Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-12 00:06:01 +01:00
Code Issues Packages Projects Releases Activity

Use safe_attributes for auth sources.

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@15692 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2016-07-17 08:18:26 +00:00
parent cc30a0423e
commit d7a6c09822
2 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/controllers/auth_sources_controller.rb
View File

@@ -20,6 +20,7 @@ class AuthSourcesController < ApplicationController
menu_item :ldap_authentication menu_item :ldap_authentication
before_action :require_admin before_action :require_admin
before_action :build_new_auth_source, :only => [:new, :create]
before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy] before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy]
require_sudo_mode :update, :destroy require_sudo_mode :update, :destroy
@@ -28,13 +29,9 @@ class AuthSourcesController < ApplicationController
end end
def new def new
klass_name = params[:type] || 'AuthSourceLdap'
@auth_source = AuthSource.new_subclass_instance(klass_name, params[:auth_source])
render_404 unless @auth_source
end end
def create def create
@auth_source = AuthSource.new_subclass_instance(params[:type], params[:auth_source])
if @auth_source.save if @auth_source.save
flash[:notice] = l(:notice_successful_create) flash[:notice] = l(:notice_successful_create)
redirect_to auth_sources_path redirect_to auth_sources_path
@@ -47,7 +44,8 @@ class AuthSourcesController < ApplicationController
end end
def update def update
if @auth_source.update_attributes(params[:auth_source]) @auth_source.safe_attributes = params[:auth_source]
if @auth_source.save
flash[:notice] = l(:notice_successful_update) flash[:notice] = l(:notice_successful_update)
redirect_to auth_sources_path redirect_to auth_sources_path
else else
@@ -89,6 +87,15 @@ class AuthSourcesController < ApplicationController
private private
def build_new_auth_source
@auth_source = AuthSource.new_subclass_instance(params[:type] || 'AuthSourceLdap')
if @auth_source
@auth_source.safe_attributes = params[:auth_source]
else
render_404
end
end
def find_auth_source def find_auth_source
@auth_source = AuthSource.find(params[:id]) @auth_source = AuthSource.find(params[:id])
rescue ActiveRecord::RecordNotFound rescue ActiveRecord::RecordNotFound

16
app/models/auth_source.rb
View File

@@ -21,6 +21,7 @@ class AuthSourceException < Exception; end
class AuthSourceTimeoutException < AuthSourceException; end class AuthSourceTimeoutException < AuthSourceException; end
class AuthSource < ActiveRecord::Base class AuthSource < ActiveRecord::Base
include Redmine::SafeAttributes
include Redmine::SubclassFactory include Redmine::SubclassFactory
include Redmine::Ciphering include Redmine::Ciphering
@@ -31,6 +32,21 @@ class AuthSource < ActiveRecord::Base
validates_length_of :name, :maximum => 60 validates_length_of :name, :maximum => 60
attr_protected :id attr_protected :id
safe_attributes 'name',
'host',
'port',
'account',
'account_password',
'base_dn',
'attr_login',
'attr_firstname',
'attr_lastname',
'attr_mail',
'onthefly_register',
'tls',
'filter',
'timeout'
def authenticate(login, password) def authenticate(login, password)
end end