Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] Re: Re: Re: Permit LDAP only for WWW
- From: Sylvain Amrani <address@concealed>
- To: Olivier Salaün - CRU <address@concealed>
- Cc: address@concealed
- Subject: [sympa-users] Re: Re: Re: Permit LDAP only for WWW
- Date: Wed, 15 Nov 2006 09:57:16 +0100
Olivier Salaün - CRU a écrit :
Sylvain,It's no interesting work as it just return undef in subrequest and sigrequest.
Please send us (or resend) your patch ; we will complete this work.
Anyway I attach the patch.
Further more it changes the "already_login" error with a you_have_been_authenticated information banner. The trouble comes from our HTTP/HTTPS scheme where users are only authenticated in https (and anonymous browsing is done in http for performance reasons).
Sylvain.
Thanks.
Sylvain Amrani wrote:
Olivier Salaün - CRU a écrit :
Hi Richard,Will this be sufficient to never prompt for password in a sso-only installation or never prompt for password sending ?
The problem you have reported was due to a missing condition in one of Sympa's web template.
I've fixed it ; you can get the patch here : http://sourcesup.cru.fr/cgi/viewcvs.cgi/sympa/web_tt2/login_menu.tt2?r1=1.11&r2=1.11.2.1&makepatch=1&diff_format=u
A time ago I had to patch wwsympa so do_subscribe(), do_multiple_subscribe(), do_sigrequest() won't use email/password functionality. I continue to apply this patch but I don't know if it is necessary with newer versions of sympa.
(with only one SSO section in auth.conf, unauthenticated subscribe request would result in a login/pw form)
Index: wwsympa/wwsympa.fcgi
===================================================================
RCS file: /var/lib/cvs/sympa/wwsympa/wwsympa.fcgi,v
retrieving revision 1.706
diff -u -r1.706 wwsympa.fcgi
--- wwsympa/wwsympa.fcgi 6 Nov 2006 08:29:06 -0000 1.706
+++ wwsympa/wwsympa.fcgi 15 Nov 2006 08:42:04 -0000
@@ -1957,12 +1957,14 @@
$next_action = 'home' if ($in{'next_action'} eq 'logout') ;
if ($param->{'user'}{'email'}) {
- &report::reject_report_web('user','already_login',{'email' => $param->{'user'}{'email'}},$param->{'action'},'');
- &wwslog('info','do_login: user %s already logged in', $param->{'user'}{'email'});
- &web_db_log({'parameters' => $in{'email'},
- 'target_email' => $in{'email'},
- 'status' => 'error',
- 'error_type' => 'already_login'});
+ #&report::reject_report_web('user','already_login',{'email' => $param->{'user'}{'email'}},$param->{'action'},'');
+ #&wwslog('info','do_login: user %s already logged in', $param->{'user'}{'email'});
+ #&web_db_log({'parameters' => $in{'email'},
+ # 'target_email' => $in{'email'},
+ # 'status' => 'error',
+ # 'error_type' => 'already_login'});
+ #amr pas d'erreur d�j� logg� sso
+ &report::notice_report_web('you_have_been_authenticated',{},$param->{'action'});
if ($param->{'nomenu'}) {
$param->{'back_to_mom'} = 1;
return 1;
@@ -2083,11 +2085,13 @@
my $next_action;
if ($param->{'user'}{'email'}) {
- &report::reject_report_web('user','already_login',{'email' => $param->{'user'}{'email'}},$param->{'action'},'');
- &wwslog('err','do_login: user %s already logged in', $param->{'user'}{'email'});
- &web_db_log({'parameters' => $in{'auth_service_name'},
- 'status' => 'error',
- 'error_type' => "already_login"});
+ #&report::reject_report_web('user','already_login',{'email' => $param->{'user'}{'email'}},$param->{'action'},'');
+ #&wwslog('err','do_login: user %s already logged in', $param->{'user'}{'email'});
+ #&web_db_log({'parameters' => $in{'auth_service_name'},
+ # 'status' => 'error',
+ # 'error_type' => "already_login"});
+ # pas d'erreur sso loggu�
+ &report::notice_report_web('you_have_been_authenticated',{},$param->{'action'});
return 'home';
}
@@ -3819,6 +3823,10 @@
## Not authenticated
unless (defined $param->{'user'} && $param->{'user'}{'email'}) {
+ #_amrani chez nous on n'accepte que le SSO
+ &report::reject_report_web('user','no_user',{'argument' => 'list'},$param->{'action'});
+ return undef;
+
## no email
unless ($in{'email'}) {
return 'subrequest';
@@ -3970,6 +3978,10 @@
## Not authenticated
unless (defined $param->{'user'} && $param->{'user'}{'email'}) {
+ #_amrani chez nous on n'accepte que le SSO
+ &report::reject_report_web('user','no_user',{'argument' => 'list'},$param->{'action'});
+ return undef;
+
## no email
unless ($in{'email'}) {
return 'lists';
@@ -4263,6 +4275,10 @@
## Unsubscription request (user not authenticated)
sub do_sigrequest {
&wwslog('info', 'do_sigrequest(%s)', $in{'email'});
+ #_amrani chez nous on n'accepte que le SSO
+ &report::reject_report_web('user','no_user',{'argument' => 'list'},$param->{'action'});
+ return undef;
+
unless ($param->{'list'}) {
&report::reject_report_web('user','missing_arg',{'argument' => 'list'},$param->{'action'});
-
[sympa-users] Permit LDAP only for WWW,
Richard Caldwell, 11/08/2006
-
[sympa-users] Re: Permit LDAP only for WWW,
Olivier Salaün - CRU, 11/14/2006
-
[sympa-users] Re: Re: Permit LDAP only for WWW,
Sylvain Amrani, 11/15/2006
-
[sympa-users] Re: Re: Permit LDAP only for WWW,
Olivier Salaün - CRU, 11/15/2006
- [sympa-users] Re: Re: Re: Permit LDAP only for WWW, Sylvain Amrani, 11/15/2006
-
[sympa-users] Re: Re: Permit LDAP only for WWW,
Olivier Salaün - CRU, 11/15/2006
- [sympa-users] Re: Permit LDAP only for WWW, Richard Caldwell, 11/22/2006
-
[sympa-users] Re: Re: Permit LDAP only for WWW,
Sylvain Amrani, 11/15/2006
-
[sympa-users] Re: Permit LDAP only for WWW,
Olivier Salaün - CRU, 11/14/2006
Archive powered by MHonArc 2.6.19+.