starred/stf
1
0
Fork 0
mirror of https://github.com/DeviceFarmer/stf.git synced 2026-04-18 11:53:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix all vulnerabilities in the production code (#817)

Browse Source 
Signed-off-by: Denis barbaron <denis.barbaron@orange.com>
This commit is contained in:
Denis Barbaron
2024-11-29 11:02:11 +01:00
committed by GitHub
parent 2f54e40206
commit 872b0bcbd8
26 changed files with 160 additions and 13627 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/units/auth/ldap.js
View File

@@ -5,11 +5,10 @@
var http = require('http')
var express = require('express')
var validator = require('express-validator')
var cookieSession = require('cookie-session')
var bodyParser = require('body-parser')
var serveStatic = require('serve-static')
var csrf = require('csurf')
var csrf = require('@dr.pogodin/csurf')
var Promise = require('bluebird')
var logger = require('../../util/logger')
@@ -46,7 +45,6 @@ module.exports = function(options) {
}))
app.use(bodyParser.json())
app.use(csrf())
app.use(validator())
app.use('/static/bower_components',
serveStatic(pathutil.resource('bower_components')))
app.use('/static/auth/ldap', serveStatic(pathutil.resource('auth/ldap')))
@@ -84,15 +82,12 @@ module.exports = function(options) {
res.render('index')
})
app.post('/auth/api/v1/ldap', function(req, res) {
app.post('/auth/api/v1/ldap', requtil.validators.ldapLoginValidator, function(req, res) {
var log = logger.createLogger('auth-ldap')
log.setLocalIdentifier(req.ip)
switch (req.accepts(['json'])) {
case 'json':
requtil.validate(req, function() {
req.checkBody('username').notEmpty()
req.checkBody('password').notEmpty()
})
requtil.validate(req)
.then(function() {
return ldaputil.login(
options.ldap