Revert "Catch error msg if Id doesn t exist (#1628)"
This reverts commit 8b9c47d6eb
This commit is contained in:
parent
8b9c47d6eb
commit
b70d8ea673
|
@ -108,11 +108,12 @@ sub controlUrl {
|
|||
);
|
||||
|
||||
# XSS attack
|
||||
if ($self->checkXSSAttack(
|
||||
if (
|
||||
$self->checkXSSAttack(
|
||||
$req->param('logout') ? 'HTTP Referer' : 'urldc',
|
||||
$req->{urldc}
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
delete $req->{urldc};
|
||||
return PE_BADURL;
|
||||
|
@ -121,9 +122,9 @@ sub controlUrl {
|
|||
# Unprotected hosts
|
||||
if ( $tmp and !$self->isTrustedUrl($tmp) ) {
|
||||
$self->userLogger->error(
|
||||
"URL contains a non protected host (param: "
|
||||
. ( $req->param('logout') ? 'HTTP Referer' : 'urldc' )
|
||||
. " | value: $tmp)" );
|
||||
"URL contains a non protected host (param: "
|
||||
. ( $req->param('logout') ? 'HTTP Referer' : 'urldc' )
|
||||
. " | value: $tmp)" );
|
||||
delete $req->{urldc};
|
||||
return PE_BADURL;
|
||||
}
|
||||
|
@ -177,8 +178,7 @@ sub deleteSession {
|
|||
|
||||
# TODO
|
||||
# Collect logout services and build hidden iFrames
|
||||
if ( $req->data->{logoutServices} and %{ $req->data->{logoutServices} } )
|
||||
{
|
||||
if ( $req->data->{logoutServices} and %{ $req->data->{logoutServices} } ) {
|
||||
|
||||
$self->logger->debug("Create iFrames to forward logout to services");
|
||||
|
||||
|
@ -190,25 +190,24 @@ sub deleteSession {
|
|||
|
||||
foreach ( keys %{ $req->data->{logoutServices} } ) {
|
||||
my $logoutServiceName = $_;
|
||||
my $logoutServiceUrl
|
||||
= $req->data->{logoutServices}->{$logoutServiceName};
|
||||
my $logoutServiceUrl =
|
||||
$req->data->{logoutServices}->{$logoutServiceName};
|
||||
|
||||
$self->logger->debug(
|
||||
"Find logout service $logoutServiceName ($logoutServiceUrl)");
|
||||
|
||||
my $iframe
|
||||
= qq'<iframe src="$logoutServiceUrl" alt="$logoutServiceName"'
|
||||
. ' marginwidth="0" marginheight="0" scrolling="no"'
|
||||
. ' class="hiddenFrame" width="0" height="0"'
|
||||
. ' frameborder="0"></iframe>';
|
||||
my $iframe =
|
||||
qq'<iframe src="$logoutServiceUrl" alt="$logoutServiceName"'
|
||||
. ' marginwidth="0" marginheight="0" scrolling="no"'
|
||||
. ' class="hiddenFrame" width="0" height="0"'
|
||||
. ' frameborder="0"></iframe>';
|
||||
|
||||
$req->info($iframe);
|
||||
}
|
||||
|
||||
# Redirect on logout page if no other target defined
|
||||
if ( !$req->urldc and !$req->postUrl ) {
|
||||
$self->logger->debug(
|
||||
'No other target defined, redirect on logout');
|
||||
$self->logger->debug('No other target defined, redirect on logout');
|
||||
$req->urldc( $req->script_name . "?logout=1" );
|
||||
}
|
||||
}
|
||||
|
@ -290,9 +289,7 @@ sub extractFormInfo {
|
|||
sub getUser {
|
||||
my ( $self, $req, %args ) = @_;
|
||||
return PE_ERROR unless ( $self->_userDB );
|
||||
return ( $self->_userDB->getUser( $req, %args ) == PE_USERNOTFOUND
|
||||
? PE_BADCREDENTIALS
|
||||
: $self->_userDB->getUser( $req, %args ) );
|
||||
return $self->_userDB->getUser( $req, %args );
|
||||
}
|
||||
|
||||
sub authenticate {
|
||||
|
