security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update api and web ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add cve post to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
@ -59,6 +59,21 @@ export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${t`Stage-specific settings`} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal name="canCreateUsers">
|
||||
<div class="pf-c-check">
|
||||
<input
|
||||
type="checkbox"
|
||||
class="pf-c-check__input"
|
||||
?checked=${first(this.instance?.canCreateUsers, false)}
|
||||
/>
|
||||
<label class="pf-c-check__label">
|
||||
${t`Can create users`}
|
||||
</label>
|
||||
</div>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`When enabled, this stage has the ability to create new users. If no user is available in the flow with this disabled, the stage will fail.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal name="createUsersAsInactive">
|
||||
<div class="pf-c-check">
|
||||
<input
|
||||
|
||||
@ -98,13 +98,6 @@ export class UserSettingsFlowExecutor extends AKElement implements StageHost {
|
||||
if (!this.flowSlug) {
|
||||
return;
|
||||
}
|
||||
new FlowsApi(DEFAULT_CONFIG)
|
||||
.flowsInstancesExecuteRetrieve({
|
||||
slug: this.flowSlug || "",
|
||||
})
|
||||
.then(() => {
|
||||
this.nextChallenge();
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user