Skip to content
Snippets Groups Projects
Commit 566f3295 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

sanitize arguments transmission

parent c214c33b
Branches
Tags
No related merge requests found
......@@ -110,17 +110,15 @@ sub update_ssp_authsources {
## data : data used by the TT2 parser
sub mail_notice {
my (%args) = @_;
my $tt2_file = $args{template};
my $mail_data = $args{data};
open SENDMAIL,
"|/usr/sbin/sendmail -f $args{from} $args{to}";
"|/usr/sbin/sendmail -f $args{data}->{from} $args{data}->{to}";
my $tt2 = Template->new({
FILTERS => { qencode => [ \&qencode, 0 ] },
INCLUDE_PATH => $args{templates_dir}
});
$tt2->process($tt2_file, $mail_data, \*SENDMAIL)
$tt2->process($args{template}, $args{data}, \*SENDMAIL)
or die $tt2->error();
close SENDMAIL;
......
......@@ -184,14 +184,21 @@ sub respond {
## Mail notification of admins about the error
if (@errors_admin) {
$self->{out}->{subject} = 'Error notification - web interface';
eval {
IdPAccountManager::Tools::mail_notice(
template => 'mail/notification_generic_error.tt2.eml',
templates_dir => $self->{configuration}->{templates_dir},
data => $self->{out},
to => $self->{configuration}->{admin_email},
from => $self->{configuration}->{notice_from}
data => {
env => {
REMOTE_HOST => $ENV{REMOTE_HOST},
REMOTE_ADDR => $ENV{REMOTE_ADDR},
},
app_name => $self->{configuration}->{app_name},
app_url => $self->{configuration}->{app_url},
from => $self->{configuration}->{notice_from},
to => $self->{configuration}->{admin_email},
errors => $self->{out}->{errors}
}
);
};
$self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR;
......@@ -405,19 +412,26 @@ sub req_generate_token {
$self->{out}->{email_address} = $self->{in}->{email_address};
$self->{out}->{sp_entityid} = $self->{in}->{sp_entityid};
$self->{out}->{to} = $self->{in}->{email_address};
$self->{out}->{authentication_token} =
$authentication_token->get('token');
$self->{out}->{subtitle} = 'Generate an authentication token';
$self->{out}->{subtitle} = 'Generate an authentication token';
## Send the challenge email with the token
eval {
IdPAccountManager::Tools::mail_notice(
template => 'mail/send_authentication_token.tt2.eml',
templates_dir => $self->{configuration}->{templates_dir},
from => $self->{configuration}->{notice_from}
to => $self->{in}->{email_address},
data => $self->{out},
data => {
env => {
REMOTE_HOST => $ENV{REMOTE_HOST},
REMOTE_ADDR => $ENV{REMOTE_ADDR},
},
app_name => $self->{configuration}->{app_name},
app_url => $self->{configuration}->{app_url},
from => $self->{configuration}->{notice_from},
support_email => $self->{configuration}->{support_email},
to => $self->{in}->{email_address},
sp_entityid => $self->{in}->{sp_entityid},
authentication_token => $authentication_token->get('token'),
}
);
};
$self->{logger}->errorf("Error TT2 : %s", $EVAL_ERROR) if $EVAL_ERROR;
......@@ -426,7 +440,7 @@ sub req_generate_token {
"Token send to %s for sp_entityid=%s;token=%s",
$self->{in}->{email_address},
$self->{in}->{sp_entityid},
$self->{out}->{authentication_token}
$authentication_token->get('token'),
);
return 1;
......
From: [% conf.app_name %] <[% conf.notice_from %]>
From: [% app_name %] <[% from %]>
To: [% to %]
Subject: [% subject %]
Subject: [% app_name %] - Error notification
Content-type: text/plain; charset=UTF-8; format=flowed
You receive this notification as administrator of the eduGAIN Test Account Manager
......
From: [% conf.app_name %] <[% conf.notice_from %]>
From: [% app_name %] <[% from %]>
To: [% to %]
Subject: [% conf.app_name %] - Test accounts request
Subject: [% app_name %] - Test accounts request
Content-type: text/plain; charset=UTF-8; format=flowed
This is an email challenge automatically sent to you by [% conf.app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% sp_entityid %].
This is an email challenge automatically sent to you by [% app_name %]. Somebody with IP address [% env.REMOTE_ADDR %] has requested to create test accounts for eduGAIN Service Provider with entityID [% sp_entityid %].
The address [% to %] is mentioned in the eduGAIN metadata as a contact for this Service Provider.
To complete the creation of test accounts, paste the following validation token in the [% conf.app_name %] web form.
To complete the creation of test accounts, paste the following validation token in the [% app_name %] web form.
Validation token: [% authentication_token %]
[% conf.app_name %]: [% conf.app_url %]
[% app_name %]: [% app_url %]
If the creation of test accounts was not initiated by you or a fellow administrator for the above Service Provider, please forward this email and contact [% conf.support_email %] to inform them about a potential abuse of the [% conf.app_name %] service.
If the creation of test accounts was not initiated by you or a fellow administrator for the above Service Provider, please forward this email and contact [% conf.support_email %] to inform them about a potential abuse of the [% app_name %] service.
Best Regards
[% conf.app_name %] Bot
\ No newline at end of file
[% app_name %] Bot
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment