Branch 'kolab-syncroton-2.2' - 2 commits - lib/kolab_sync.php
Aleksander Machniak
machniak at kolabsys.com
Thu Feb 27 15:03:20 CET 2014
lib/kolab_sync.php | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
New commits:
commit fab29e619e1ab33a81225f9c32dbf2274c987a0a
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Thu Feb 27 15:02:16 2014 +0100
Add host name to the cache key
diff --git a/lib/kolab_sync.php b/lib/kolab_sync.php
index da93bf9..f2ad644 100644
--- a/lib/kolab_sync.php
+++ b/lib/kolab_sync.php
@@ -173,12 +173,13 @@ class kolab_sync extends rcube
public function authenticate($username, $password)
{
// use shared cache for kolab_auth plugin result (username canonification)
- $cache = $this->get_cache_shared('activesync_auth');
- $cache_key = sha1($username);
+ $cache = $this->get_cache_shared('activesync_auth');
+ $host = $this->select_host($username);
+ $cache_key = sha1($username . '::' . $host);
if (!$cache || !($auth = $cache->get($cache_key))) {
$auth = $this->plugins->exec_hook('authenticate', array(
- 'host' => $this->select_host($username),
+ 'host' => $host,
'user' => $username,
'pass' => $password,
));
commit 45bdeb1bc76be76ac446e9ee21c358634b7e40ae
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Thu Feb 27 13:56:20 2014 +0100
Do not use user password to build authentication cache key. Use sha1() instead of md5().
This way it's more secure. Also password change does not invalidate the cached
username/host, so there was not really need for including password there.
diff --git a/lib/kolab_sync.php b/lib/kolab_sync.php
index 56fb55f..da93bf9 100644
--- a/lib/kolab_sync.php
+++ b/lib/kolab_sync.php
@@ -174,21 +174,19 @@ class kolab_sync extends rcube
{
// use shared cache for kolab_auth plugin result (username canonification)
$cache = $this->get_cache_shared('activesync_auth');
- $cache_key = md5($username . '::' . $password);
+ $cache_key = sha1($username);
if (!$cache || !($auth = $cache->get($cache_key))) {
$auth = $this->plugins->exec_hook('authenticate', array(
'host' => $this->select_host($username),
'user' => $username,
'pass' => $password,
- 'valid' => true,
));
- if ($auth['valid'] && $cache) {
+ if (!$auth['abort'] && $cache) {
$cache->set($cache_key, array(
'user' => $auth['user'],
'host' => $auth['host'],
- 'valid' => $auth['valid'],
));
}
@@ -202,9 +200,7 @@ class kolab_sync extends rcube
}
// Authenticate - get Roundcube user ID
- if ($auth['valid'] && !$auth['abort']
- && ($userid = $this->login($auth['user'], $auth['pass'], $auth['host'], $err))
- ) {
+ if (!$auth['abort'] && ($userid = $this->login($auth['user'], $auth['pass'], $auth['host'], $err))) {
// set real username
$this->username = $auth['user'];
return $userid;
More information about the commits
mailing list