diff options
author | Simon Rettberg | 2024-06-25 11:40:36 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-06-25 11:40:36 +0200 |
commit | 2ea077382d0500a6554018539a985e0eaf32a92a (patch) | |
tree | 9f76201947dafed4ed4ca15a2f73960e9c593774 | |
parent | Add allowed-shibboleth-domains config option to inject in website (diff) | |
download | slxgreeter-2ea077382d0500a6554018539a985e0eaf32a92a.tar.gz slxgreeter-2ea077382d0500a6554018539a985e0eaf32a92a.tar.xz slxgreeter-2ea077382d0500a6554018539a985e0eaf32a92a.zip |
Make shibboleth whitelist a folder which can contain multiple files
This way we can allow the user the create and specify multiple config
modules for shibboleth at once.
-rw-r--r-- | src/global.cpp | 27 | ||||
-rw-r--r-- | src/global.h | 2 | ||||
-rw-r--r-- | src/nam.cpp | 2 | ||||
-rw-r--r-- | src/nam.h | 2 | ||||
-rw-r--r-- | src/settings.h | 2 | ||||
-rw-r--r-- | src/webview.cpp | 6 |
6 files changed, 35 insertions, 6 deletions
diff --git a/src/global.cpp b/src/global.cpp index ab2519b..91704f3 100644 --- a/src/global.cpp +++ b/src/global.cpp @@ -9,6 +9,7 @@ #include <QStringList> #include <QCryptographicHash> #include <QRegularExpression> +#include <QSet> bool Global::m_testMode = false; @@ -139,3 +140,29 @@ bool Global::isValidShibCreds(const QString &ustr, const QString &upass) && R_USER.match(ustr).hasMatch() && R_PASS.match(upass).hasMatch(); } + +QString Global::getCombinedIdpWhitelist() +{ + QDir configDir(QLatin1String("/opt/openslx/pam/shibboleth/whitelist")); + QFileInfoList fileInfoList = configDir.entryInfoList(QStringList() << "*.idp", QDir::Files); + + QSet<QString> list; + for (QFileInfo fileInfo : fileInfoList) { + QString filePath = fileInfo.absoluteFilePath(); + QFile f(filePath); + if (!f.open(QFile::ReadOnly)) + continue; + while (f.canReadLine()) { + list << QString::fromUtf8(f.readLine()); + } + f.close(); + } + QString retval; + for (const QString &s : list) { + if (!retval.isEmpty()) { + retval.append(QLatin1Char(' ')); + } + retval += s; + } + return retval; +} diff --git a/src/global.h b/src/global.h index d581c07..7985175 100644 --- a/src/global.h +++ b/src/global.h @@ -56,6 +56,8 @@ public: static bool isValidShibCreds(const QString &ustr, const QString &upass); + static QString getCombinedIdpWhitelist(); + private: static bool m_testMode; static QLightDM::Greeter *m_Greeter; diff --git a/src/nam.cpp b/src/nam.cpp index 6128c40..b244505 100644 --- a/src/nam.cpp +++ b/src/nam.cpp @@ -49,6 +49,6 @@ QNetworkReply* SlxNetworkAccessManager::createRequest(QNetworkAccessManager::Ope return new SlxDisabledNetworkReply(this, req, op); } auto cp(req); - cp.setAttribute(QNetworkRequest::HTTP2AllowedAttribute, QVariant(false)); + cp.setAttribute(QNetworkRequest::Http2AllowedAttribute, QVariant(false)); return QNetworkAccessManager::createRequest(op, cp, outgoingData); } @@ -13,7 +13,7 @@ class SlxNetworkAccessManager : public QNetworkAccessManager Q_OBJECT public: SlxNetworkAccessManager(QRegularExpression blackList, QRegularExpression whiteList, QObject *parent = nullptr) - : QNetworkAccessManager(parent), _black(blackList), _white(whiteList) {} + : QNetworkAccessManager(parent), _black(blackList), _white(whiteList) { } protected: QNetworkReply* createRequest(QNetworkAccessManager::Operation op, const QNetworkRequest &originalReq, QIODevice *outgoingData = nullptr) override; diff --git a/src/settings.h b/src/settings.h index a218e3b..ce6da1d 100644 --- a/src/settings.h +++ b/src/settings.h @@ -25,6 +25,7 @@ public: for (QFileInfo fileInfo : fileInfoList) { QString filePath = fileInfo.absoluteFilePath(); QSettings setting(filePath, IniFormat); + setting.setIniCodec(QTextCodec::codecForLocale()); for(QString key : setting.allKeys()) { this->setValue(key, setting.value(key)); } @@ -60,7 +61,6 @@ public: static QString guestSessionButtonText() { return s_settings->value("guest-session-button-text").toString(); } static QString guestSessionStartText() { return s_settings->value("guest-session-start-text").toString(); } static QString guestSessionStartButtonText() { return s_settings->value("guest-session-start-button-text").toString(); } - static QString allowedShibbolethDomains() { return s_settings->value("allowed-shibboleth-domains").toString(); } static int resetForm() { return s_settings->value("reset-timeout", "30").toInt(); } static int rpcPort() { return s_settings->value("rpc-port", "0").toInt(); } }; diff --git a/src/webview.cpp b/src/webview.cpp index 4fb8511..7646324 100644 --- a/src/webview.cpp +++ b/src/webview.cpp @@ -41,7 +41,7 @@ WebView::WebView(QWidget* parent) _firstLoad(false) { auto p = new UaWebPage; - if (!Settings::allowedShibbolethDomains().trimmed().isEmpty()) { + if (!Global::getCombinedIdpWhitelist().trimmed().isEmpty()) { QObject::connect(p, &UaWebPage::frameCreated, [this](QWebFrame *frame) { QObject::connect(frame, &QWebFrame::javaScriptWindowObjectCleared, [this, frame]() { this->jsInjector(frame); @@ -72,8 +72,8 @@ WebView::WebView(QWidget* parent) void WebView::jsInjector(QWebFrame *frame) { - QString str = Settings::allowedShibbolethDomains().replace( - QRegularExpression("[^\\w. -]", QRegularExpression::UseUnicodePropertiesOption), + QString str = Global::getCombinedIdpWhitelist().replace( + QRegularExpression("[^\\w. /:-]", QRegularExpression::UseUnicodePropertiesOption), QStringLiteral("")); frame->evaluateJavaScript(QStringLiteral("var slxIdpFilter ='") + str + QStringLiteral("'")); } |