diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-12-03 14:47:47 +0000 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-12-03 16:06:49 +0000 |
commit | b9f45628f4ef30ba4737121d1f84f1ebd12ea6bf (patch) | |
tree | 3ed62a015152059a3e759ade1dc250dfb0440255 /lib | |
parent | a9bba86ac1bdae302c42fd82060cc909cae22494 (diff) | |
download | gitano-b9f45628f4ef30ba4737121d1f84f1ebd12ea6bf.tar.gz |
Ensure config parsing fails if gitano-bypass is not viable
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitano/config.lua | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/gitano/config.lua b/lib/gitano/config.lua index a175d01..8d5e53b 100644 --- a/lib/gitano/config.lua +++ b/lib/gitano/config.lua @@ -258,6 +258,22 @@ local function parse_admin_config(commit) end end + -- Validate that the bypass user (a) exists (b) isn't in any groups + -- and (c) has at least one key and/or a password set + if users["gitano-bypass"] then + for gname, gtab in pairs(groups) do + if gtab.filtered_members["gitano-bypass"] then + return nil, i18n.expand("ERROR_BYPASS_USER_IN_GROUP", {group=gname}) + end + end + local okay = next(users["gitano-bypass"].keys) or users["gitano-bypass"].clod["passwd.hash"] + if not okay then + return nil, i18n.expand("ERROR_BYPASS_USER_LACKING") + end + else + return nil, i18n.expand("ERROR_NO_BYPASS_USER_FOUND") + end + -- Finally, return an object representing this configuration local config = { |