Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1705 from weseek/fix/ABLC-Rule

Fix/ablc rule
Yuki Takei 6 years ago
parent
76aa43937b 8d4835fa08
commit
796307e7bb
3 changed files with 24 additions and 13 deletions
Split View Show Diff Stats
  1. 1 1
      src/client/js/components/Admin/Security/SamlSecuritySetting.jsx
  2. 10 6
      src/server/routes/apiv3/security-setting.js
  3. 13 6
      src/server/service/passport.js

+ 1 - 1
src/client/js/components/Admin/Security/SamlSecuritySetting.jsx
View File 

@@ -481,7 +481,7 @@ pWVdnzS1VCO8fKsJ7YYIr+JmHvseph3kFUOI5RqkCcMZlKUv83aUThsTHw==
 
                     <input
 
                       className="form-control"
 
                       type="text"
 
-                      value={adminSamlSecurityContainer.state.samlABLCRule || ''}
 
+                      defaultValue={adminSamlSecurityContainer.state.samlABLCRule || ''}
 
                       onChange={(e) => { adminSamlSecurityContainer.changeSamlABLCRule(e.target.value) }}
 
                       readOnly={useOnlyEnvVars}
 
                     />

+ 10 - 6
src/server/routes/apiv3/security-setting.js
View File 

@@ -1,6 +1,3 @@
 
-
 
-/* eslint-disable max-len */
 
-/* eslint-disable no-unused-vars */
 
 const loggerFactory = require('@alias/logger');
 
 
 const logger = loggerFactory('growi:routes:apiv3:security-setting');
 
@@ -453,7 +450,9 @@ module.exports = (crowi) => {
 
 
       await crowi.passportService.setupStrategyById(authId);
 
 
-      const responseParams = { [`security:passport-${authId}:isEnabled`]: await crowi.configManager.getConfig('crowi', `security:passport-${authId}:isEnabled`) };
 
+      const responseParams = {
 
+        [`security:passport-${authId}:isEnabled`]: await crowi.configManager.getConfig('crowi', `security:passport-${authId}:isEnabled`),
 
+      };
 
 
       return res.apiv3({ responseParams });
 
     }
 
@@ -663,8 +662,13 @@ module.exports = (crowi) => {
 
     const rule = req.body.ABLCRule;
 
     // Empty string disables attribute-based login control.
 
     // So, when rule is empty string, validation is passed.
 
-    if (rule != null && (rule == null || crowi.passportService.parseABLCRule(rule) == null)) {
 
-      return res.apiv3Err(req.t('form_validation.invalid_syntax', req.t('security_setting.form_item_name.ABLCRule')), 400);
 
+    if (rule != null) {
 
+      try {
 
+        crowi.passportService.parseABLCRule(rule);
 
+      }
 
+      catch (err) {
 
+        return res.apiv3Err(req.t('form_validation.invalid_syntax', req.t('security_setting.form_item_name.ABLCRule')), 400);
 
+      }
 
     }
 
 
     const requestParams = {

+ 13 - 6
src/server/service/passport.js
View File 

@@ -666,6 +666,18 @@ class PassportService {
 
     return missingRequireds;
 
   }
 
 
+  /**
 
+   * Parse Attribute-Based Login Control Rule as Lucene Query
 
+   * @param {string} rule Lucene syntax string
 
+   * @returns {object} Expression Tree Structure generated by lucene-query-parser
 
+   * @see https://github.com/thoward/lucene-query-parser.js/wiki
 
+   */
 
+  parseABLCRule(rule) {
 
+    // parse with lucene-query-parser
 
+    // see https://github.com/thoward/lucene-query-parser.js/wiki
 
+    return luceneQueryParser.parse(rule);
 
+  }
 
+
 
   /**
 
    * Verify that a SAML response meets the attribute-base login control rule
 
    */
 
@@ -675,12 +687,7 @@ class PassportService {
 
       return true;
 
     }
 
 
-    // parse with lucene-query-parser
 
-    // see https://github.com/thoward/lucene-query-parser.js/wiki
 
-    const luceneRule = luceneQueryParser.parse(rule);
 
-    if (luceneRule == null) {
 
-      return false;
 
-    }
 
+    const luceneRule = this.parseABLCRule(rule);
 
     debug({ 'Parsed Rule': JSON.stringify(luceneRule, null, 2) });
 
 
     const attributes = this.extractAttributesFromSAMLResponse(response);