From 03f63877d8570a5cec9aa1ad8cc18b999492942f Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 9 Jun 2021 14:42:59 +0200 Subject: [PATCH] Improve doc --- doc/sources/admin/impersonation.rst | 6 ++++-- doc/sources/admin/security.rst | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/sources/admin/impersonation.rst b/doc/sources/admin/impersonation.rst index 71175691b..43c63359d 100644 --- a/doc/sources/admin/impersonation.rst +++ b/doc/sources/admin/impersonation.rst @@ -51,17 +51,19 @@ protected from being impersonated. - .. attention:: Both spoofed and real session attributes can be used to set access rules, groups or macros. - By example : ``$real_uid eq 'dwho'`` or ``$real_groups =~ /\bsu\b/`` + By example : ``$real_uid && $real_uid eq 'dwho'`` or ``$real_groups && $real_groups =~ /\bsu\b/`` Keep in mind that real session is computed first. Afterward, if access is granted, impersonated session is computed with real and spoofed session attributes if Impersonation is allowed. + So, 'real_' attributes are computed by second authentication process. + To avoid Perl warnings, you have to prefix regex with ``$real_var &&``. + .. attention:: diff --git a/doc/sources/admin/security.rst b/doc/sources/admin/security.rst index f1f515b7b..dd28a4697 100644 --- a/doc/sources/admin/security.rst +++ b/doc/sources/admin/security.rst @@ -354,7 +354,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` » to disable CSRF token by setting a special rule based on callers IP address like this : - requireToken => $env->{REMOTE_ADDR} !~ /^127\.0\.[1-3]\.1$/ + requireToken => $env->{REMOTE_ADDR} && $env->{REMOTE_ADDR} !~ /^127\.0\.[1-3]\.1$/ .. danger::