diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-17 08:18:26 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-17 08:18:26 +0000 |
| commit | d7a6c09822bc18c01b707d479342af956f754568 (patch) | |
| tree | 310ef409ee136c2ed91761e69e98bc789b88deaf | |
| parent | cc30a0423eeeb4ad78fdd68c54f2f2df78899ffe (diff) | |
| download | redmine-d7a6c09822bc18c01b707d479342af956f754568.tar.gz redmine-d7a6c09822bc18c01b707d479342af956f754568.zip | |
Use safe_attributes for auth sources.
git-svn-id: http://svn.redmine.org/redmine/trunk@15692 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/auth_sources_controller.rb | 17 | ||||
| -rw-r--r-- | app/models/auth_source.rb | 16 |
2 files changed, 28 insertions, 5 deletions
diff --git a/app/controllers/auth_sources_controller.rb b/app/controllers/auth_sources_controller.rb index 6f5e903d6..d6dd58896 100644 --- a/app/controllers/auth_sources_controller.rb +++ b/app/controllers/auth_sources_controller.rb @@ -20,6 +20,7 @@ class AuthSourcesController < ApplicationController menu_item :ldap_authentication before_action :require_admin + before_action :build_new_auth_source, :only => [:new, :create] before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy] require_sudo_mode :update, :destroy @@ -28,13 +29,9 @@ class AuthSourcesController < ApplicationController end def new - klass_name = params[:type] || 'AuthSourceLdap' - @auth_source = AuthSource.new_subclass_instance(klass_name, params[:auth_source]) - render_404 unless @auth_source end def create - @auth_source = AuthSource.new_subclass_instance(params[:type], params[:auth_source]) if @auth_source.save flash[:notice] = l(:notice_successful_create) redirect_to auth_sources_path @@ -47,7 +44,8 @@ class AuthSourcesController < ApplicationController end def update - if @auth_source.update_attributes(params[:auth_source]) + @auth_source.safe_attributes = params[:auth_source] + if @auth_source.save flash[:notice] = l(:notice_successful_update) redirect_to auth_sources_path else @@ -89,6 +87,15 @@ class AuthSourcesController < ApplicationController private + def build_new_auth_source + @auth_source = AuthSource.new_subclass_instance(params[:type] || 'AuthSourceLdap') + if @auth_source + @auth_source.safe_attributes = params[:auth_source] + else + render_404 + end + end + def find_auth_source @auth_source = AuthSource.find(params[:id]) rescue ActiveRecord::RecordNotFound diff --git a/app/models/auth_source.rb b/app/models/auth_source.rb index 69448d350..bea91bc22 100644 --- a/app/models/auth_source.rb +++ b/app/models/auth_source.rb @@ -21,6 +21,7 @@ class AuthSourceException < Exception; end class AuthSourceTimeoutException < AuthSourceException; end class AuthSource < ActiveRecord::Base + include Redmine::SafeAttributes include Redmine::SubclassFactory include Redmine::Ciphering @@ -31,6 +32,21 @@ class AuthSource < ActiveRecord::Base validates_length_of :name, :maximum => 60 attr_protected :id + safe_attributes 'name', + 'host', + 'port', + 'account', + 'account_password', + 'base_dn', + 'attr_login', + 'attr_firstname', + 'attr_lastname', + 'attr_mail', + 'onthefly_register', + 'tls', + 'filter', + 'timeout' + def authenticate(login, password) end |