Commit 74cde783 authored by IKEDA Soji's avatar IKEDA Soji
Browse files

[change] Deprecate sympa_altemails cookie. Also, obsolete...

[change] Deprecate sympa_altemails cookie.  Also, obsolete alternative_email_attribute parameter in ldap paragraph of auth.conf.
parent 8126e1a5
......@@ -175,15 +175,12 @@ example, the canonic email is C<mail>.
=item C<alternative_email_attribute>
The name of the attribute for the alternate email in your directory: for
instance C<alternate_email>, C<mailalternateaddress>, ... You make a list of
these attributes separated by commas (C<,>).
With this list, Sympa creates a cookie which contains various information:
Whether the user is authenticated via LDAP or not, their alternate email.
Storing the alternate email is interesting when you want to canonify your
preferences and subscriptions, that is to say you want to use a unique
address in C<user_table> and C<subscriber_table>, which is the canonic email.
I<Obsoleted>.
On Sympa 6.2.38 or earlier, web interface provided a cookie named
C<sympa_altemails> which contained attribute values specified by this
parameter along with authenticated email address.
This feature was deprecated.
=item C<scope>
......
......@@ -1682,8 +1682,6 @@ while ($query = CGI::Fast->new) {
 
$session->set_cookie($cookie_domain, $param->{'user'}{'cookie_delay'},
$param->{'use_ssl'});
# Set/delete cookie for alt_emails.
$session->set_cookie_extern($cookie_domain, $param->{'use_ssl'});
 
if ($param->{'user'}{'email'}) {
$session->{'auth'} ||= 'classic';
......@@ -3251,14 +3249,6 @@ sub do_login {
}
);
 
# Save alt_emails in session store.
my $alt_emails = $data->{'alt_emails'};
$session->{'alt_emails'} = join ',',
map { sprintf '%s:%s', $_, $alt_emails->{$_} }
sort keys %{$alt_emails || {}};
wwslog('info', 'alternative emails = %s', $session->{'alt_emails'})
if $session->{'alt_emails'};
if ($session->{'lang'}) {
# user did choose a specific language before being logged. Apply it
# as a user pref.
......@@ -3907,8 +3897,6 @@ sub is_ldap_user {
next;
}
 
my @alternative_conf =
split(/,/, $ldap->{'alternative_email_attribute'});
my $attrs = $ldap->{'email_attribute'};
 
if (Sympa::Tools::Text::valid_email($auth)) {
......@@ -3993,7 +3981,6 @@ sub do_logout {
 
delete $param->{'user'};
$session->{'email'} = 'nobody';
delete $session->{'alt_emails'};
 
