Skip to content

Commit

Permalink
fix many encoding errors on login and password
Browse files Browse the repository at this point in the history
  • Loading branch information
@kakwa
kakwa committed Jul 7, 2016
1 parent 9600f47 commit 6c3fb49
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 35 deletions.
14 changes: 6 additions & 8 deletions ldapcherry/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -616,7 +616,7 @@ def _adduser(self, params):
key = self.attributes.get_key()
username = params['attrs'][key]
sess = cherrypy.session
admin = str(sess.get(SESSION_KEY, None))
admin = sess.get(SESSION_KEY, None)

cherrypy.log.error(
msg="user '" + username + "' added by '" + admin + "'",
Expand Down Expand Up @@ -677,7 +677,7 @@ def _selfmodify(self, params):
severity=logging.DEBUG
)
sess = cherrypy.session
username = str(sess.get(SESSION_KEY, None))
username = sess.get(SESSION_KEY, None)
badd = self._modify_attrs(
params,
self.attributes.get_selfattributes(),
Expand Down Expand Up @@ -707,7 +707,7 @@ def _modify(self, params):
)

sess = cherrypy.session
admin = str(sess.get(SESSION_KEY, None))
admin = sess.get(SESSION_KEY, None)

cherrypy.log.error(
msg="user '" + username + "' modified by '" + admin + "'",
Expand Down Expand Up @@ -793,7 +793,7 @@ def _modify(self, params):

def _deleteuser(self, username):
sess = cherrypy.session
admin = str(sess.get(SESSION_KEY, None))
admin = sess.get(SESSION_KEY, None)

for b in self.backends:
self.backends[b].del_user(username)
Expand Down Expand Up @@ -886,14 +886,12 @@ def index(self):
self._check_auth(must_admin=False)
is_admin = self._check_admin()
sess = cherrypy.session
user = str(sess.get(SESSION_KEY, None))
user = sess.get(SESSION_KEY, None)
if self.auth_mode == 'none':
user_attrs = None
else:
user_attrs = self._get_user(user)
attrs_list = self.attributes.get_search_attributes()
print attrs_list
print user_attrs
return self.temp['index.tmpl'].render(
is_admin=is_admin,
attrs_list=attrs_list,
Expand Down Expand Up @@ -1095,7 +1093,7 @@ def selfmodify(self, **params):
self._check_auth(must_admin=False)
is_admin = self._check_admin()
sess = cherrypy.session
user = str(sess.get(SESSION_KEY, None))
user = sess.get(SESSION_KEY, None)
if self.auth_mode == 'none':
return self.temp['error.tmpl'].render(
is_admin=is_admin,
Expand Down
26 changes: 14 additions & 12 deletions ldapcherry/backend/backendLdap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,10 +244,9 @@ def _get_user(self, username, attrs=ALL_ATTRS):

username = ldap.filter.escape_filter_chars(username)
user_filter = self.user_filter_tmpl % {
'username': username
'username': self._uni(username)
}
user_filter = self._str(user_filter)
r = self._search(user_filter, attrs, self.userdn)
r = self._search(self._str(user_filter), attrs, self.userdn)

if len(r) == 0:
return None
Expand Down Expand Up @@ -279,11 +278,14 @@ def _uni(self, s):
def auth(self, username, password):
"""Authentication of a user"""

binddn = self._str(self._get_user(username, NO_ATTR))
binddn = self._get_user(self._str(username), NO_ATTR)
if binddn is not None:
ldap_client = self._connect()
try:
ldap_client.simple_bind_s(binddn, password)
ldap_client.simple_bind_s(
self._str(binddn),
self._str(password)
)
except ldap.INVALID_CREDENTIALS:
ldap_client.unbind_s()
return False
Expand Down Expand Up @@ -327,7 +329,7 @@ def del_user(self, username):
"""delete a user"""
ldap_client = self._bind()
# recover the user dn
dn = self._str(self._get_user(username, NO_ATTR))
dn = self._str(self._get_user(self._str(username), NO_ATTR))
# delete
if dn is not None:
ldap_client.delete_s(dn)
Expand All @@ -339,7 +341,7 @@ def del_user(self, username):
def set_attrs(self, username, attrs):
""" Set user attributes"""
ldap_client = self._bind()
tmp = self._get_user(username, ALL_ATTRS)
tmp = self._get_user(self._str(username), ALL_ATTRS)
dn = self._str(tmp[0])
old_attrs = tmp[1]
for attr in attrs:
Expand Down Expand Up @@ -382,7 +384,7 @@ def set_attrs(self, username, attrs):
def add_to_groups(self, username, groups):
ldap_client = self._bind()
# recover dn of the user and his attributes
tmp = self._get_user(username, ALL_ATTRS)
tmp = self._get_user(self._str(username), ALL_ATTRS)
dn = tmp[0]
attrs = tmp[1]
attrs['dn'] = dn
Expand Down Expand Up @@ -435,7 +437,7 @@ def del_from_groups(self, username, groups):
# it follows the same logic than add_to_groups
# but with MOD_DELETE
ldap_client = self._bind()
tmp = self._get_user(username, ALL_ATTRS)
tmp = self._get_user(self._str(username), ALL_ATTRS)
dn = tmp[0]
attrs = tmp[1]
attrs['dn'] = dn
Expand Down Expand Up @@ -467,7 +469,7 @@ def del_from_groups(self, username, groups):
def search(self, searchstring):
"""Search users"""
# escape special char to avoid injection
searchstring = ldap.filter.escape_filter_chars(searchstring)
searchstring = ldap.filter.escape_filter_chars(self._str(searchstring))
# fill the search string template
searchfilter = self.search_filter_tmpl % {
'searchstring': searchstring
Expand All @@ -492,7 +494,7 @@ def search(self, searchstring):
def get_user(self, username):
"""Gest a specific user"""
ret = {}
tmp = self._get_user(username, ALL_ATTRS)
tmp = self._get_user(self._str(username), ALL_ATTRS)
if tmp is None:
raise UserDoesntExist(username, self.backend_name)
attrs_tmp = tmp[1]
Expand All @@ -506,7 +508,7 @@ def get_user(self, username):

