shuber 2004/08/18 18:26:28 CEST
Modified files: (Branch: JAHIA-4-0-BRANCH)
src/java JahiaMessageResources.properties
JahiaMessageResources_en.properties
JahiaMessageResources_fr.properties
src/java/org/jahia/engines/users
NewUserRegistration_Engine.java
Log:
- Security fix : made it impossible to register new users into the groups :
administrators, users and guest.
Revision Changes Path
1.15.2.3 +1 -0 jahia/src/java/JahiaMessageResources.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/JahiaMessageResources.properties.diff?r1=1.15.2.2&r2=1.15.2.3&f=h
1.11.2.3 +1 -0 jahia/src/java/JahiaMessageResources_en.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/JahiaMessageResources_en.properties.diff?r1=1.11.2.2&r2=1.11.2.3&f=h
1.14.2.4 +1 -0 jahia/src/java/JahiaMessageResources_fr.properties
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/JahiaMessageResources_fr.properties.diff?r1=1.14.2.3&r2=1.14.2.4&f=h
1.3.2.2 +24 -0
jahia/src/java/org/jahia/engines/users/NewUserRegistration_Engine.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/org/jahia/engines/users/NewUserRegistration_Engine.java.diff?r1=1.3.2.1&r2=1.3.2.2&f=h
Index: JahiaMessageResources.properties
===================================================================
RCS file:
/home/cvs/repository/jahia/src/java/Attic/JahiaMessageResources.properties,v
retrieving revision 1.15.2.2
retrieving revision 1.15.2.3
diff -u -r1.15.2.2 -r1.15.2.3
--- JahiaMessageResources.properties 17 Aug 2004 08:07:23 -0000 1.15.2.2
+++ JahiaMessageResources.properties 18 Aug 2004 16:26:27 -0000 1.15.2.3
@@ -246,3 +246,4 @@
org.jahia.engines.users.newuserregistration.passwordTooShort
= Password too short (mininum 6 characters)
org.jahia.engines.users.newuserregistration.userNameAlreadyExists
= User name already exists
org.jahia.engines.users.newuserregistration.errorWhileCreatingUser
= Error while creating user
+org.jahia.engines.users.newuserregistration.unauthorizedGroup
= User tried to register into unauthorized group {0}
\ No newline at end of file
Index: JahiaMessageResources_en.properties
===================================================================
RCS file:
/home/cvs/repository/jahia/src/java/Attic/JahiaMessageResources_en.properties,v
retrieving revision 1.11.2.2
retrieving revision 1.11.2.3
diff -u -r1.11.2.2 -r1.11.2.3
--- JahiaMessageResources_en.properties 17 Aug 2004 08:07:23 -0000
1.11.2.2
+++ JahiaMessageResources_en.properties 18 Aug 2004 16:26:27 -0000
1.11.2.3
@@ -246,3 +246,4 @@
org.jahia.engines.users.newuserregistration.passwordTooShort
= Password too short (mininum 6 characters)
org.jahia.engines.users.newuserregistration.userNameAlreadyExists
= User name already exists
org.jahia.engines.users.newuserregistration.errorWhileCreatingUser
= Error while creating user
+org.jahia.engines.users.newuserregistration.unauthorizedGroup
= User tried to register into unauthorized group {0}
\ No newline at end of file
Index: JahiaMessageResources_fr.properties
===================================================================
RCS file:
/home/cvs/repository/jahia/src/java/Attic/JahiaMessageResources_fr.properties,v
retrieving revision 1.14.2.3
retrieving revision 1.14.2.4
diff -u -r1.14.2.3 -r1.14.2.4
--- JahiaMessageResources_fr.properties 17 Aug 2004 08:18:36 -0000
1.14.2.3
+++ JahiaMessageResources_fr.properties 18 Aug 2004 16:26:27 -0000
1.14.2.4
@@ -224,3 +224,4 @@
org.jahia.engines.users.newuserregistration.passwordTooShort
= Mot de passe trop court (mininum 6 caractères)
org.jahia.engines.users.newuserregistration.userNameAlreadyExists
= Ce nom d'utilisateur existe déjà
org.jahia.engines.users.newuserregistration.errorWhileCreatingUser
= Erreur lors de la création de l'utilisateur.
+org.jahia.engines.users.newuserregistration.unauthorizedGroup
= Tentative d'ajout d'un utilisateur à un group
interdit ({0})
\ No newline at end of file
Index: NewUserRegistration_Engine.java
===================================================================
RCS file:
/home/cvs/repository/jahia/src/java/org/jahia/engines/users/Attic/NewUserRegistration_Engine.java,v
retrieving revision 1.3.2.1
retrieving revision 1.3.2.2
diff -u -r1.3.2.1 -r1.3.2.2
--- NewUserRegistration_Engine.java 6 Aug 2004 17:59:41 -0000 1.3.2.1
+++ NewUserRegistration_Engine.java 18 Aug 2004 16:26:28 -0000 1.3.2.2
@@ -225,6 +225,29 @@
}
if (allValuesValid) {
+ // now let's check that the group list doesn't contain
+ // invalid groups
+ if (groupList != null) {
+ for (int i = 0; i < groupList.length; i++) {
+ String curGroupName = groupList[i];
+ if (JahiaGroupManagerService.ADMINISTRATORS_GROUPNAME.
+ equals(curGroupName) ||
+ JahiaGroupManagerService.GUEST_GROUPNAME.equals(
+ curGroupName) ||
+ JahiaGroupManagerService.USERS_GROUPNAME.equals(
+ curGroupName)) {
+ allValuesValid = false;
+ EngineMessage errorMessage = new EngineMessage(
+
"org.jahia.engines.users.newuserregistration.unauthorizedGroup",
+ curGroupName);
+ resultMessages.add("newUserRegistration",
+ errorMessage);
+ }
+ }
+ }
+ }
+
+ if (allValuesValid) {
JahiaUser newUser = ServicesRegistry.getInstance().
getJahiaUserManagerService().
createUser(userName,
@@ -283,6 +306,7 @@
Map groupMap =
ServicesRegistry.getInstance().getJahiaSiteGroupManagerService().getGroups(jParams.getSiteID());
groupMap.remove(JahiaGroupManagerService.ADMINISTRATORS_GROUPNAME);
groupMap.remove(JahiaGroupManagerService.GUEST_GROUPNAME);
+ groupMap.remove(JahiaGroupManagerService.USERS_GROUPNAME);
Set groupNameSet = groupMap.keySet();
engineMap.put("groupList", groupNameSet);
