From: Mike Rylander Date: Thu, 1 Dec 2022 19:13:35 +0000 (-0500) Subject: LP#1908576: Restrict login redirection X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=8b611110df540fd86d87d4f160bd5b9f6d44c8d6;p=Evergreen.git LP#1908576: Restrict login redirection This commit implements a new global flag: opac.login_redirect_domains When this flag is enabled, redirection from login via redirect_to will be restricted to local URLs. For local URLs, they must either start with a / (provide an absolute path) or the hostname in the URL must match the current hostname and have a scheme of http, https, ftp, or ftps. The value for the global flag can be set to a list of comma-separated domain names. Redirection to these domains, and subdomains/hosts thereof, will also be allowed. For all non-local URLs allowed by the global flag value, the scheme must be one of http, https, ftp, or ftps. Signed-off-by: Mike Rylander Signed-off-by: Jason Stephenson Signed-off-by: Jason Boyer --- diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm index 2ff4f8317d..75c1280f20 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm @@ -710,8 +710,33 @@ sub load_login { ); } + # TODO: maybe move this logic to generic_redirect()? + my $redirect_to = $cgi->param('redirect_to') || $acct; + if (my $login_redirect_gf = $self->editor->retrieve_config_global_flag('opac.login_redirect_domains')) { + if ($login_redirect_gf->enabled eq 't') { + + my @redir_hosts = (); + if ($login_redirect_gf->value) { + @redir_hosts = map { '(?:[^/.]+\.)*' . quotemeta($_) } grep { $_ } split(/,\s*/, $login_redirect_gf->value); + } + unshift @redir_hosts, quotemeta($ctx->{hostname}); + + my $hn = join('|', @redir_hosts); + my $relative_redir = qr#^(?:(?:(?:(?:f|ht)tps?:)?(?://(?:$hn))(?:/|$))|/$|/[^/]+)#; + + if ($redirect_to !~ $relative_redir) { + $logger->warn( + "Login redirection of [$redirect_to] ". + "disallowed based on Global Flag opac.". + "login_redirect_domains RE [$relative_redir]" + ); + $redirect_to = $acct; # fall back to myopac/main + } + } + } + return $self->generic_redirect( - $cgi->param('redirect_to') || $acct, + $redirect_to, $cookie_list ); } diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql index 590171716f..537548645b 100644 --- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql +++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql @@ -22218,3 +22218,15 @@ VALUES ( ) ); +INSERT INTO config.global_flag (name, value, enabled, label) +VALUES ( + 'opac.login_redirect_domains', + '', + TRUE, + oils_i18n_gettext( + 'opac.login_redirect_domains', + 'Restrict post-login redirection to local URLs, or those that match the supplied comma-separated list of foreign domains or host names.', + 'cgf', 'label' + ) +); + diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.login_redirect_regexp.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.login_redirect_regexp.sql new file mode 100644 index 0000000000..c8a5f98f3a --- /dev/null +++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.login_redirect_regexp.sql @@ -0,0 +1,21 @@ +BEGIN; + +-- check whether patch can be applied +SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version); + +-- 950.data.seed-values.sql + +INSERT INTO config.global_flag (name, value, enabled, label) +VALUES ( + 'opac.login_redirect_domains', + '', + TRUE, + oils_i18n_gettext( + 'opac.login_redirect_domains', + 'Restrict post-login redirection to local URLs, or those that match the supplied comma-separated list of foreign domains or host names.', + 'cgf', 'label' + ) +); + +COMMIT; +