Skip to content
Snippets Groups Projects
Commit 566f3295 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

sanitize arguments transmission

parent c214c33b
No related branches found
No related tags found
No related merge requests found
......@@ -110,17 +110,15 @@ sub update_ssp_authsources {
## data : data used by the TT2 parser
sub mail_notice {
my (%args) = @_;
my $tt2_file = $args{template};
my $mail_data = $args{data};
open SENDMAIL,
"|/usr/sbin/sendmail -f $args{from} $args{to}";
"|/usr/sbin/sendmail -f $args{data}->{from} $args{data}->{to}";
my $tt2 = Template->new({
FILTERS => { qencode => [ \&qencode, 0 ] },
INCLUDE_PATH => $args{templates_dir}
});
$tt2->process($tt2_file, $mail_data, \*SENDMAIL)
$tt2->process($args{template}, $args{data}, \*SENDMAIL)
or die $tt2->error();
close SENDMAIL;
......
......@@ -184,14 +184,21 @@ sub respond {
## Mail notification of admins about the error
if (@errors_admin) {
$self->{out}->{subject} = 'Error notification - web interface';
eval {
IdPAccountManager::Tools::mail_notice(
template => 'mail/notification_generic_error.tt2.eml',
templates_dir => $self->{configuration}->{templates_dir},
data => $self->{out},
to => $self->{configuration}->{admin_email},
from => $self->{configuration}->{notice_from}
data => {
env => {
REMOTE_HOST => $ENV{REMOTE_HOST},
REMOTE_ADDR => $ENV{REMOTE_ADDR},
},
app_name => $self->{configuration}->{app_name},
app_url => $self->{configuration}->{app_url},
from => $self->{configuration}->{notice_from},
to => $self->{configuration}->{admin_email},
errors => $self->{out}->{errors}
}
);
};
$self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR;
......@@ -405,19 +412,26 @@ sub req_generate_token {
$self->{out}->{email_address} = $self->{in}->{email_address};
$self->{out}->{sp_entityid} = $self->{in}->{sp_entityid};
$self->{out}->{to} = $self->{in}->{email_address};
$self->{out}->{authentication_token} =
$authentication_token->get('token');
$self->{out}->{subtitle} = 'Generate an authentication token';
$self->{out}->{subtitle} = 'Generate an authentication token';
## Send the challenge email with the token
eval {
IdPAccountManager::Tools::mail_notice(
template => 'mail/send_authentication_token.tt2.eml',
templates_dir => $self->{configuration}->{templates_dir},
from => $self->{configuration}->{notice_from}
to => $self->{in}->{email_address},
data => $self->{out},
data => {
env => {
REMOTE_HOST => $ENV{REMOTE_HOST},
REMOTE_ADDR => $ENV{REMOTE_ADDR},
},
app_name => $self->{configuration}->{app_name},
app_url => $self->{configuration}->{app_url},
from => $self->{configuration}->{notice_from},
support_email => $self->{configuration}->{support_email},
to => $self->{in}->{email_address},
sp_entityid => $self->{in}->{sp_entityid},
authentication_token => $authentication_token->get('token'),
}
);
};
$self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR;
......@@ -426,7 +440,7 @@ sub req_generate_token {
"Token send to %s for sp_entityid=%s;token=%s",
$self->{in}->{email_address},
$self->{in}->{sp_entityid},
$self->{out}->{authentication_token}
$authentication_token->get('token'),
);
return 1;
......
From: [% conf.app_name %] <[% conf.notice_from %]>
From: [% app_name %] <[% from %]>
To: [% to %]
Subject: [% subject %]
Subject: [% app_name %] - Error notification
Content-type: text/plain; charset=UTF-8; format=flowed
You receive this notification as administrator of the eduGAIN Test Account Manager
......
From: [% conf.app_name %] <[% conf.notice_from %]>
From: [% app_name %] <[% from %]>
To: [% to %]
Subject: [% conf.app_name %] - Test accounts request
Subject: [% app_name %] - Test accounts request
Content-type: text/plain; charset=UTF-8; format=flowed
This is an email challenge automatically sent to you by [% conf.app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% sp_entityid %].
This is an email challenge automatically sent to you by [% app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% sp_entityid %].
The address [% to %] is mentioned in the eduGAIN metadata as a contact for this Service Provider.
To complete the creation of test accounts, paste the following validation token in the [% conf.app_name %] web form.
To complete the creation of test accounts, paste the following validation token in the [% app_name %] web form.
Validation token: [% authentication_token %]
[% conf.app_name %]: [% conf.app_url %]
[% app_name %]: [% app_url %]
If the creation of test accounts was not initiated by you or a fellow administrator for the above Service Provider, please forward this email and contact [% conf.support_email %] to inform them about a potential abuse of the [% conf.app_name %] service.
If the creation of test accounts was not initiated by you or a fellow administrator for the above Service Provider, please forward this email and contact [% conf.support_email %] to inform them about a potential abuse of the [% app_name %] service.
Best Regards
[% conf.app_name %] Bot
\ No newline at end of file
[% app_name %] Bot
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment