mirror of
https://github.com/inverse-inc/sogo.git
synced 2026-07-04 00:04:19 +00:00
feat(login): add parameters to prevent uneccesary connection request when the domain is unknown
This commit is contained in:
@@ -36,6 +36,8 @@ static const NSString *kDisableSharingCalendar = @"Calendar";
|
||||
+ (SOGoSystemDefaults *) sharedSystemDefaults;
|
||||
|
||||
- (NSArray *) domainIds;
|
||||
- (BOOL) forbidUnknownDomainsAuth;
|
||||
- (NSArray *) domainsAllowed;
|
||||
- (BOOL) enableDomainBasedUID;
|
||||
- (NSArray *) loginDomains;
|
||||
- (NSArray *) visibleDomainsForDomain: (NSString *) domain;
|
||||
|
||||
@@ -258,7 +258,8 @@ _injectConfigurationFromFile (NSMutableDictionary *defaultsDict,
|
||||
|
||||
- (NSArray *) domainIds
|
||||
{
|
||||
return [[self dictionaryForKey: @"domains"] allKeys];
|
||||
NSDictionary *domains = [self dictionaryForKey: @"domains"];
|
||||
return [domains allKeys];
|
||||
}
|
||||
|
||||
- (BOOL) enableDomainBasedUID
|
||||
@@ -266,6 +267,16 @@ _injectConfigurationFromFile (NSMutableDictionary *defaultsDict,
|
||||
return [self boolForKey: @"SOGoEnableDomainBasedUID"];
|
||||
}
|
||||
|
||||
- (BOOL) forbidUnknownDomainsAuth
|
||||
{
|
||||
return [self boolForKey: @"SOGoForbidUnknownDomainsAuth"];
|
||||
}
|
||||
|
||||
- (NSArray *) domainsAllowed
|
||||
{
|
||||
return [NSMutableArray arrayWithArray: [self stringArrayForKey: @"SOGoDomainAllowed"]];
|
||||
}
|
||||
|
||||
- (NSArray *) loginDomains
|
||||
{
|
||||
NSMutableArray *filteredLoginDomains;
|
||||
|
||||
@@ -607,10 +607,48 @@ static const NSString *kObfuscatedSecondaryEmailKey = @"obfuscatedSecondaryEmail
|
||||
{
|
||||
*_domain = [username substringFromIndex: r.location+1];
|
||||
|
||||
if (![[[SOGoSystemDefaults sharedSystemDefaults] domainIds] containsObject: *_domain])
|
||||
if (![[sd domainIds] containsObject: *_domain])
|
||||
*_domain = nil;
|
||||
}
|
||||
}
|
||||
|
||||
// If the domains is unknwon we reject the auth
|
||||
if([sd forbidUnknownDomainsAuth])
|
||||
{
|
||||
NSArray *domainsAllowed, *domainsKnown;
|
||||
NSString *userDomain;
|
||||
NSRange r;
|
||||
BOOL allowed = NO;
|
||||
if(!*_domain)
|
||||
{
|
||||
r = [username rangeOfString: @"@"];
|
||||
if(r.location != NSNotFound)
|
||||
userDomain = [username substringFromIndex: r.location+1];
|
||||
else
|
||||
userDomain = nil;
|
||||
}
|
||||
else
|
||||
userDomain = *_domain;
|
||||
|
||||
if(!userDomain)
|
||||
{
|
||||
[self errorWithFormat: @"User attempt to login without domain"];
|
||||
return allowed;
|
||||
}
|
||||
|
||||
|
||||
if((domainsAllowed = [sd domainsAllowed]) && [domainsAllowed containsObject: userDomain])
|
||||
allowed = YES;
|
||||
if((domainsKnown = [sd domainIds]) && [domainsKnown containsObject: userDomain])
|
||||
allowed = YES;
|
||||
|
||||
if([domainsKnown length] == 0 && [domainsAllowed length] == 0)
|
||||
[self errorWithFormat: @"SOGoForbidUnknownDomainsAuth is set but sogo don't know any domains"];
|
||||
else if(!allowed)
|
||||
[self errorWithFormat: @"User domain is unknown or not allowed: %@", userDomain];
|
||||
|
||||
return allowed;
|
||||
}
|
||||
|
||||
// We check the fail count per user in memcache (per server). If the
|
||||
// fail count reaches X in Y minutes, we deny immediately the
|
||||
|
||||
Reference in New Issue
Block a user