@ -306,9 +303,10 @@ sub authenticate {
|
|||
|
||||
# Store failed login into history
|
||||
$req->steps(
|
||||
[ 'setSessionInfo', 'setMacros',
|
||||
[
|
||||
'setSessionInfo', 'setMacros',
|
||||
'setPersistentSessionInfo', 'storeHistory',
|
||||
@{ $self->afterData }, sub {PE_BADCREDENTIALS}
|
||||
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
|
||||
]
|
||||
);
|
||||
|
||||
|
@ -324,8 +322,7 @@ sub setAuthSessionInfo {
|
|||
if ( $ret == PE_OK
|
||||
and not( defined $req->sessionInfo->{authenticationLevel} ) )
|
||||
{
|
||||
$self->logger->error(
|
||||
'Authentication level is not set by auth module');
|
||||
$self->logger->error('Authentication level is not set by auth module');
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
@ -345,15 +342,15 @@ sub setSessionInfo {
|
|||
|
||||
# Date and time
|
||||
if ( $self->conf->{updateSession} ) {
|
||||
$req->{sessionInfo}->{_updateTime}
|
||||
= strftime( "%Y%m%d%H%M%S", localtime() );
|
||||
$req->{sessionInfo}->{_updateTime} =
|
||||
strftime( "%Y%m%d%H%M%S", localtime() );
|
||||
}
|
||||
else {
|
||||
$req->{sessionInfo}->{_utime} ||= time();
|
||||
$req->{sessionInfo}->{_startTime}
|
||||
= strftime( "%Y%m%d%H%M%S", localtime() );
|
||||
$req->{sessionInfo}->{_startTime} =
|
||||
strftime( "%Y%m%d%H%M%S", localtime() );
|
||||
$req->{sessionInfo}->{_lastSeen} = time()
|
||||
if $self->conf->{timeoutActivity};
|
||||
if $self->conf->{timeoutActivity};
|
||||
}
|
||||
|
||||
# Store URL origin in session
|
||||
|
@ -371,8 +368,8 @@ sub setSessionInfo {
|
|||
sub setMacros {
|
||||
my ( $self, $req ) = @_;
|
||||
foreach ( sort keys %{ $self->_macros } ) {
|
||||
$req->{sessionInfo}->{$_}
|
||||
= $self->_macros->{$_}->( $req, $req->sessionInfo );
|
||||
$req->{sessionInfo}->{$_} =
|
||||
$self->_macros->{$_}->( $req, $req->sessionInfo );
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
@ -412,16 +409,16 @@ sub setLocalGroups {
|
|||
my ( $self, $req ) = @_;
|
||||
foreach ( sort keys %{ $self->_groups } ) {
|
||||
if ( $self->_groups->{$_}->( $req, $req->sessionInfo ) ) {
|
||||
$req->{sessionInfo}->{groups}
|
||||
.= $self->conf->{multiValuesSeparator} . $_;
|
||||
$req->{sessionInfo}->{groups} .=
|
||||
$self->conf->{multiValuesSeparator} . $_;
|
||||
$req->{sessionInfo}->{hGroups}->{$_}->{name} = $_;
|
||||
}
|
||||
}
|
||||
|
||||
# Clear values separator at the beginning
|
||||
if ( $req->{sessionInfo}->{groups} ) {
|
||||
$req->{sessionInfo}->{groups}
|
||||
=~ s/^$self->{conf}->{multiValuesSeparator}//o;
|
||||
$req->{sessionInfo}->{groups} =~
|
||||
s/^$self->{conf}->{multiValuesSeparator}//o;
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
@ -445,8 +442,8 @@ sub store {
|
|||
|
||||
# Compute unsecure cookie value if needed
|
||||
if ( $self->conf->{securedCookie} == 3 ) {
|
||||
$req->{sessionInfo}->{_httpSession}
|
||||
= $self->conf->{cipher}->encryptHex( $req->{id}, "http" );
|
||||
$req->{sessionInfo}->{_httpSession} =
|
||||
$self->conf->{cipher}->encryptHex( $req->{id}, "http" );
|
||||
}
|
||||
|
||||
# Fill session
|
||||
|
|
Loading…
Reference in New Issue
Block a user