User authentication: limit the number of domains sent in "Logged" to a hundred.
This commit is contained in:
parent
723c1a83a0
commit
158d772727
@ -18,7 +18,11 @@ class DNSManager::Request
|
||||
dnsmanagerd.storage.user_must_exist! user_id
|
||||
|
||||
accepted_domains = dnsmanagerd.configuration.accepted_domains.not_nil!
|
||||
user_domains = dnsmanagerd.storage.user_domains user_id
|
||||
|
||||
# Limit the number of domains in this message.
|
||||
# Pagination will be required beyond a hundred domains.
|
||||
user_domains = dnsmanagerd.storage.user_domains(user_id).[0..100]
|
||||
|
||||
perms = dnsmanagerd.check_permissions user_id, "*"
|
||||
Response::Logged.new (perms == AuthD::User::PermissionLevel::Admin), accepted_domains, user_domains
|
||||
else
|
||||
|
@ -134,7 +134,7 @@ class DNSManager::Storage
|
||||
|
||||
matching_domains.each do |md|
|
||||
# Prevent empty domains (from crafted requests) to be accepted.
|
||||
return Response::InvalidDomainName.new unless (domain.chomp md).size > 2
|
||||
return Response::InvalidDomainName.new unless (domain.chomp md).size > 1
|
||||
Baguette::Log.info "Add new domain #{domain} (matching domain #{md})"
|
||||
end
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user