LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #85 from Zentyal/inverse_fix-multidomain-web 

Avoid reading emails from other domains
pull/86/head
extrafu 2015-05-22 09:19:54 -04:00
parent 1e0473f1e5 7990e23aaa
commit d6ab7582e5
1 changed files with 37 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
SoObjects/SOGo/SOGoUserManager.m
View File

@ -362,6 +362,7 @@ static Class NSNullK;
NSDictionary *contactInfos;
NSString *login;
SOGoDomainDefaults *dd;
SOGoSystemDefaults *sd;
contactInfos = [self contactInfosForUserWithUIDorEmail: uid
inDomain: domain];
@ -372,10 +373,22 @@ static Class NSNullK;
dd = [SOGoDomainDefaults defaultsForDomain: domain];
else
dd = [SOGoSystemDefaults sharedSystemDefaults];
login = [dd forceExternalLoginWithEmail] ? [self getEmailForUID: uid] : uid;
if ([dd forceExternalLoginWithEmail])
{
sd = [SOGoSystemDefaults sharedSystemDefaults];
if ([sd enableDomainBasedUID])
// On multidomain environment we must use uid@domain
// for getEmailForUID method
login = [NSString stringWithFormat: @"%@@%@", uid, domain];
else
login = uid;
login = [self getEmailForUID: login];
}
else
login = uid;
}
return login;
}
@ -475,18 +488,19 @@ static Class NSNullK;
grace: (int *) _grace
useCache: (BOOL) useCache
{
NSMutableDictionary *currentUser, *failedCount;
NSMutableDictionary *currentUser;
NSDictionary *failedCount;
NSString *dictPassword, *username, *jsonUser;
SOGoSystemDefaults *dd;
BOOL checkOK;
dd = [SOGoSystemDefaults sharedSystemDefaults];
// We check for cached passwords. If the entry is cached, we
// check this immediately. If not, we'll go directly at the
// authentication source and try to validate there, then cache it.
if (*_domain != nil)
username = [NSString stringWithFormat: @"%@@%@", _login, *_domain];
if (*_domain)
{
if ([_login rangeOfString: @"@"].location == NSNotFound)
username = [NSString stringWithFormat: @"%@@%@", _login, *_domain];
}
else
{
NSRange r;
@ -519,13 +533,10 @@ static Class NSNullK;
}
}
failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
//
// We check the fail count per user in memcache (per server). If the
// fail count reaches X in Y minutes, we deny immediately the
// authentications for Z minutes
//
failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
if (failedCount)
{
unsigned int current_time, start_time, delta, block_time;
@ -551,7 +562,9 @@ static Class NSNullK;
}
}
// We check for cached passwords. If the entry is cached, we
// check this immediately. If not, we'll go directly at the
// authentication source and try to validate there, then cache it.
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username];
currentUser = [jsonUser objectFromJSONString];
dictPassword = [currentUser objectForKey: @"password"];
@ -806,24 +819,20 @@ static Class NSNullK;
withLogin: (NSString *) login
{
NSEnumerator *emails;
NSString *key;
[[SOGoCache sharedCache]
setUserAttributes: [newUser jsonRepresentation]
forLogin: login];
NSString *key, *user_json;
user_json = [newUser jsonRepresentation];
[[SOGoCache sharedCache] setUserAttributes: user_json
forLogin: login];
if (![newUser isKindOfClass: NSNullK])
{
key = [newUser objectForKey: @"c_uid"];
if (key && ![key isEqualToString: login])
[[SOGoCache sharedCache]
setUserAttributes: [newUser jsonRepresentation]
forLogin: key];
emails = [[newUser objectForKey: @"emails"] objectEnumerator];
while ((key = [emails nextObject]))
[[SOGoCache sharedCache]
setUserAttributes: [newUser jsonRepresentation]
forLogin: key];
{
if (![key isEqualToString: login])
[[SOGoCache sharedCache] setUserAttributes: user_json
forLogin: key];
}
}
}