ponymail-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject incubator-ponymail git commit: Simplify by relying on validation in aaa.lua
Date Thu, 15 Dec 2016 21:55:52 GMT
Repository: incubator-ponymail
Updated Branches:
  refs/heads/master b2947f610 -> b6598b818


Simplify by relying on validation in aaa.lua

Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/b6598b81
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/b6598b81
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/b6598b81

Branch: refs/heads/master
Commit: b6598b8188ba6472a4cfb56115631104aea3e6ca
Parents: b2947f6
Author: Sebb <sebb@apache.org>
Authored: Thu Dec 15 21:55:43 2016 +0000
Committer: Sebb <sebb@apache.org>
Committed: Thu Dec 15 21:55:43 2016 +0000

----------------------------------------------------------------------
 aaa_examples/aaa_by_email_address.lua | 24 +-----------------------
 aaa_examples/aaa_by_portal.lua        | 24 +-----------------------
 aaa_examples/aaa_with_subgroups.lua   | 24 +-----------------------
 3 files changed, 3 insertions(+), 69 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/b6598b81/aaa_examples/aaa_by_email_address.lua
----------------------------------------------------------------------
diff --git a/aaa_examples/aaa_by_email_address.lua b/aaa_examples/aaa_by_email_address.lua
index 7850742..5757a94 100644
--- a/aaa_examples/aaa_by_email_address.lua
+++ b/aaa_examples/aaa_by_email_address.lua
@@ -41,9 +41,6 @@ end
 
 -- Get a list of domains the user has private email access to (or wildcard if org member)
 local function getRights(r, usr)
-    if not usr.credentials then
-        return {}
-    end
     local email = usr.credentials.email or "|||"
     local xemail = email:match("([-a-zA-Z0-9._@]+)") -- whitelist characters
     local rights = {}
@@ -53,26 +50,6 @@ local function getRights(r, usr)
         return rights
     end
     
-    -- Check that we used oauth, bail if not
-    local oauth_domain = usr.internal and usr.internal.oauth_used or nil
-    if not oauth_domain then
-        return {}
-    end
-    
-    -- check if oauth was through an oauth portal that can give privacy rights
-    local authority = false
-    for k, v in pairs(config.admin_oauth or {}) do
-        if r.strcmp_match(oauth_domain, v) then
-            authority = true
-            break
-        end
-    end
-    
-    -- if not a 'good' oauth, then let's forget all about it
-    if not authority then
-        return rights
-    end
-    
     -- first, check against primary address
     local validEmail = validateEmail(r, email)
     
@@ -97,5 +74,6 @@ end
 
 -- module defs
 return {
+    validateParams = true,
     rights = getRights
 }

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/b6598b81/aaa_examples/aaa_by_portal.lua
----------------------------------------------------------------------
diff --git a/aaa_examples/aaa_by_portal.lua b/aaa_examples/aaa_by_portal.lua
index 79782db..20c3be2 100644
--- a/aaa_examples/aaa_by_portal.lua
+++ b/aaa_examples/aaa_by_portal.lua
@@ -29,9 +29,6 @@ local grant_access_to = "*" -- use * for access to all, or specify a (sub)domain
 
 -- Get rights (full or no access)
 local function getRights(r, usr)
-    if not usr.credentials then
-        return {}
-    end
     local email = usr.credentials.email or "|||"
     local xemail = email:match("([-a-zA-Z0-9._@]+)") -- whitelist characters
     local rights = {}
@@ -41,26 +38,6 @@ local function getRights(r, usr)
         return rights
     end
     
-    -- Check that we used oauth, bail if not
-    local oauth_domain = usr.internal and usr.internal.oauth_used or nil
-    if not oauth_domain then
-        return {}
-    end
-    
-    -- check if oauth was through an oauth portal that can give privacy rights
-    local authority = false
-    for k, v in pairs(config.admin_oauth or {}) do
-        if r.strcmp_match(oauth_domain, v) then
-            authority = true
-            break
-        end
-    end
-    
-    -- if not a 'good' oauth, then let's forget all about it
-    if not authority then
-        return rights
-    end
-    
     -- Check if admin or if the right oauth portal was used
     if usr.internal.admin or oauth_domain == valid_portal then
         table.insert(rights, grant_access_to)
@@ -70,5 +47,6 @@ end
 
 -- module defs
 return {
+    validateParams = true,
     rights = getRights
 }

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/b6598b81/aaa_examples/aaa_with_subgroups.lua
----------------------------------------------------------------------
diff --git a/aaa_examples/aaa_with_subgroups.lua b/aaa_examples/aaa_with_subgroups.lua
index f2ef495..6de63e3 100644
--- a/aaa_examples/aaa_with_subgroups.lua
+++ b/aaa_examples/aaa_with_subgroups.lua
@@ -47,9 +47,6 @@ local access_list = {
 
 -- Get rights (full or no access)
 local function getRights(r, usr)
-    if not usr.credentials then
-        return {}
-    end
     local email = usr.credentials.email or "|||"
     local xemail = email:match("([-a-zA-Z0-9._@]+)") -- whitelist characters
     local rights = {}
@@ -59,26 +56,6 @@ local function getRights(r, usr)
         return rights
     end
     
-    -- Check that we used oauth, bail if not
-    local oauth_domain = usr.internal and usr.internal.oauth_used or nil
-    if not oauth_domain then
-        return {}
-    end
-    
-    -- check if oauth was through an oauth portal that can give privacy rights
-    local authority = false
-    for k, v in pairs(config.admin_oauth or {}) do
-        if r.strcmp_match(oauth_domain, v) then
-            authority = true
-            break
-        end
-    end
-    
-    -- if not a 'good' oauth, then let's forget all about it
-    if not authority then
-        return rights
-    end
-    
     -- Check if the access list has this email on file, and if so,
     -- return the access list for that specific email account
     if access_list[email] then
@@ -89,5 +66,6 @@ end
 
 -- module defs
 return {
+    validateParams = true,
     rights = getRights
 }


Mime
View raw message