if ( $session->{'cas_server'}
and $Conf::Conf{'auth_services'}{$robot}[$session->{'cas_server'}]) {
......
......@@ -936,9 +936,7 @@ sub _load_auth {
'get_dn_by_uid_filter' => '.+',
'get_dn_by_email_filter' => '.+',
'email_attribute' => Sympa::Regexps::ldap_attrdesc(),
'alternative_email_attribute' => Sympa::Regexps::ldap_attrdesc()
. '(\s*,\s*'
. Sympa::Regexps::ldap_attrdesc() . ')*',
'alternative_email_attribute' => '.*', # Obsoleted
'scope' => 'base|one|sub',
'authentication_info_url' => 'http(s)?:/.*',
'use_tls' => 'starttls|ldaps|none',
......
......@@ -75,7 +75,6 @@ sub check_auth {
return {
'user' => $user,
'auth' => 'ldap',
'alt_emails' => {$canonic => 'ldap'}
};
} else {
......@@ -162,7 +161,6 @@ sub authentication {
return {
'user' => $user,
'auth' => 'classic',
'alt_emails' => {$email => 'classic'}
};
}
} elsif ($auth_service->{'auth_type'} eq 'ldap') {
......@@ -178,7 +176,6 @@ sub authentication {
return {
'user' => $user,
'auth' => 'ldap',
'alt_emails' => {$email => 'ldap'}
};
}
}
......@@ -220,8 +217,6 @@ sub ldap_authentication {
# and this email address does not match the corresponding regexp
return undef if ($auth =~ /@/ && $auth !~ /$ldap->{'regexp'}/i);
my @alt_attrs =
split /\s*,\s*/, ($ldap->{'alternative_email_attribute'} || '');
my $attr = $ldap->{'email_attribute'};
my $filter;
if ($whichfilter eq 'uid_filter') {
......@@ -291,41 +286,13 @@ sub ldap_authentication {
return undef;
}
## To get the value of the canonic email and the alternative email
my (@emails, @alt_emails);
#FIXME FIXME: After all, $param->{'alt_emails'} is never used!
my $param = Sympa::Tools::Data::dup_var($ldap);
## Keep previous alt emails not from LDAP source
my $previous = {};
foreach my $alt (keys %{$param->{'alt_emails'}}) {
$previous->{$alt} = $param->{'alt_emails'}{$alt}
if ($param->{'alt_emails'}{$alt} ne 'ldap');
}
$param->{'alt_emails'} = {};
my $entry = $mesg->entry(0);
my $values = $entry->get_value($attr, alloptions => 1);
@emails =
my @emails =
map { lc $_ }
grep {$_} map { @{$values->{$_}} } sort keys %{$values || {}};
@alt_emails = map {
my $values = $entry->get_value($_, alloptions => 1);
map { lc $_ }
grep {$_} map { @{$values->{$_}} } sort keys %{$values || {}};
} @alt_attrs;
foreach my $email (@emails, @alt_emails) {
$param->{'alt_emails'}{$email} = 'ldap';
}
## Restore previous emails
foreach my $alt (keys %{$previous}) {
$param->{'alt_emails'}{$alt} = $previous->{$alt};
}
$db->disconnect() or $log->syslog('notice', 'Unable to unbind');
$log->syslog('debug3', 'Canonic: %s', $emails[0]);
## If the identifier provided was a valid email, return the provided
......@@ -376,9 +343,6 @@ sub get_email_by_net_id {
my $filter = $ldap->{'get_email_by_uid_filter'};
$filter =~ s/\[([\w-]+)\]/$attributes->{$1}/ig;
# my @alt_attrs =
# split /\s*,\s*/, $ldap->{'alternative_email_attribute'} || '';
my $mesg = $db->do_operation(
'search',
base => $ldap->{'suffix'},
......
......@@ -678,39 +678,8 @@ sub decrypt_session_id {
# Old name:
# cookielib::set_cookie_extern(), Sympa::CookieLib::set_cookie_extern().
sub set_cookie_extern {
$log->syslog('debug', '(%s, %s, %s)', @_);
my $self = shift;
my $dom = shift;
my $use_ssl = shift;
my $value = $self->{'alt_emails'} || '';
# Most of browsers allow body of Set-Cookie field at shortest 4093 o,
# and value of cookie may not be longer than length below.
if (3800 < length $value) {
$log->syslog(
'info',
'Cookie value "%s...%s" is too long (%d). Ignored',
substr($value, 0, 25),
substr($value, -25),
length $value
);
undef $value;
}
my $cookie = CGI::Cookie->new(
-name => 'sympa_altemails',
-domain => (($dom eq 'localhost') ? '' : $dom),
-path => '/',
-secure => $use_ssl,
-httponly => 0,
-value => ($value || 'delete'),
($value ? () : (-expires => '-1d')),
);
# Send cookie to the client.
printf "Set-Cookie: %s\n", $cookie->as_string;
}
# DEPRECATED: No longer used.
#sub set_cookie_extern;
###############################
# Subroutines to read cookies #
......@@ -1000,7 +969,7 @@ TBD.
=item set_cookie_extern ( $cookie_domain, [ $use_ssl ] )
I<Instance method>.
TBD.
Deprecated.
=back
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment