Project

General

Profile

Actions

Feature #34045

open

1 minute expire-able RedmineCacheCredMax

Added by Anonymous about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
SCM extra
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

Original RedmineCacheCred does not expire unless otherwise RedmineCacheCredMax is reached. This may cause password change insensitivity of Redmine when being used with LDAP.
We made the authenticity cache expire-able at longest 1 minute.

*** original/extra/svn/Redmine.pm    2020-04-07 02:00:47.000000000 +0900
--- modified/extra/svn/Redmine.pm    2020-09-29 10:21:11.504258505 +0900
***************
*** 466,474 ****
    my $access_mode = request_is_read_only($r) ? "R" : "W";

    my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
    my $usrprojpass;
    if ($cfg->{RedmineCacheCredsMax}) {
!     $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
      return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
    }
    my $dbh = connect_database($r);
--- 468,483 ----
    my $access_mode = request_is_read_only($r) ? "R" : "W";

    my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ 
+   ## make authentication cache expire in 1 minute for pw change sensitivity.
+   my $min_str = get_min_str();
+ 
    my $usrprojpass;
    if ($cfg->{RedmineCacheCredsMax}) {
!     ## make authentication cache expire in 1 minute for pw change sensitivity.
!     # $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
!     $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode.":".$min_str);
! 
      return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
    }
    my $dbh = connect_database($r);
***************
*** 525,534 ****

    if ($cfg->{RedmineCacheCredsMax} and $ret) {
      if (defined $usrprojpass) {
!       $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
      } else {
        if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
!         $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
          $cfg->{RedmineCacheCredsCount}++;
        } else {
          $cfg->{RedmineCacheCreds}->clear();
--- 537,552 ----

    if ($cfg->{RedmineCacheCredsMax} and $ret) {
      if (defined $usrprojpass) {
!       ## make authentication cache expire in 1 minute for pw change sensitivity.
!       # $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
!        $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode.":".$min_str, $pass_digest);
! 
      } else {
        if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
! 
!         ## make authentication cache expire in 1 minute for pw change sensitivity.
!         # $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
!         $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode.":".$min_str, $pass_digest);
          $cfg->{RedmineCacheCredsCount}++;
        } else {
          $cfg->{RedmineCacheCreds}->clear();
***************
*** 557,560 ****
--- 575,585 ----
      return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
  }

+ ## make authentication cache expire in 1 minute for pw change sensitivity.
+ sub get_min_str {
+   (my $sec, my $min, my $hour, my $mday, my $mon, my $year, my $wday, my $yday, my $isdst) = localtime();
+   my $min_str = sprintf("%04d%02d%02d%02d%02d", $year+1900, $mon+1, $mday, $hour, $min);
+   return $min_str
+ }
+ 
  1;

No data to display

Actions

Also available in: Atom PDF