* [pve-devel] [PATCH access-control] openid: fix groups-claim regex
@ 2025-04-08 11:33 Mira Limbeck
2025-04-08 13:39 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Mira Limbeck @ 2025-04-08 11:33 UTC (permalink / raw)
To: pve-devel
The previous regex matched exactly that combination of characters,
rather than any combination of the specified ones.
Fixes: e80f840 ("openid: make groups-claim RE more restrictive")
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
---
src/PVE/Auth/OpenId.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Auth/OpenId.pm b/src/PVE/Auth/OpenId.pm
index 4e496f0..92d75b7 100755
--- a/src/PVE/Auth/OpenId.pm
+++ b/src/PVE/Auth/OpenId.pm
@@ -10,7 +10,7 @@ use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file
use base qw(PVE::Auth::Plugin);
# FIXME: restrict username-claim as well?
-my $openid_claim_regex = qr/A-Za-z0-9\.\-_/;
+my $openid_claim_regex = qr/[A-Za-z0-9\.\-_]+/;
sub type {
return 'openid';
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-04-08 13:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-04-08 11:33 [pve-devel] [PATCH access-control] openid: fix groups-claim regex Mira Limbeck
2025-04-08 13:39 ` [pve-devel] applied: " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal