jro_apps/redmine Commit - r15310:d7a6c09822bc

Use safe_attributes for auth sources....

Jean-Philippe Lang -

r15310:d7a6c09822bc

parent child

Context file:

r15310:d7a6c09822bc

Collapse all files

app/controllers/auth_sources_controller.rb +12 -5

               menu_item :ldap_authentication
               before_action :require_admin
+              before_action :build_new_auth_source, :only => [:new, :create]
               before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy]
               require_sudo_mode :update, :destroy
               end
               def new
-                klass_name = params[:type] || 'AuthSourceLdap'
-                @auth_source = AuthSource.new_subclass_instance(klass_name, params[:auth_source])
-                render_404 unless @auth_source
               end
               def create
-                @auth_source = AuthSource.new_subclass_instance(params[:type], params[:auth_source])
                 if @auth_source.save
                   flash[:notice] = l(:notice_successful_create)
                   redirect_to auth_sources_path
               end
               def update
-                if @auth_source.update_attributes(params[:auth_source])
+                @auth_source.safe_attributes = params[:auth_source]
+                if @auth_source.save
                   flash[:notice] = l(:notice_successful_update)
                   redirect_to auth_sources_path
                 else
               private
+              def build_new_auth_source
+                @auth_source = AuthSource.new_subclass_instance(params[:type] || 'AuthSourceLdap')
+                if @auth_source
+                  @auth_source.safe_attributes = params[:auth_source]
+                else
+                  render_404
+                end
+              end
               def find_auth_source
                 @auth_source = AuthSource.find(params[:id])
               rescue ActiveRecord::RecordNotFound

app/models/auth_source.rb +16 0

             class AuthSourceTimeoutException < AuthSourceException; end
             class AuthSource < ActiveRecord::Base
+              include Redmine::SafeAttributes
               include Redmine::SubclassFactory
               include Redmine::Ciphering
               validates_length_of :name, :maximum => 60
               attr_protected :id
+              safe_attributes 'name',
+                'host',
+                'port',
+                'account',
+                'account_password',
+                'base_dn',
+                'attr_login',
+                'attr_firstname',
+                'attr_lastname',
+                'attr_mail',
+                'onthefly_register',
+                'tls',
+                'filter',
+                'timeout'
               def authenticate(login, password)
               end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages