You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by se...@apache.org on 2016/12/15 21:55:52 UTC
incubator-ponymail git commit: Simplify by relying on validation in
aaa.lua
Repository: incubator-ponymail
Updated Branches:
refs/heads/master b2947f610 -> b6598b818
Simplify by relying on validation in aaa.lua
Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/b6598b81
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/b6598b81
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/b6598b81
Branch: refs/heads/master
Commit: b6598b8188ba6472a4cfb56115631104aea3e6ca
Parents: b2947f6
Author: Sebb <se...@apache.org>
Authored: Thu Dec 15 21:55:43 2016 +0000
Committer: Sebb <se...@apache.org>
Committed: Thu Dec 15 21:55:43 2016 +0000
----------------------------------------------------------------------
aaa_examples/aaa_by_email_address.lua | 24 +-----------------------
aaa_examples/aaa_by_portal.lua | 24 +-----------------------
aaa_examples/aaa_with_subgroups.lua | 24 +-----------------------
3 files changed, 3 insertions(+), 69 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/b6598b81/aaa_examples/aaa_by_email_address.lua
----------------------------------------------------------------------
diff --git a/aaa_examples/aaa_by_email_address.lua b/aaa_examples/aaa_by_email_address.lua
index 7850742..5757a94 100644
--- a/aaa_examples/aaa_by_email_address.lua
+++ b/aaa_examples/aaa_by_email_address.lua
@@ -41,9 +41,6 @@ end
-- Get a list of domains the user has private email access to (or wildcard if org member)
local function getRights(r, usr)
- if not usr.credentials then
- return {}
- end
local email = usr.credentials.email or "|||"
local xemail = email:match("([-a-zA-Z0-9._@]+)") -- whitelist characters
local rights = {}
@@ -53,26 +50,6 @@ local function getRights(r, usr)
return rights
end
- -- Check that we used oauth, bail if not
- local oauth_domain = usr.internal and usr.internal.oauth_used or nil
- if not oauth_domain then
- return {}
- end
-
- -- check if oauth was through an oauth portal that can give privacy rights
- local authority = false
- for k, v in pairs(config.admin_oauth or {}) do
- if r.strcmp_match(oauth_domain, v) then
- authority = true
- break
- end
- end
-
- -- if not a 'good' oauth, then let's forget all about it
- if not authority then
- return rights
- end
-
-- first, check against primary address
local validEmail = validateEmail(r, email)
@@ -97,5 +74,6 @@ end
-- module defs
return {
+ validateParams = true,
rights = getRights
}
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/b6598b81/aaa_examples/aaa_by_portal.lua
----------------------------------------------------------------------
diff --git a/aaa_examples/aaa_by_portal.lua b/aaa_examples/aaa_by_portal.lua
index 79782db..20c3be2 100644
--- a/aaa_examples/aaa_by_portal.lua
+++ b/aaa_examples/aaa_by_portal.lua
@@ -29,9 +29,6 @@ local grant_access_to = "*" -- use * for access to all, or specify a (sub)domain
-- Get rights (full or no access)
local function getRights(r, usr)
- if not usr.credentials then
- return {}
- end
local email = usr.credentials.email or "|||"
local xemail = email:match("([-a-zA-Z0-9._@]+)") -- whitelist characters
local rights = {}
@@ -41,26 +38,6 @@ local function getRights(r, usr)
return rights
end
- -- Check that we used oauth, bail if not
- local oauth_domain = usr.internal and usr.internal.oauth_used or nil
- if not oauth_domain then
- return {}
- end
-
- -- check if oauth was through an oauth portal that can give privacy rights
- local authority = false
- for k, v in pairs(config.admin_oauth or {}) do
- if r.strcmp_match(oauth_domain, v) then
- authority = true
- break
- end
- end
-
- -- if not a 'good' oauth, then let's forget all about it
- if not authority then
- return rights
- end
-
-- Check if admin or if the right oauth portal was used
if usr.internal.admin or oauth_domain == valid_portal then
table.insert(rights, grant_access_to)
@@ -70,5 +47,6 @@ end
-- module defs
return {
+ validateParams = true,
rights = getRights
}
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/b6598b81/aaa_examples/aaa_with_subgroups.lua
----------------------------------------------------------------------
diff --git a/aaa_examples/aaa_with_subgroups.lua b/aaa_examples/aaa_with_subgroups.lua
index f2ef495..6de63e3 100644
--- a/aaa_examples/aaa_with_subgroups.lua
+++ b/aaa_examples/aaa_with_subgroups.lua
@@ -47,9 +47,6 @@ local access_list = {
-- Get rights (full or no access)
local function getRights(r, usr)
- if not usr.credentials then
- return {}
- end
local email = usr.credentials.email or "|||"
local xemail = email:match("([-a-zA-Z0-9._@]+)") -- whitelist characters
local rights = {}
@@ -59,26 +56,6 @@ local function getRights(r, usr)
return rights
end
- -- Check that we used oauth, bail if not
- local oauth_domain = usr.internal and usr.internal.oauth_used or nil
- if not oauth_domain then
- return {}
- end
-
- -- check if oauth was through an oauth portal that can give privacy rights
- local authority = false
- for k, v in pairs(config.admin_oauth or {}) do
- if r.strcmp_match(oauth_domain, v) then
- authority = true
- break
- end
- end
-
- -- if not a 'good' oauth, then let's forget all about it
- if not authority then
- return rights
- end
-
-- Check if the access list has this email on file, and if so,
-- return the access list for that specific email account
if access_list[email] then
@@ -89,5 +66,6 @@ end
-- module defs
return {
+ validateParams = true,
rights = getRights
}