Vote #81081
未完了1 minute expire-able RedmineCacheCredMax
ステータス:
New
優先度:
通常
担当者:
-
カテゴリ:
SCM extra_46
対象バージョン:
-
開始日:
2022/05/09
期日:
進捗率:
0%
予定工数:
Redmineorg_URL:
category_id:
46
version_id:
0
issue_org_id:
34045
author_id:
473604
assigned_to_id:
0
comments:
0
status_id:
1
tracker_id:
2
plus1:
0
affected_version:
closed_on:
affected_version_id:
説明
Original RedmineCacheCred does not expire unless otherwise RedmineCacheCredMax is reached. This may cause password change insensitivity of Redmine when being used with LDAP.
We made the authenticity cache expire-able at longest 1 minute.
*** original/extra/svn/Redmine.pm 2020-04-07 02:00:47.000000000 +0900
--- modified/extra/svn/Redmine.pm 2020-09-29 10:21:11.504258505 +0900
***************
*** 466,474 ****
my $access_mode = request_is_read_only($r) ? "R" : "W";
my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
my $usrprojpass;
if ($cfg->{RedmineCacheCredsMax}) {
! $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
}
my $dbh = connect_database($r);
--- 468,483 ----
my $access_mode = request_is_read_only($r) ? "R" : "W";
my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+
+ ## make authentication cache expire in 1 minute for pw change sensitivity.
+ my $min_str = get_min_str();
+
my $usrprojpass;
if ($cfg->{RedmineCacheCredsMax}) {
! ## make authentication cache expire in 1 minute for pw change sensitivity.
! # $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
! $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode.":".$min_str);
!
return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
}
my $dbh = connect_database($r);
***************
*** 525,534 ****
if ($cfg->{RedmineCacheCredsMax} and $ret) {
if (defined $usrprojpass) {
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
} else {
if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
$cfg->{RedmineCacheCredsCount}++;
} else {
$cfg->{RedmineCacheCreds}->clear();
--- 537,552 ----
if ($cfg->{RedmineCacheCredsMax} and $ret) {
if (defined $usrprojpass) {
! ## make authentication cache expire in 1 minute for pw change sensitivity.
! # $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode.":".$min_str, $pass_digest);
!
} else {
if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
!
! ## make authentication cache expire in 1 minute for pw change sensitivity.
! # $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode.":".$min_str, $pass_digest);
$cfg->{RedmineCacheCredsCount}++;
} else {
$cfg->{RedmineCacheCreds}->clear();
***************
*** 557,560 ****
--- 575,585 ----
return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
}
+ ## make authentication cache expire in 1 minute for pw change sensitivity.
+ sub get_min_str {
+ (my $sec, my $min, my $hour, my $mday, my $mon, my $year, my $wday, my $yday, my $isdst) = localtime();
+ my $min_str = sprintf("%04d%02d%02d%02d%02d", $year+1900, $mon+1, $mday, $hour, $min);
+ return $min_str
+ }
+
1;
いいね!0