Fix usage of sso parameters

c46d3905 · ale · 4678be0c · c46d3905 · c46d3905
Commit c46d3905 authored 6 years ago by ale
--- a/mailman_api/mailman.py
+++ b/mailman_api/mailman.py
@@ -100,7 +100,7 @@ def pwreset():
    list_name = list_addr.split('@')[0]
    m = MailList.MailList(list_name, 0)

-    if not g.sso_is_admin and not (g.sso_user in m.owner):
+    if not g.sso_is_admin and not (g.current_user in m.owner):
        abort(403)

    subprocess.check_call([

--- a/mailman_api/sso_api.py
+++ b/mailman_api/sso_api.py
@@ -49,7 +49,6 @@ def sso_api_auth_required(func):
        if current_app.config.get('FAKE_SSO_USER'):
            g.current_user = current_app.config['FAKE_SSO_USER']
            g.sso_ticket = 'sso_ticket'
-            g.raw_sso_ticket = 'sso_ticket'
            return func(*args, **kwargs)

        sso_ticket = request.cookies.get(current_app.sso_cookie_name)
@@ -58,8 +57,8 @@ def sso_api_auth_required(func):
        try:
            ticket = current_app.sso_validator.verify(sso_ticket.encode())
            g.current_user = ticket.user()
+            g.sso_is_admin = ('admins' in ticket.groups())
            g.sso_ticket = ticket
-            g.raw_sso_ticket = sso_ticket.encode()
        except sso.Error as e:
            current_app.logger.error('authentication failed: %s', e)
            abort(403)