diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/global.cpp | 27 | ||||
| -rw-r--r-- | src/global.h | 2 | ||||
| -rw-r--r-- | src/webview.cpp | 6 |
3 files changed, 11 insertions, 24 deletions
diff --git a/src/global.cpp b/src/global.cpp index 8f19899..468a6f2 100644 --- a/src/global.cpp +++ b/src/global.cpp @@ -142,11 +142,12 @@ bool Global::isValidShibCreds(const QString &ustr, const QString &upass) && R_PASS.match(upass).hasMatch(); } -const QVariantMap& Global::getCombinedIdpWhitelist() +const QMap<QString, QSet<QString>> &Global::getCombinedIdpWhitelist() { - static QVariantMap m_combinedWhitelist; + static QMap<QString, QSet<QString>> m_combinedWhitelist; if (!m_combinedWhitelist.isEmpty()) return m_combinedWhitelist; + static QRegularExpression R_CLEANUP("[^\\w. /:@-]", QRegularExpression::UseUnicodePropertiesOption); static QRegularExpression R_ENTITLEMENT("entitlement=(\\S+)"); QDir configDir(QLatin1String("/opt/openslx/pam/shibboleth/whitelist")); QFileInfoList fileInfoList = configDir.entryInfoList(QStringList() << "*.idp", QDir::Files); @@ -161,7 +162,9 @@ const QVariantMap& Global::getCombinedIdpWhitelist() QSet<QString> list; QTextStream in(&f); while (!in.atEnd()) { - auto line = in.readLine(); + auto line = in.readLine().replace(R_CLEANUP, QString()); + if (line.isEmpty()) + continue; if (line.startsWith('#')) { // Comment/metadata auto m = R_ENTITLEMENT.match(line); @@ -184,22 +187,6 @@ const QVariantMap& Global::getCombinedIdpWhitelist() tmpMap.insert(filter, list); } } - // Now stringify all the lists, so we can put it into a variant map (which we can turn into JSON) - QVariantMap retval; - for (auto it = tmpMap.constBegin(); it != tmpMap.constEnd(); ++it) { - const auto &filter = it.key(); - const auto &list = it.value(); - QString combined; - for (const QString &s : list) { - if (!combined.isEmpty()) { - combined.append(QLatin1Char(' ')); - } - combined += s; - } - retval.insert(filter, combined.replace( - QRegularExpression("[^\\w. /:@-]", QRegularExpression::UseUnicodePropertiesOption), - QString())); - } - m_combinedWhitelist = retval; + m_combinedWhitelist = tmpMap; return m_combinedWhitelist; } diff --git a/src/global.h b/src/global.h index f77caaf..7f11312 100644 --- a/src/global.h +++ b/src/global.h @@ -56,7 +56,7 @@ public: static bool isValidShibCreds(const QString &ustr, const QString &upass); - static const QVariantMap& getCombinedIdpWhitelist(); + static const QMap<QString, QSet<QString>> &getCombinedIdpWhitelist(); private: static bool m_testMode; diff --git a/src/webview.cpp b/src/webview.cpp index d9a689d..e01fa74 100644 --- a/src/webview.cpp +++ b/src/webview.cpp @@ -282,7 +282,7 @@ void WebView::installJsInjectionScript() const auto& map = Global::getCombinedIdpWhitelist(); QSet<QString> idpList; for (auto it = map.constBegin(); it != map.constEnd(); ++it) { - for (const QString &s : it.value().toString().split(' ')) { + for (const QString &s : it.value()) { idpList.insert(s); } } @@ -380,11 +380,11 @@ void WebView::evaluateAuthDom() for (auto it = idpMap.constBegin(); it != idpMap.constEnd(); ++it) { if (it.key().isEmpty()) { // An "anything goes" list, no restrictions - if (it.value().toStringList().contains(idp)) { + if (it.value().contains(idp)) { ok = true; break; } - } else if (it.value().toStringList().contains(idp)) { + } else if (it.value().contains(idp)) { // IdP in list, so if the entitlements match up, allow ok = true; // Break up key into individual entitlements, make sure the user has them all |