Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

bug 922183 - Strange UnicodeEncodeError on trying to log in, r=Pike

  • Loading branch information...
commit cd2ce6037737103be1664f069778437aa19e5ff0 1 parent 5f78a11
@peterbe peterbe authored
Showing with 66 additions and 4 deletions.
  1. +9 −4 lib/auth/backends.py
  2. +57 −0 lib/auth/tests.py
View
13 lib/auth/backends.py
@@ -9,7 +9,7 @@
from django.contrib.auth.backends import RemoteUserBackend
from django.core.validators import email_re
from django.utils.hashcompat import md5_constructor
-from django.utils.encoding import force_unicode
+from django.utils.encoding import force_unicode, smart_str
import os
HERE = os.path.abspath(os.path.dirname(__file__))
@@ -125,6 +125,11 @@ def disconnect(self):
def _authenticate_ldap(self, mail, password, user=None):
self.connect()
+ # Because the mail and password is taken in request.POST it's
+ # unicode strings, we have to convert it to a byte strings
+ # before sending.
+ # However, we want to do this as late as possible.
+
# first, figure out the uid
search_filter = self.make_search_filter(dict(mail=mail))
@@ -134,7 +139,7 @@ def _authenticate_ldap(self, mail, password, user=None):
results = self.ldo.search_s(
"dc=mozilla",
ldap.SCOPE_SUBTREE,
- search_filter,
+ smart_str(search_filter),
['uid', 'givenName', 'sn', 'mail']
)
if not results:
@@ -165,7 +170,7 @@ def _authenticate_ldap(self, mail, password, user=None):
group_results = self.ldo.search_s(
"ou=groups,dc=mozilla",
ldap.SCOPE_SUBTREE,
- search_filter,
+ smart_str(search_filter),
['cn']
)
groups = []
@@ -179,7 +184,7 @@ def _authenticate_ldap(self, mail, password, user=None):
# need to check if their password is correct
self.initialize()
try:
- self.ldo.simple_bind_s(uid, password)
+ self.ldo.simple_bind_s(smart_str(uid), smart_str(password))
except ldap.INVALID_CREDENTIALS: # Bad password, credentials are bad.
return
except ldap.UNWILLING_TO_PERFORM: # Bad password, credentials are bad.
View
57 lib/auth/tests.py
@@ -33,6 +33,9 @@ def search_s(self, search, *args, **kargs):
return self.search_result[search]
def simple_bind_s(self, dn, password):
+ # to simulate how _ldap works we have to have byte strings here
+ assert isinstance(dn, str)
+ assert isinstance(password, str)
if self.credentials is None:
# password check passed
return
@@ -143,6 +146,60 @@ def test_authenticate_with_ldap_new_user_with_long_email(self):
ok_(not user.has_usable_password())
ok_(not user.check_password('secret'))
+ def test_authenticate_with_non_ascii_mail(self):
+ assert not User.objects.all().exists()
+ ldap.open = Mock('ldap.open')
+ ldap.open.mock_returns = Mock('ldap_connection')
+ ldap.set_option = Mock(return_value=None)
+
+ email = u'm\xc3@example.com'
+ fake_user = [
+ ('mail=%s,...' % email,
+ {'cn': ['Peter Bengtsson'],
+ 'givenName': ['Peter'],
+ 'mail': [email],
+ 'sn': ['Bengtsson'],
+ 'uid': ['pbengtsson']
+ })
+ ]
+
+ ldap.initialize = Mock(return_value=MockLDAP({
+ 'dc=mozilla': fake_user,
+ 'ou=groups,dc=mozilla': self.fake_group
+ }))
+ backend = MozLdapBackend()
+
+ user = backend.authenticate(email, 'secret')
+ ok_(user)
+ ok_(User.objects.get(email=email))
+
+ def test_authenticate_with_non_ascii_password(self):
+ assert not User.objects.all().exists()
+ ldap.open = Mock('ldap.open')
+ ldap.open.mock_returns = Mock('ldap_connection')
+ ldap.set_option = Mock(return_value=None)
+
+ email = 'meh@example.com'
+ fake_user = [
+ ('mail=%s,...' % email,
+ {'cn': ['Peter Bengtsson'],
+ 'givenName': ['Peter'],
+ 'mail': [email],
+ 'sn': ['Bengtsson'],
+ 'uid': ['pbengtsson']
+ })
+ ]
+
+ ldap.initialize = Mock(return_value=MockLDAP({
+ 'dc=mozilla': fake_user,
+ 'ou=groups,dc=mozilla': self.fake_group
+ }))
+ backend = MozLdapBackend()
+
+ user = backend.authenticate(email, u's\xc4cret')
+ ok_(user)
+ ok_(User.objects.get(email=email))
+
def test_authenticate_with_ldap_existing_user(self):
assert not User.objects.all().exists()
user = User.objects.create(
Please sign in to comment.
Something went wrong with that request. Please try again.