jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Only set ldap allowlist if file exists and is not empty

Browse Source
This commit is contained in:
Johannes Zellner
2021-12-15 18:45:51 +01:00
parent d6fbe2a1bb
commit d69758e559
3 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/settings.js
View File

@@ -516,15 +516,20 @@ async function setExposedLdapConfig(exposedLdapConfig) {
const config = {
enabled: exposedLdapConfig.enabled,
// if list is empty, we allow all IPs
allowlist: exposedLdapConfig.allowlist || '0.0.0.0/0'
allowlist: exposedLdapConfig.allowlist || ''
};
if (config.enabled) {
let gotOne = false;
for (const line of exposedLdapConfig.allowlist.split('\n')) {
if (!line || line.startsWith('#')) continue;
const rangeOrIP = line.trim();
if (!validator.isIP(rangeOrIP) && !validator.isIPRange(rangeOrIP)) throw new BoxError(BoxError.BAD_FIELD, `${rangeOrIP} is not a valid IP or range`);
gotOne = true;
}
// only allow if we at least have one allowed IP/range
if (!gotOne) throw new BoxError(BoxError.BAD_FIELD, 'allowlist must at least contain one IP or range');
}
await set(exports.EXPOSED_LDAP_KEY, JSON.stringify(config));