tsai
/
abp-next-admin
mirror of https://github.com/colinin/abp-next-admin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

security: 检查未经授权的邮件配置.

pull/583/head
cKey 4 years ago
parent
3d45fb6305
commit
b4590fdfae
2 changed files with 110 additions and 103 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/SettingAppService.cs
  2. 122
      aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/UserSettingAppService.cs

5
aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/SettingAppService.cs
View File

@ -349,6 +349,7 @@ namespace LINGYUN.Abp.SettingManagement
#region 邮件设置 #region 邮件设置
var emailSettingGroup = new SettingGroupDto(L["DisplayName:Emailing"], L["Description:Emailing"]); var emailSettingGroup = new SettingGroupDto(L["DisplayName:Emailing"], L["Description:Emailing"]);
var defaultMailSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Default"], L["Description:Emailing.Default"]); var defaultMailSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Default"], L["Description:Emailing.Default"]);
defaultMailSetting.AddDetail( defaultMailSetting.AddDetail(
SettingDefinitionManager.Get(EmailSettingNames.DefaultFromAddress), SettingDefinitionManager.Get(EmailSettingNames.DefaultFromAddress),
@ -363,6 +364,9 @@ namespace LINGYUN.Abp.SettingManagement
ValueType.String, ValueType.String,
providerName); providerName);
// 防止邮件设置泄露
if (await AuthorizationService.IsGrantedAsync(AbpSettingManagementPermissions.Settings.Manager))
{
var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]); var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]);
smtpSetting.AddDetail( smtpSetting.AddDetail(
SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl), SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl),
@ -406,6 +410,7 @@ namespace LINGYUN.Abp.SettingManagement
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey), await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey),
ValueType.String, ValueType.String,
providerName); providerName);
}
settingGroups.AddGroup(emailSettingGroup); settingGroups.AddGroup(emailSettingGroup);

122
aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/UserSettingAppService.cs
View File

@ -173,66 +173,68 @@ namespace LINGYUN.Abp.SettingManagement
#region 邮件设置 #region 邮件设置
var emailSettingGroup = new SettingGroupDto(L["DisplayName:Emailing"], L["Description:Emailing"]); // 控制用户行为, 禁止返回邮件配置
var defaultMailSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Default"], L["Description:Emailing.Default"]);
defaultMailSetting.AddDetail( //var emailSettingGroup = new SettingGroupDto(L["DisplayName:Emailing"], L["Description:Emailing"]);
SettingDefinitionManager.Get(EmailSettingNames.DefaultFromAddress), //var defaultMailSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Default"], L["Description:Emailing.Default"]);
StringLocalizerFactory, //defaultMailSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromAddress, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.DefaultFromAddress),
ValueType.String, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromAddress, providerName, providerKey),
defaultMailSetting.AddDetail( // ValueType.String,
SettingDefinitionManager.Get(EmailSettingNames.DefaultFromDisplayName), // providerName);
StringLocalizerFactory, //defaultMailSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromDisplayName, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.DefaultFromDisplayName),
ValueType.String, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromDisplayName, providerName, providerKey),
// ValueType.String,
var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]); // providerName);
smtpSetting.AddDetail(
SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl), //var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]);
StringLocalizerFactory, //smtpSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.EnableSsl, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl),
ValueType.Boolean, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.EnableSsl, providerName, providerKey),
smtpSetting.AddDetail( // ValueType.Boolean,
SettingDefinitionManager.Get(EmailSettingNames.Smtp.UseDefaultCredentials), // providerName);
StringLocalizerFactory, //smtpSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UseDefaultCredentials, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.Smtp.UseDefaultCredentials),
ValueType.Boolean, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UseDefaultCredentials, providerName, providerKey),
smtpSetting.AddDetail( // ValueType.Boolean,
SettingDefinitionManager.Get(EmailSettingNames.Smtp.Domain), // providerName);
StringLocalizerFactory, //smtpSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Domain, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Domain),
ValueType.String, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Domain, providerName, providerKey),
smtpSetting.AddDetail( // ValueType.String,
SettingDefinitionManager.Get(EmailSettingNames.Smtp.Host), // providerName);
StringLocalizerFactory, //smtpSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Host, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Host),
ValueType.String, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Host, providerName, providerKey),
smtpSetting.AddDetail( // ValueType.String,
SettingDefinitionManager.Get(EmailSettingNames.Smtp.Port), // providerName);
StringLocalizerFactory, //smtpSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Port, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Port),
ValueType.Number, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Port, providerName, providerKey),
smtpSetting.AddDetail( // ValueType.Number,
SettingDefinitionManager.Get(EmailSettingNames.Smtp.UserName), // providerName);
StringLocalizerFactory, //smtpSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UserName, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.Smtp.UserName),
ValueType.String, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UserName, providerName, providerKey),
smtpSetting.AddDetail( // ValueType.String,
SettingDefinitionManager.Get(EmailSettingNames.Smtp.Password), // providerName);
StringLocalizerFactory, //smtpSetting.AddDetail(
await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey), // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Password),
ValueType.String, // StringLocalizerFactory,
providerName); // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey),
// ValueType.String,
settingGroups.AddGroup(emailSettingGroup); // providerName);
//settingGroups.AddGroup(emailSettingGroup);
#endregion #endregion

Write Preview
Loading…
Cancel
Save