Actions
Feature #34045
open
1 minute expire-able RedmineCacheCredMax
Status:
New
Priority:
Normal
Assignee:
-
Category:
SCM extra
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Description
Original RedmineCacheCred does not expire unless otherwise RedmineCacheCredMax is reached. This may cause password change insensitivity of Redmine when being used with LDAP.
We made the authenticity cache expire-able at longest 1 minute.
*** original/extra/svn/Redmine.pm 2020-04-07 02:00:47.000000000 +0900
--- modified/extra/svn/Redmine.pm 2020-09-29 10:21:11.504258505 +0900
***************
*** 466,474 ****
my $access_mode = request_is_read_only($r) ? "R" : "W";
my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
my $usrprojpass;
if ($cfg->{RedmineCacheCredsMax}) {
! $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
}
my $dbh = connect_database($r);
--- 468,483 ----
my $access_mode = request_is_read_only($r) ? "R" : "W";
my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+
+ ## make authentication cache expire in 1 minute for pw change sensitivity.
+ my $min_str = get_min_str();
+
my $usrprojpass;
if ($cfg->{RedmineCacheCredsMax}) {
! ## make authentication cache expire in 1 minute for pw change sensitivity.
! # $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
! $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode.":".$min_str);
!
return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
}
my $dbh = connect_database($r);
***************
*** 525,534 ****
if ($cfg->{RedmineCacheCredsMax} and $ret) {
if (defined $usrprojpass) {
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
} else {
if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
$cfg->{RedmineCacheCredsCount}++;
} else {
$cfg->{RedmineCacheCreds}->clear();
--- 537,552 ----
if ($cfg->{RedmineCacheCredsMax} and $ret) {
if (defined $usrprojpass) {
! ## make authentication cache expire in 1 minute for pw change sensitivity.
! # $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode.":".$min_str, $pass_digest);
!
} else {
if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
!
! ## make authentication cache expire in 1 minute for pw change sensitivity.
! # $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
! $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode.":".$min_str, $pass_digest);
$cfg->{RedmineCacheCredsCount}++;
} else {
$cfg->{RedmineCacheCreds}->clear();
***************
*** 557,560 ****
--- 575,585 ----
return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
}
+ ## make authentication cache expire in 1 minute for pw change sensitivity.
+ sub get_min_str {
+ (my $sec, my $min, my $hour, my $mday, my $mon, my $year, my $wday, my $yday, my $isdst) = localtime();
+ my $min_str = sprintf("%04d%02d%02d%02d%02d", $year+1900, $mon+1, $mday, $hour, $min);
+ return $min_str
+ }
+
1;
No data to display
Actions