security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-22 17:34:21 +01:00
Code Releases Activity

disable redirection + disable selfmodify if authentication is 'none'

Browse Source
This commit is contained in:
kakwa 2015-06-28 11:22:37 +02:00
parent 147cad3511
commit e7053435e3
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ldapcherry/__init__.py
View File

@ -695,10 +695,6 @@ class LdapCherry(object):
""" """
self._check_auth(must_admin=False) self._check_auth(must_admin=False)
is_admin = self._check_admin() is_admin = self._check_admin()
if is_admin:
raise cherrypy.HTTPRedirect('selfmodify')
else:
raise cherrypy.HTTPRedirect('selfmodify')
return self.temp_index.render(is_admin=is_admin) return self.temp_index.render(is_admin=is_admin)
@cherrypy.expose @cherrypy.expose
@ -798,10 +794,12 @@ class LdapCherry(object):
""" self modify user page """ """ self modify user page """
self._check_auth(must_admin=False) self._check_auth(must_admin=False)
is_admin = self._check_admin() is_admin = self._check_admin()
if cherrypy.request.method.upper() == 'POST':
self._selfmodify(params)
sess = cherrypy.session sess = cherrypy.session
user = str(sess.get(SESSION_KEY, None)) user = str(sess.get(SESSION_KEY, None))
if self.auth_mode == 'none':
return "not available without authentication disabled"
if cherrypy.request.method.upper() == 'POST':
self._selfmodify(params)
user_attrs = self._get_user(user) user_attrs = self._get_user(user)
form = self.temp_form.render(attributes=self.attributes.get_selfattributes(), values=user_attrs, modify=True) form = self.temp_form.render(attributes=self.attributes.get_selfattributes(), values=user_attrs, modify=True)
return self.temp_selfmodify.render(form=form, is_admin=is_admin) return self.temp_selfmodify.render(form=form, is_admin=is_admin)