Ensure config parsing fails if gitano-bypass is not viable

author: Daniel Silverstone <dsilvers@digital-scurf.org> 2016-12-03 14:47:47 +0000
committer: Daniel Silverstone <dsilvers@digital-scurf.org> 2016-12-03 16:06:49 +0000
commit: b9f45628f4ef30ba4737121d1f84f1ebd12ea6bf (patch)
tree: 3ed62a015152059a3e759ade1dc250dfb0440255 /lib
parent: a9bba86ac1bdae302c42fd82060cc909cae22494 (diff)
download: gitano-b9f45628f4ef30ba4737121d1f84f1ebd12ea6bf.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/gitano/config.lua b/lib/gitano/config.lua
index a175d01..8d5e53b 100644
--- a/lib/gitano/config.lua
+++ b/lib/gitano/config.lua
@@ -258,6 +258,22 @@ local function parse_admin_config(commit)
       end
    end
 
+   -- Validate that the bypass user (a) exists (b) isn't in any groups
+   -- and (c) has at least one key and/or a password set
+   if users["gitano-bypass"] then
+      for gname, gtab in pairs(groups) do
+	 if gtab.filtered_members["gitano-bypass"] then
+	    return nil, i18n.expand("ERROR_BYPASS_USER_IN_GROUP", {group=gname})
+	 end
+      end
+      local okay = next(users["gitano-bypass"].keys) or users["gitano-bypass"].clod["passwd.hash"]
+      if not okay then
+	 return nil, i18n.expand("ERROR_BYPASS_USER_LACKING")
+      end
+   else
+      return nil, i18n.expand("ERROR_NO_BYPASS_USER_FOUND")
+   end
+
    -- Finally, return an object representing this configuration
 
    local config = {
author	Daniel Silverstone <dsilvers@digital-scurf.org>	2016-12-03 14:47:47 +0000
committer	Daniel Silverstone <dsilvers@digital-scurf.org>	2016-12-03 16:06:49 +0000
commit	b9f45628f4ef30ba4737121d1f84f1ebd12ea6bf (patch)
tree	3ed62a015152059a3e759ade1dc250dfb0440255 /lib
parent	a9bba86ac1bdae302c42fd82060cc909cae22494 (diff)
download	gitano-b9f45628f4ef30ba4737121d1f84f1ebd12ea6bf.tar.gz