: [auth cookieNameInContext: context]];
|
||||||
creds = [auth parseCredentials: value];
|
creds = [auth parseCredentials: value];
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
/*
|
/*
|
||||||
Copyright (C) 2000-2005 SKYRIX Software AG
|
|
||||||
Copyright (C) 2007-2016 Inverse inc.
|
Copyright (C) 2007-2016 Inverse inc.
|
||||||
|
|
||||||
This file is part of SOGo
|
This file is part of SOGo
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
/*
|
/*
|
||||||
Copyright (C) 2007-2015 Inverse inc.
|
Copyright (C) 2007-2016 Inverse inc.
|
||||||
Copyright (C) 2004 SKYRIX Software AG
|
|
||||||
|
|
||||||
This file is part of SOGo
|
This file is part of SOGo
|
||||||
|
|
||||||
|
@ -775,7 +774,11 @@ static SoProduct *commonProduct = nil;
|
||||||
NSString *value, *token;
|
NSString *value, *token;
|
||||||
NSArray *creds;
|
NSArray *creds;
|
||||||
|
|
||||||
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled])
|
auth = [[WOApplication application]
|
||||||
|
authenticatorInContext: context];
|
||||||
|
|
||||||
|
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] ||
|
||||||
|
![auth isKindOfClass: [SOGoWebAuthenticator class]])
|
||||||
return [super performActionNamed: _actionName];
|
return [super performActionNamed: _actionName];
|
||||||
|
|
||||||
// If the action is 'connect' (or 'logoff'), we let it go as the token
|
// If the action is 'connect' (or 'logoff'), we let it go as the token
|
||||||
|
@ -790,8 +793,6 @@ static SoProduct *commonProduct = nil;
|
||||||
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
|
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
|
||||||
|
|
||||||
// We compare it with our session key
|
// We compare it with our session key
|
||||||
auth = [[WOApplication application]
|
|
||||||
authenticatorInContext: context];
|
|
||||||
value = [[context request]
|
value = [[context request]
|
||||||
cookieValueForKey: [auth cookieNameInContext: context]];
|
cookieValueForKey: [auth cookieNameInContext: context]];
|
||||||
creds = [auth parseCredentials: value];
|
creds = [auth parseCredentials: value];
|
||||||
|
|
Loading…
Reference in New Issue