]> git.proxmox.com Git - proxmox-backup.git/commitdiff
projects / proxmox-backup.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4beb7d2)
openid_login: vertify that firstname, lastname and email fits our schema definitions
authorDietmar Maurer <dietmar@proxmox.com>
Wed, 10 Nov 2021 05:44:40 +0000 (06:44 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Wed, 10 Nov 2021 05:48:40 +0000 (06:48 +0100)
If not, we do not copy the values to our user.cfg.

src/api2/access/openid.rs patch | blob | blame | history

diff --git a/src/api2/access/openid.rs b/src/api2/access/openid.rs
index 5d7fe1ae9221fbdd1b1f9d8961deeccfea4eefad..df64e20d570535285c6ca78a02ecb8e2e4860671 100644 (file)
--- a/src/api2/access/openid.rs
+++ b/src/api2/access/openid.rs
@@ -9,11 +9,11 @@ use proxmox::{identity, sortable};
 use proxmox_router::{
     http_err, list_subdirs_api_method, Router, RpcEnvironment, SubdirMap, Permission,
 };
-use proxmox_schema::api;
+use proxmox_schema::{api, parse_simple_value};
 
 use proxmox_openid::{OpenIdAuthenticator,  OpenIdConfig};
 
-use pbs_api_types::{Userid, User, REALM_ID_SCHEMA};
+use pbs_api_types::{User, Userid, EMAIL_SCHEMA, FIRST_NAME_SCHEMA, LAST_NAME_SCHEMA, REALM_ID_SCHEMA};
 use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
 use pbs_tools::ticket::Ticket;
 use pbs_config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
@@ -128,14 +128,27 @@ pub fn openid_login(
             if config.autocreate.unwrap_or(false) {
                 use pbs_config::user;
                 let _lock = open_backup_lockfile(user::USER_CFG_LOCKFILE, None, true)?;
+
+                let firstname = info.given_name().and_then(|n| n.get(None))
+                    .filter(|n| parse_simple_value(n, &FIRST_NAME_SCHEMA).is_ok())
+                    .map(|n| n.to_string());
+
+                let lastname = info.family_name().and_then(|n| n.get(None))
+                    .filter(|n| parse_simple_value(n, &LAST_NAME_SCHEMA).is_ok())
+                    .map(|n| n.to_string());
+
+                let email = info.email()
+                    .filter(|n| parse_simple_value(n, &EMAIL_SCHEMA).is_ok())
+                    .map(|e| e.to_string());
+
                 let user = User {
                     userid: user_id.clone(),
                     comment: None,
                     enable: None,
                     expire: None,
-                    firstname: info.given_name().and_then(|n| n.get(None)).map(|n| n.to_string()),
-                    lastname: info.family_name().and_then(|n| n.get(None)).map(|n| n.to_string()),
-                    email: info.email().map(|e| e.to_string()),
+                    firstname,
+                    lastname,
+                    email,
                 };
                 let (mut config, _digest) = user::config()?;
                 if config.sections.get(user.userid.as_str()).is_some() {
Proxmox Backup Server and Client