jro_apps/redmine Commit - r15310:d7a6c09822bc

Use safe_attributes for auth sources....

Jean-Philippe Lang -

r15310:d7a6c09822bc

parent child

Context file:

r15310:d7a6c09822bc

Collapse all files

app/controllers/auth_sources_controller.rb +12 -5

                menu_item :ldap_authentication
                before_action :require_admin
+               before_action :build_new_auth_source, :only => [:new, :create]
                before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy]
                require_sudo_mode :update, :destroy
                end
                def new
-                 klass_name = params[:type] || 'AuthSourceLdap'
-                 @auth_source = AuthSource.new_subclass_instance(klass_name, params[:auth_source])
-                 render_404 unless @auth_source
                end
                def create
-                 @auth_source = AuthSource.new_subclass_instance(params[:type], params[:auth_source])
                  if @auth_source.save
                    flash[:notice] = l(:notice_successful_create)
                    redirect_to auth_sources_path
                end
                def update
-                 if @auth_source.update_attributes(params[:auth_source])
+                 @auth_source.safe_attributes = params[:auth_source]
+                 if @auth_source.save
                    flash[:notice] = l(:notice_successful_update)
                    redirect_to auth_sources_path
                  else
                private
+               def build_new_auth_source
+                 @auth_source = AuthSource.new_subclass_instance(params[:type] || 'AuthSourceLdap')
+                 if @auth_source
+                   @auth_source.safe_attributes = params[:auth_source]
+                 else
+                   render_404
+                 end
+               end
                def find_auth_source
                  @auth_source = AuthSource.find(params[:id])
                rescue ActiveRecord::RecordNotFound

app/models/auth_source.rb +16 0

              class AuthSourceTimeoutException < AuthSourceException; end
              class AuthSource < ActiveRecord::Base
+               include Redmine::SafeAttributes
                include Redmine::SubclassFactory
                include Redmine::Ciphering
                validates_length_of :name, :maximum => 60
                attr_protected :id
+               safe_attributes 'name',
+                 'host',
+                 'port',
+                 'account',
+                 'account_password',
+                 'base_dn',
+                 'attr_login',
+                 'attr_firstname',
+                 'attr_lastname',
+                 'attr_mail',
+                 'onthefly_register',
+                 'tls',
+                 'filter',
+                 'timeout'
                def authenticate(login, password)
                end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages