Merge pull request #85 from Zentyal/inverse_fix-multidomain-web
Avoid reading emails from other domainspull/86/head
commit
d6ab7582e5
|
@ -362,6 +362,7 @@ static Class NSNullK;
|
|||
NSDictionary *contactInfos;
|
||||
NSString *login;
|
||||
SOGoDomainDefaults *dd;
|
||||
SOGoSystemDefaults *sd;
|
||||
|
||||
contactInfos = [self contactInfosForUserWithUIDorEmail: uid
|
||||
inDomain: domain];
|
||||
|
@ -372,10 +373,22 @@ static Class NSNullK;
|
|||
dd = [SOGoDomainDefaults defaultsForDomain: domain];
|
||||
else
|
||||
dd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||
|
||||
login = [dd forceExternalLoginWithEmail] ? [self getEmailForUID: uid] : uid;
|
||||
|
||||
if ([dd forceExternalLoginWithEmail])
|
||||
{
|
||||
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||
if ([sd enableDomainBasedUID])
|
||||
// On multidomain environment we must use uid@domain
|
||||
// for getEmailForUID method
|
||||
login = [NSString stringWithFormat: @"%@@%@", uid, domain];
|
||||
else
|
||||
login = uid;
|
||||
login = [self getEmailForUID: login];
|
||||
}
|
||||
else
|
||||
login = uid;
|
||||
}
|
||||
|
||||
|
||||
return login;
|
||||
}
|
||||
|
||||
|
@ -475,18 +488,19 @@ static Class NSNullK;
|
|||
grace: (int *) _grace
|
||||
useCache: (BOOL) useCache
|
||||
{
|
||||
NSMutableDictionary *currentUser, *failedCount;
|
||||
NSMutableDictionary *currentUser;
|
||||
NSDictionary *failedCount;
|
||||
NSString *dictPassword, *username, *jsonUser;
|
||||
SOGoSystemDefaults *dd;
|
||||
BOOL checkOK;
|
||||
|
||||
dd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||
|
||||
// We check for cached passwords. If the entry is cached, we
|
||||
// check this immediately. If not, we'll go directly at the
|
||||
// authentication source and try to validate there, then cache it.
|
||||
if (*_domain != nil)
|
||||
username = [NSString stringWithFormat: @"%@@%@", _login, *_domain];
|
||||
if (*_domain)
|
||||
{
|
||||
if ([_login rangeOfString: @"@"].location == NSNotFound)
|
||||
username = [NSString stringWithFormat: @"%@@%@", _login, *_domain];
|
||||
}
|
||||
else
|
||||
{
|
||||
NSRange r;
|
||||
|
@ -519,13 +533,10 @@ static Class NSNullK;
|
|||
}
|
||||
}
|
||||
|
||||
failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
|
||||
|
||||
//
|
||||
// We check the fail count per user in memcache (per server). If the
|
||||
// fail count reaches X in Y minutes, we deny immediately the
|
||||
// authentications for Z minutes
|
||||
//
|
||||
failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
|
||||
if (failedCount)
|
||||
{
|
||||
unsigned int current_time, start_time, delta, block_time;
|
||||
|
@ -551,7 +562,9 @@ static Class NSNullK;
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// We check for cached passwords. If the entry is cached, we
|
||||
// check this immediately. If not, we'll go directly at the
|
||||
// authentication source and try to validate there, then cache it.
|
||||
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username];
|
||||
currentUser = [jsonUser objectFromJSONString];
|
||||
dictPassword = [currentUser objectForKey: @"password"];
|
||||
|
@ -806,24 +819,20 @@ static Class NSNullK;
|
|||
withLogin: (NSString *) login
|
||||
{
|
||||
NSEnumerator *emails;
|
||||
NSString *key;
|
||||
|
||||
[[SOGoCache sharedCache]
|
||||
setUserAttributes: [newUser jsonRepresentation]
|
||||
forLogin: login];
|
||||
NSString *key, *user_json;
|
||||
|
||||
user_json = [newUser jsonRepresentation];
|
||||
[[SOGoCache sharedCache] setUserAttributes: user_json
|
||||
forLogin: login];
|
||||
if (![newUser isKindOfClass: NSNullK])
|
||||
{
|
||||
key = [newUser objectForKey: @"c_uid"];
|
||||
if (key && ![key isEqualToString: login])
|
||||
[[SOGoCache sharedCache]
|
||||
setUserAttributes: [newUser jsonRepresentation]
|
||||
forLogin: key];
|
||||
|
||||
emails = [[newUser objectForKey: @"emails"] objectEnumerator];
|
||||
while ((key = [emails nextObject]))
|
||||
[[SOGoCache sharedCache]
|
||||
setUserAttributes: [newUser jsonRepresentation]
|
||||
forLogin: key];
|
||||
{
|
||||
if (![key isEqualToString: login])
|
||||
[[SOGoCache sharedCache] setUserAttributes: user_json
|
||||
forLogin: key];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue