Bookworm + Portal rework #1657
Bookworm + Portal rework #1657
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
alexAubin
force-pushed
the
bookworm
branch
2 times, most recently
from
cd1bb22
to
bed9ecc
Compare
alexAubin
force-pushed
the
bookworm
branch
4 times, most recently
from
945ecdb
to
8ac48ee
Compare
| allowed_cors_origins_file = "/etc/yunohost/.admin-api-allowed-cors-origins" | ||
|
|
||
| if os.path.exists(allowed_cors_origins_file): | ||
| allowed_cors_origins = open(allowed_cors_origins_file).read().strip().split(",") |
Check warning
Code scanning / CodeQL
File is not always closed Warning
| allowed_cors_origins_file = "/etc/yunohost/.portal-api-allowed-cors-origins" | ||
|
|
||
| if os.path.exists(allowed_cors_origins_file): | ||
| allowed_cors_origins = open(allowed_cors_origins_file).read().strip().split(",") |
Check warning
Code scanning / CodeQL
File is not always closed Warning
…e label+show_tile info in ssowat conf anymore
…g domain info in ldap
… may be included by nginx app confs ~_~
…lly cache static assets with etags etc ?
… only store the file id which the front should then query as a regular asset
…the portal API route
…t_for_app_script already handles everything..
| r = session.get( | ||
| logout_endpoint, | ||
| headers={ | ||
| "X-Requested-With": "", | ||
| }, | ||
| verify=False, | ||
| ) |
Check failure
Code scanning / CodeQL
Request without certificate validation High
|
|
||
| # Anonymous access | ||
| if session: | ||
| r = session.get(webpath, verify=False, allow_redirects=False, headers=headers) |
Check failure
Code scanning / CodeQL
Request without certificate validation High
| if session: | ||
| r = session.get(webpath, verify=False, allow_redirects=False, headers=headers) | ||
| elif not logged_as: | ||
| r = requests.get(webpath, verify=False, allow_redirects=False, headers=headers) |
Check failure
Code scanning / CodeQL
Request without certificate validation High
| r = login(session, logged_as, logged_on) | ||
| # We should have some cookies related to authentication now | ||
| assert session.cookies | ||
| r = session.get(webpath, verify=False, allow_redirects=False, headers=headers) |
Check failure
Code scanning / CodeQL
Request without certificate validation High
| if list_ == DEFAULT_APPS_CATALOG_LIST: | ||
| try: | ||
| os.remove(APPS_CATALOG_CONF) | ||
| except Exception: |
Check notice
Code scanning / CodeQL
Empty except Note
| # Login as a user using dummy password | ||
| else: | ||
| with requests.Session() as session: | ||
| r = login(session, logged_as, logged_on) |
Check warning
Code scanning / CodeQL
Variable defined multiple times Warning
|
|
||
| assert number_of_active_session_for_user("alice") == 1 | ||
|
|
||
| r = logout(session) |
Check notice
Code scanning / CodeQL
Unused local variable Note
| # Bob can't even login because doesnt has access to any app on the domain | ||
| # (that's debattable tho) | ||
| with requests.Session() as session: | ||
| r = login(session, "bob") |
Check notice
Code scanning / CodeQL
Unused local variable Note
|
|
||
|
|
||
| # Get main domain | ||
| maindomain = open("/etc/yunohost/current_host").read().strip() |
Check warning
Code scanning / CodeQL
File is not always closed Warning
…and $final_path always exist
…rsion_id, system_arch, system_virt
Allow users to access their own domain portal without app permission
[bookworm] Return auth cookie valid for whole main domain.
cf YunoHost/issues#2050