Update user.py

Escape user login
LibrIT · Jan 26, 2021 · ca8c1c2 · ca8c1c2
1 parent dcd26de
commit ca8c1c2
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/passhportd/app/views_mod/user/user.py b/passhportd/app/views_mod/user/user.py
@@ -6,6 +6,7 @@
 
 from io import open
 from ldap3 import Server, Connection, ALL
+from ldap3.utils.dn import escape_rdn
 from flask import request
 from sqlalchemy import exc
 from sqlalchemy.orm import sessionmaker
@@ -80,6 +81,8 @@ def user_login():
     # Check for required fields
     if not login or not password:
         return utils.response("ERROR: The login and password are required ", 417)
+    elif login != escape_rdn(login):
+        return utils.response("ERROR: Bad input", 417)
 
     # Check data validity uppon LDAP/local/whatever...
     result = try_login(login, password)