amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-19 02:15:36 +00:00
Code Issues Projects Releases Wiki Activity

(fix) avoid using for now the XSRF code for proxy-auth (fixes #3668)

Browse Source
This commit is contained in:
Ludovic Marcotte
2016-05-11 08:55:05 -04:00
parent d802a7d5e4
commit a30d620502
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
UI/SOGoUI/UIxComponent.m
+6 -5
View File
@@ -1,6 +1,5 @@
/*
Copyright (C) 2007-2015 Inverse inc.
Copyright (C) 2004 SKYRIX Software AG
Copyright (C) 2007-2016 Inverse inc.
This file is part of SOGo
@@ -775,7 +774,11 @@ static SoProduct *commonProduct = nil;
NSString *value, *token;
NSArray *creds;
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled])
auth = [[WOApplication application]
authenticatorInContext: context];
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] ||
![auth isKindOfClass: [SOGoWebAuthenticator class]])
return [super performActionNamed: _actionName];
// If the action is 'connect' (or 'logoff'), we let it go as the token
@@ -790,8 +793,6 @@ static SoProduct *commonProduct = nil;
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
// We compare it with our session key
auth = [[WOApplication application]
authenticatorInContext: context];
value = [[context request]
cookieValueForKey: [auth cookieNameInContext: context]];
creds = [auth parseCredentials: value];