This file is indexed.

/usr/lib/ruby/vendor_ruby/chef_zero/endpoints/user_association_request_endpoint.rb is in chef-zero 5.1.1-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
require "ffi_yajl"
require "chef_zero/rest_base"

module ChefZero
  module Endpoints
    # /users/USER/association_requests/ID
    class UserAssociationRequestEndpoint < RestBase
      def put(request)
        username = request.rest_path[1]
        id = request.rest_path[3]
        if id !~ /^#{username}-(.+)/
          raise RestErrorResponse.new(400, "Association request #{id} is invalid.  Must be #{username}-orgname.")
        end
        orgname = $1

        json = FFI_Yajl::Parser.parse(request.body)
        association_request_path = [ "organizations", orgname, "association_requests", username ]
        if json["response"] == "accept"
          users = get_data(request, [ "organizations", orgname, "groups", "users" ])
          users = FFI_Yajl::Parser.parse(users)

          delete_data(request, association_request_path)
          create_data(request, [ "organizations", orgname, "users" ], username, "{}")

          # Add the user to the users group if it isn't already there
          if !users["users"] || !users["users"].include?(username)
            users["users"] ||= []
            users["users"] |= [ username ]
            set_data(request, [ "organizations", orgname, "groups", "users" ], FFI_Yajl::Encoder.encode(users, :pretty => true))
          end
        elsif json["response"] == "reject"
          delete_data(request, association_request_path)
        else
          raise RestErrorResponse.new(400, "response parameter was missing or set to the wrong value (must be accept or reject)")
        end
        json_response(200, { "organization" => { "name" => orgname } })
      end
    end
  end
end