admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FCLT#86405 Client-side generatie API-tokens kwetsbaarheid

Browse Source 
svn path=/Website/branches/v2024.3/; revision=67041
This commit is contained in:
Jos Groot Lipman
2024-11-14 12:54:54 +00:00
parent 3eff2c6555
commit 3abd0ee84e
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
APPL/PRS/prs_perslid_apikey.asp
View File

@@ -26,7 +26,7 @@ var prs_perslid_key = getQParamInt("prs_key");
var prsauthparams = prs.checkAutorisation(prs_perslid_key);
user.auth_required_or_abort(prsauthparams.writesys);
var newapi = shared.random(20);
var newapi = user.has("WEB_FACTAB")?shared.random(20):"<<"+L("lcl_prs_generate_apikey") + ">>";
%>
<html>

6
APPL/PRS/prs_perslid_apikey_save.asp
View File

@@ -23,7 +23,13 @@ var JSON_Result = true;
<%
protectRequest.validateToken();
//user.checkAutorisation("WEB_FACTAB"); // altijd nodig
var prs_perslid_apikey = getFParam("prs_apikey");
if (!user.has("WEB_FACTAB"))
{
prs_perslid_apikey = shared.random(20); // altijd genereren
}
var prs_perslid_key = getFParamInt("prs_key");
var prsauthparams = prs.checkAutorisation(prs_perslid_key);