Skip to content
Snippets Groups Projects
Commit 566f3295 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

sanitize arguments transmission

parent c214c33b
No related branches found
No related tags found
No related merge requests found
...@@ -110,17 +110,15 @@ sub update_ssp_authsources { ...@@ -110,17 +110,15 @@ sub update_ssp_authsources {
## data : data used by the TT2 parser ## data : data used by the TT2 parser
sub mail_notice { sub mail_notice {
my (%args) = @_; my (%args) = @_;
my $tt2_file = $args{template};
my $mail_data = $args{data};
open SENDMAIL, open SENDMAIL,
"|/usr/sbin/sendmail -f $args{from} $args{to}"; "|/usr/sbin/sendmail -f $args{data}->{from} $args{data}->{to}";
my $tt2 = Template->new({ my $tt2 = Template->new({
FILTERS => { qencode => [ \&qencode, 0 ] }, FILTERS => { qencode => [ \&qencode, 0 ] },
INCLUDE_PATH => $args{templates_dir} INCLUDE_PATH => $args{templates_dir}
}); });
$tt2->process($tt2_file, $mail_data, \*SENDMAIL) $tt2->process($args{template}, $args{data}, \*SENDMAIL)
or die $tt2->error(); or die $tt2->error();
close SENDMAIL; close SENDMAIL;
......
...@@ -184,14 +184,21 @@ sub respond { ...@@ -184,14 +184,21 @@ sub respond {
## Mail notification of admins about the error ## Mail notification of admins about the error
if (@errors_admin) { if (@errors_admin) {
$self->{out}->{subject} = 'Error notification - web interface';
eval { eval {
IdPAccountManager::Tools::mail_notice( IdPAccountManager::Tools::mail_notice(
template => 'mail/notification_generic_error.tt2.eml', template => 'mail/notification_generic_error.tt2.eml',
templates_dir => $self->{configuration}->{templates_dir}, templates_dir => $self->{configuration}->{templates_dir},
data => $self->{out}, data => {
to => $self->{configuration}->{admin_email}, env => {
from => $self->{configuration}->{notice_from} REMOTE_HOST => $ENV{REMOTE_HOST},
REMOTE_ADDR => $ENV{REMOTE_ADDR},
},
app_name => $self->{configuration}->{app_name},
app_url => $self->{configuration}->{app_url},
from => $self->{configuration}->{notice_from},
to => $self->{configuration}->{admin_email},
errors => $self->{out}->{errors}
}
); );
}; };
$self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR; $self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR;
...@@ -405,19 +412,26 @@ sub req_generate_token { ...@@ -405,19 +412,26 @@ sub req_generate_token {
$self->{out}->{email_address} = $self->{in}->{email_address}; $self->{out}->{email_address} = $self->{in}->{email_address};
$self->{out}->{sp_entityid} = $self->{in}->{sp_entityid}; $self->{out}->{sp_entityid} = $self->{in}->{sp_entityid};
$self->{out}->{to} = $self->{in}->{email_address}; $self->{out}->{subtitle} = 'Generate an authentication token';
$self->{out}->{authentication_token} =
$authentication_token->get('token');
$self->{out}->{subtitle} = 'Generate an authentication token';
## Send the challenge email with the token ## Send the challenge email with the token
eval { eval {
IdPAccountManager::Tools::mail_notice( IdPAccountManager::Tools::mail_notice(
template => 'mail/send_authentication_token.tt2.eml', template => 'mail/send_authentication_token.tt2.eml',
templates_dir => $self->{configuration}->{templates_dir}, templates_dir => $self->{configuration}->{templates_dir},
from => $self->{configuration}->{notice_from} data => {
to => $self->{in}->{email_address}, env => {
data => $self->{out}, REMOTE_HOST => $ENV{REMOTE_HOST},
REMOTE_ADDR => $ENV{REMOTE_ADDR},
},
app_name => $self->{configuration}->{app_name},
app_url => $self->{configuration}->{app_url},
from => $self->{configuration}->{notice_from},
support_email => $self->{configuration}->{support_email},
to => $self->{in}->{email_address},
sp_entityid => $self->{in}->{sp_entityid},
authentication_token => $authentication_token->get('token'),
}
); );
}; };
$self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR; $self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR;
...@@ -426,7 +440,7 @@ sub req_generate_token { ...@@ -426,7 +440,7 @@ sub req_generate_token {
"Token send to %s for sp_entityid=%s;token=%s", "Token send to %s for sp_entityid=%s;token=%s",
$self->{in}->{email_address}, $self->{in}->{email_address},
$self->{in}->{sp_entityid}, $self->{in}->{sp_entityid},
$self->{out}->{authentication_token} $authentication_token->get('token'),
); );
return 1; return 1;
......
From: [% conf.app_name %] <[% conf.notice_from %]> From: [% app_name %] <[% from %]>
To: [% to %] To: [% to %]
Subject: [% subject %] Subject: [% app_name %] - Error notification
Content-type: text/plain; charset=UTF-8; format=flowed Content-type: text/plain; charset=UTF-8; format=flowed
You receive this notification as administrator of the eduGAIN Test Account Manager You receive this notification as administrator of the eduGAIN Test Account Manager
......
From: [% conf.app_name %] <[% conf.notice_from %]> From: [% app_name %] <[% from %]>
To: [% to %] To: [% to %]
Subject: [% conf.app_name %] - Test accounts request Subject: [% app_name %] - Test accounts request
Content-type: text/plain; charset=UTF-8; format=flowed Content-type: text/plain; charset=UTF-8; format=flowed
This is an email challenge automatically sent to you by [% conf.app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% sp_entityid %]. This is an email challenge automatically sent to you by [% app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% sp_entityid %].
The address [% to %] is mentioned in the eduGAIN metadata as a contact for this Service Provider. The address [% to %] is mentioned in the eduGAIN metadata as a contact for this Service Provider.
To complete the creation of test accounts, paste the following validation token in the [% conf.app_name %] web form. To complete the creation of test accounts, paste the following validation token in the [% app_name %] web form.
Validation token: [% authentication_token %] Validation token: [% authentication_token %]
[% conf.app_name %]: [% conf.app_url %] [% app_name %]: [% app_url %]
If the creation of test accounts was not initiated by you or a fellow administrator for the above Service Provider, please forward this email and contact [% conf.support_email %] to inform them about a potential abuse of the [% conf.app_name %] service. If the creation of test accounts was not initiated by you or a fellow administrator for the above Service Provider, please forward this email and contact [% conf.support_email %] to inform them about a potential abuse of the [% app_name %] service.
Best Regards Best Regards
[% conf.app_name %] Bot [% app_name %] Bot
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment