135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve security of REMOTE_USER handling (B. Marshall)

Browse Source
This commit is contained in:
Oliver Gorwits
2016-09-30 17:12:30 +01:00
parent 7b27002495
commit 4b59d55690
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Netdisco/lib/App/Netdisco/Web/AuthN.pm
View File

@@ -9,11 +9,15 @@ hook 'before' => sub {
? request->uri : uri_for('/inventory')->path);
if (! session('logged_in_user') && request->path ne uri_for('/login')->path) {
if (setting('trust_x_remote_user') and scalar request->header('X-REMOTE_USER')) {
if (setting('trust_x_remote_user')
and scalar request->header('X-REMOTE_USER')
and length scalar request->header('X-REMOTE_USER')) {
session(logged_in_user => scalar request->header('X-REMOTE_USER'));
session(logged_in_user_realm => 'users');
}
elsif (setting('trust_remote_user') and $ENV{REMOTE_USER}) {
elsif (setting('trust_remote_user')
and defined $ENV{REMOTE_USER}
and length $ENV{REMOTE_USER}) {
session(logged_in_user => $ENV{REMOTE_USER});
session(logged_in_user_realm => 'users');
}