libtransport.git Changeset - 8d10818b9b83

Changeset - 8d10818b9b83

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Jan Kaluza - 10 years ago 2016-02-02 10:27:18
jkaluza@redhat.com

Web interface: Fix registering new users problem caused by allowing access to jquery.js only to registered users

1 file changed with 4 insertions and 0 deletions:

spectrum_manager/src/server.cpp

0 comments (0 inline, 0 general)

spectrum_manager/src/server.cpp

➞

Show inline comments

 bool Server::is_authorized(const struct mg_connection *conn, struct http_message *hm) {
 	Server::session *session;
 	char valid_id[33];
 	bool authorized = false;
 	// Always authorize accesses to login page and to authorize URI
 	if (!mg_vcmp(&hm->uri, "/login") ||
 		!mg_vcmp(&hm->uri, "/login/") ||
 		!mg_vcmp(&hm->uri, "/form.css") ||
 		!mg_vcmp(&hm->uri, "/style.css") ||
 		!mg_vcmp(&hm->uri, "/logo.png") ||
 		!mg_vcmp(&hm->uri, "/js/jquery.js") ||
 		!mg_vcmp(&hm->uri, "/js/jquery-ui.js") ||
 		!mg_vcmp(&hm->uri, "/js/jquery.cookie.js") ||
 		!mg_vcmp(&hm->uri, "/js/app.js") ||
 		!mg_vcmp(&hm->uri, "/users/register.shtml") ||
 		!mg_vcmp(&hm->uri, "/api/v1/users/add") ||
 		!mg_vcmp(&hm->uri, "/authorize")) {
 		return true;
+	}
 	if ((session = get_session(hm)) != NULL) {
 		generate_session_id(valid_id, session->random, session->user);
 		if (strcmp(valid_id, session->session_id) == 0) {
 			session->expire = time(0) + SESSION_TTL;
 			authorized = true;
+		}

0 comments (0 inline, 0 general)