Commit ac21e648 authored by Josh Wisenbaker's avatar Josh Wisenbaker

Login logic fixes-

Check to see if the user provided domain name matches the primary managed domain name. Short circuit if so and continue.
parent 923c8189
Pipeline #26509372 passed with stage
in 2 minutes and 22 seconds
......@@ -12,7 +12,7 @@ enum Preferences: String {
/// The desired AD domain as a `String`.
case ADDomain
/// Allows appending of other domains at the loginwindow. Set as a `Bool` to allow any, or as an Array of Strings to whitelist
case ADDomainOptional
case AdditionalADDomains
/// A filesystem path to a background image as a `String`.
case BackgroundImage
/// The alpha value of the background image as an `Int`.
......
......@@ -17,7 +17,7 @@
<key>CFBundleShortVersionString</key>
<string>1.2.0-Beta</string>
<key>CFBundleVersion</key>
<string>289</string>
<string>290</string>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2018 Orchard &amp; Grove. All rights reserved.</string>
<key>NSPrincipalClass</key>
......
......@@ -205,7 +205,7 @@ class SignIn: NSWindowController {
}
}
fileprivate func showResetUI() {
fileprivate func showResetUI() {
os_log("Adjusting UI for change controls", log: uiLog, type: .debug)
loginStack.isHidden = true
signIn.isHidden = true
......@@ -311,25 +311,33 @@ class SignIn: NSWindowController {
domainName = (domain.selectedItem?.title.uppercased())!
return
}
if providedDomainName == domainName {
os_log("Provided domain matches managed domain", log: uiLog, type: .default)
return
}
if !providedDomainName.isEmpty {
os_log("Optional domain provided in text field: %{public}@", log: uiLog, type: .default, providedDomainName)
if getManagedPreference(key: .ADDomainOptional) as? Bool == true {
os_log("Optional domain name allowed by ADDomainOptional allow-all policy", log: uiLog, type: .default)
if getManagedPreference(key: .AdditionalADDomains) as? Bool == true {
os_log("Optional domain name allowed by AdditionalADDomains allow-all policy", log: uiLog, type: .default)
domainName = providedDomainName
return
}
if let optionalDomains = getManagedPreference(key: .ADDomainOptional) as? [String] {
if let optionalDomains = getManagedPreference(key: .AdditionalADDomains) as? [String] {
guard optionalDomains.contains(providedDomainName) else {
os_log("Optional domain name not allowed by ADDomainOptional whitelist policy", log: uiLog, type: .default)
os_log("Optional domain name not allowed by AdditionalADDomains whitelist policy", log: uiLog, type: .default)
return
}
os_log("Optional domain name allowed by ADDomainOptional whitelist policy", log: uiLog, type: .default)
os_log("Optional domain name allowed by AdditionalADDomains whitelist policy", log: uiLog, type: .default)
domainName = providedDomainName
return
}
os_log("Optional domain not name allowed by ADDomainOptional policy (false or not defined)", log: uiLog, type: .default)
os_log("Optional domain not name allowed by AdditionalADDomains policy (false or not defined)", log: uiLog, type: .default)
}
os_log("Using domain from managed domain", log: uiLog, type: .default)
return
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment