From 6c3fb4975dd1497fd4bdbff368b4252c02b83ea9 Mon Sep 17 00:00:00 2001 From: kakwa Date: Thu, 7 Jul 2016 20:22:33 +0200 Subject: [PATCH] fix many encoding errors on login and password --- ldapcherry/__init__.py | 14 ++++++-------- ldapcherry/backend/backendLdap.py | 26 ++++++++++++++------------ tests/test_BackendLdap.py | 22 +++++++++++----------- tests/test_LdapCherry.py | 4 ++-- tests/test_env/etc/ldap/content.ldif | 4 ++-- 5 files changed, 35 insertions(+), 35 deletions(-) diff --git a/ldapcherry/__init__.py b/ldapcherry/__init__.py index 77511ba..3235b27 100644 --- a/ldapcherry/__init__.py +++ b/ldapcherry/__init__.py @@ -616,7 +616,7 @@ class LdapCherry(object): key = self.attributes.get_key() username = params['attrs'][key] sess = cherrypy.session - admin = str(sess.get(SESSION_KEY, None)) + admin = sess.get(SESSION_KEY, None) cherrypy.log.error( msg="user '" + username + "' added by '" + admin + "'", @@ -677,7 +677,7 @@ class LdapCherry(object): severity=logging.DEBUG ) sess = cherrypy.session - username = str(sess.get(SESSION_KEY, None)) + username = sess.get(SESSION_KEY, None) badd = self._modify_attrs( params, self.attributes.get_selfattributes(), @@ -707,7 +707,7 @@ class LdapCherry(object): ) sess = cherrypy.session - admin = str(sess.get(SESSION_KEY, None)) + admin = sess.get(SESSION_KEY, None) cherrypy.log.error( msg="user '" + username + "' modified by '" + admin + "'", @@ -793,7 +793,7 @@ class LdapCherry(object): def _deleteuser(self, username): sess = cherrypy.session - admin = str(sess.get(SESSION_KEY, None)) + admin = sess.get(SESSION_KEY, None) for b in self.backends: self.backends[b].del_user(username) @@ -886,14 +886,12 @@ class LdapCherry(object): self._check_auth(must_admin=False) is_admin = self._check_admin() sess = cherrypy.session - user = str(sess.get(SESSION_KEY, None)) + user = sess.get(SESSION_KEY, None) if self.auth_mode == 'none': user_attrs = None else: user_attrs = self._get_user(user) attrs_list = self.attributes.get_search_attributes() - print attrs_list - print user_attrs return self.temp['index.tmpl'].render( is_admin=is_admin, attrs_list=attrs_list, @@ -1095,7 +1093,7 @@ class LdapCherry(object): self._check_auth(must_admin=False) is_admin = self._check_admin() sess = cherrypy.session - user = str(sess.get(SESSION_KEY, None)) + user = sess.get(SESSION_KEY, None) if self.auth_mode == 'none': return self.temp['error.tmpl'].render( is_admin=is_admin, diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index 4828361..c85b2ef 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -244,10 +244,9 @@ class Backend(ldapcherry.backend.Backend): username = ldap.filter.escape_filter_chars(username) user_filter = self.user_filter_tmpl % { - 'username': username + 'username': self._uni(username) } - user_filter = self._str(user_filter) - r = self._search(user_filter, attrs, self.userdn) + r = self._search(self._str(user_filter), attrs, self.userdn) if len(r) == 0: return None @@ -279,11 +278,14 @@ class Backend(ldapcherry.backend.Backend): def auth(self, username, password): """Authentication of a user""" - binddn = self._str(self._get_user(username, NO_ATTR)) + binddn = self._get_user(self._str(username), NO_ATTR) if binddn is not None: ldap_client = self._connect() try: - ldap_client.simple_bind_s(binddn, password) + ldap_client.simple_bind_s( + self._str(binddn), + self._str(password) + ) except ldap.INVALID_CREDENTIALS: ldap_client.unbind_s() return False @@ -327,7 +329,7 @@ class Backend(ldapcherry.backend.Backend): """delete a user""" ldap_client = self._bind() # recover the user dn - dn = self._str(self._get_user(username, NO_ATTR)) + dn = self._str(self._get_user(self._str(username), NO_ATTR)) # delete if dn is not None: ldap_client.delete_s(dn) @@ -339,7 +341,7 @@ class Backend(ldapcherry.backend.Backend): def set_attrs(self, username, attrs): """ Set user attributes""" ldap_client = self._bind() - tmp = self._get_user(username, ALL_ATTRS) + tmp = self._get_user(self._str(username), ALL_ATTRS) dn = self._str(tmp[0]) old_attrs = tmp[1] for attr in attrs: @@ -382,7 +384,7 @@ class Backend(ldapcherry.backend.Backend): def add_to_groups(self, username, groups): ldap_client = self._bind() # recover dn of the user and his attributes - tmp = self._get_user(username, ALL_ATTRS) + tmp = self._get_user(self._str(username), ALL_ATTRS) dn = tmp[0] attrs = tmp[1] attrs['dn'] = dn @@ -435,7 +437,7 @@ class Backend(ldapcherry.backend.Backend): # it follows the same logic than add_to_groups # but with MOD_DELETE ldap_client = self._bind() - tmp = self._get_user(username, ALL_ATTRS) + tmp = self._get_user(self._str(username), ALL_ATTRS) dn = tmp[0] attrs = tmp[1] attrs['dn'] = dn @@ -467,7 +469,7 @@ class Backend(ldapcherry.backend.Backend): def search(self, searchstring): """Search users""" # escape special char to avoid injection - searchstring = ldap.filter.escape_filter_chars(searchstring) + searchstring = ldap.filter.escape_filter_chars(self._str(searchstring)) # fill the search string template searchfilter = self.search_filter_tmpl % { 'searchstring': searchstring @@ -492,7 +494,7 @@ class Backend(ldapcherry.backend.Backend): def get_user(self, username): """Gest a specific user""" ret = {} - tmp = self._get_user(username, ALL_ATTRS) + tmp = self._get_user(self._str(username), ALL_ATTRS) if tmp is None: raise UserDoesntExist(username, self.backend_name) attrs_tmp = tmp[1] @@ -506,7 +508,7 @@ class Backend(ldapcherry.backend.Backend): def get_groups(self, username): """Get all groups of a user""" - username = ldap.filter.escape_filter_chars(username) + username = ldap.filter.escape_filter_chars(self._str(username)) userdn = self._get_user(username, NO_ATTR) searchfilter = self.group_filter_tmpl % { diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index 34bd382..318f180 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -120,12 +120,12 @@ class TestError(object): def testAuthSuccess(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') - ret = inv.auth('jwatson', 'passwordwatson') + ret = inv.auth(u'jwatsoné', u'passwordwatsoné') assert ret == True def testAuthFailure(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') - res = inv.auth('notauser', 'password') or inv.auth('jwatson', 'notapassword') + res = inv.auth('notauser', 'password') or inv.auth(u'jwatsoné', 'notapasswordé') assert res == False def testMissingParam(self): @@ -140,13 +140,13 @@ class TestError(object): def testGetUser(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') - ret = inv.get_user('jwatson') - expected = {'uid': 'jwatson', 'cn': 'John Watson', 'sn': 'watson'} + ret = inv.get_user(u'jwatsoné') + expected = {'uid': u'jwatsoné', 'cn': 'John Watson', 'sn': 'watson'} assert ret == expected def testGetGroups(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') - ret = inv.get_groups('jwatson') + ret = inv.get_groups(u'jwatsoné') expected = ['cn=itpeople,ou=Groups,dc=example,dc=org'] assert ret == expected @@ -156,11 +156,11 @@ class TestError(object): 'cn=hrpeople,ou=Groups,dc=example,dc=org', 'cn=itpeople,ou=Groups,dc=example,dc=org', ] - inv.add_to_groups('jwatson', groups) - ret = inv.get_groups('jwatson') + inv.add_to_groups(u'jwatsoné', groups) + ret = inv.get_groups(u'jwatsoné') print ret - inv.del_from_groups('jwatson', ['cn=hrpeople,ou=Groups,dc=example,dc=org']) - inv.del_from_groups('jwatson', ['cn=hrpeople,ou=Groups,dc=example,dc=org']) + inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org']) + inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org']) assert ret == ['cn=itpeople,ou=Groups,dc=example,dc=org', 'cn=hrpeople,ou=Groups,dc=example,dc=org'] @@ -236,8 +236,8 @@ class TestError(object): def testGetUser(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') - ret = inv.get_user('jwatson') - expected = {'uid': 'jwatson', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatson'} + ret = inv.get_user(u'jwatsoné') + expected = {'uid': u'jwatsoné', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatsoné'} assert ret == expected def testAddUserMissingMustattribute(self): diff --git a/tests/test_LdapCherry.py b/tests/test_LdapCherry.py index a043d9c..85cbe26 100644 --- a/tests/test_LdapCherry.py +++ b/tests/test_LdapCherry.py @@ -158,7 +158,7 @@ class TestError(object): loadconf('./tests/cfg/ldapcherry_test.ini', app) app.auth_mode = 'or' try: - app.login('jwatson', 'passwordwatson') + app.login('jwatsoné', 'passwordwatsoné') except cherrypy.HTTPRedirect as e: expected = 'http://127.0.0.1:8080/' assert e[0][0] == expected @@ -170,7 +170,7 @@ class TestError(object): loadconf('./tests/cfg/ldapcherry_test.ini', app) app.auth_mode = 'or' try: - app.login('jwatson', 'wrongPassword') + app.login('jwatsoné', 'wrongPasswordé') except cherrypy.HTTPRedirect as e: expected = 'http://127.0.0.1:8080/signin' assert e[0][0] == expected diff --git a/tests/test_env/etc/ldap/content.ldif b/tests/test_env/etc/ldap/content.ldif index f20c962..dc166cd 100644 --- a/tests/test_env/etc/ldap/content.ldif +++ b/tests/test_env/etc/ldap/content.ldif @@ -61,8 +61,8 @@ dn: cn=John Watson,ou=people,dc=example,dc=org objectclass: inetOrgPerson cn: John Watson sn: watson -uid: jwatson -userpassword: passwordwatson +uid: jwatsoné +userpassword: passwordwatsoné carlicense: HERCAR 125 homephone: 555-111-2225 mail: j.watson@example.com