def get_groups(self, username):
"""Get all groups of a user"""
username = ldap.filter.escape_filter_chars(username)
username = ldap.filter.escape_filter_chars(self._str(username))
userdn = self._get_user(username, NO_ATTR)

searchfilter = self.group_filter_tmpl % {
Expand Down
22 changes: 11 additions & 11 deletions tests/test_BackendLdap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,12 @@ def testConnectStartTLS(self):

def testAuthSuccess(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.auth('jwatson', 'passwordwatson')
ret = inv.auth(u'jwatsoné', u'passwordwatsoné')
assert ret == True

def testAuthFailure(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
res = inv.auth('notauser', 'password') or inv.auth('jwatson', 'notapassword')
res = inv.auth('notauser', 'password') or inv.auth(u'jwatsoné', 'notapasswordé')
assert res == False

def testMissingParam(self):
Expand All @@ -140,13 +140,13 @@ def testMissingParam(self):

def testGetUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_user('jwatson')
expected = {'uid': 'jwatson', 'cn': 'John Watson', 'sn': 'watson'}
ret = inv.get_user(u'jwatsoné')
expected = {'uid': u'jwatsoné', 'cn': 'John Watson', 'sn': 'watson'}
assert ret == expected

def testGetGroups(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_groups('jwatson')
ret = inv.get_groups(u'jwatsoné')
expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']
assert ret == expected

Expand All @@ -156,11 +156,11 @@ def testAddDeleteGroups(self):
'cn=hrpeople,ou=Groups,dc=example,dc=org',
'cn=itpeople,ou=Groups,dc=example,dc=org',
]
inv.add_to_groups('jwatson', groups)
ret = inv.get_groups('jwatson')
inv.add_to_groups(u'jwatsoné', groups)
ret = inv.get_groups(u'jwatsoné')
print ret
inv.del_from_groups('jwatson', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
inv.del_from_groups('jwatson', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
assert ret == ['cn=itpeople,ou=Groups,dc=example,dc=org', 'cn=hrpeople,ou=Groups,dc=example,dc=org']


Expand Down Expand Up @@ -236,8 +236,8 @@ def testDelUserDontExists(self):

def testGetUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_user('jwatson')
expected = {'uid': 'jwatson', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatson'}
ret = inv.get_user(u'jwatsoné')
expected = {'uid': u'jwatsoné', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatsoné'}
assert ret == expected

def testAddUserMissingMustattribute(self):
Expand Down
4 changes: 2 additions & 2 deletions tests/test_LdapCherry.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ def testLogin(self):
loadconf('./tests/cfg/ldapcherry_test.ini', app)
app.auth_mode = 'or'
try:
app.login('jwatson', 'passwordwatson')
app.login('jwatsoné', 'passwordwatsoné')
except cherrypy.HTTPRedirect as e:
expected = 'http://127.0.0.1:8080/'
assert e[0][0] == expected
Expand All @@ -170,7 +170,7 @@ def testLoginFailure(self):
loadconf('./tests/cfg/ldapcherry_test.ini', app)
app.auth_mode = 'or'
try:
app.login('jwatson', 'wrongPassword')
app.login('jwatsoné', 'wrongPasswordé')
except cherrypy.HTTPRedirect as e:
expected = 'http://127.0.0.1:8080/signin'
assert e[0][0] == expected
Expand Down
4 changes: 2 additions & 2 deletions tests/test_env/etc/ldap/content.ldif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,8 @@ dn: cn=John Watson,ou=people,dc=example,dc=org
objectclass: inetOrgPerson
cn: John Watson
sn: watson
uid: jwatson
userpassword: passwordwatson
uid: jwatsoné
userpassword: passwordwatsoné
carlicense: HERCAR 125
homephone: 555-111-2225
mail: j.watson@example.com
Expand Down

0 comments on commit 6c3fb49

Please sign in to comment.