[pve-devel] [PATCH access-control] openid: fix groups-claim regex
Mira Limbeck
m.limbeck at proxmox.com
Tue Apr 8 13:33:49 CEST 2025
The previous regex matched exactly that combination of characters,
rather than any combination of the specified ones.
Fixes: e80f840 ("openid: make groups-claim RE more restrictive")
Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
---
src/PVE/Auth/OpenId.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Auth/OpenId.pm b/src/PVE/Auth/OpenId.pm
index 4e496f0..92d75b7 100755
--- a/src/PVE/Auth/OpenId.pm
+++ b/src/PVE/Auth/OpenId.pm
@@ -10,7 +10,7 @@ use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file
use base qw(PVE::Auth::Plugin);
# FIXME: restrict username-claim as well?
-my $openid_claim_regex = qr/A-Za-z0-9\.\-_/;
+my $openid_claim_regex = qr/[A-Za-z0-9\.\-_]+/;
sub type {
return 'openid';
--
2.39.5
More information about the pve-devel
mailing list