mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-22 09:24:21 +01:00
fix many encoding errors on login and password
This commit is contained in:
parent
9600f47e13
commit
6c3fb4975d
@ -616,7 +616,7 @@ class LdapCherry(object):
|
|||||||
key = self.attributes.get_key()
|
key = self.attributes.get_key()
|
||||||
username = params['attrs'][key]
|
username = params['attrs'][key]
|
||||||
sess = cherrypy.session
|
sess = cherrypy.session
|
||||||
admin = str(sess.get(SESSION_KEY, None))
|
admin = sess.get(SESSION_KEY, None)
|
||||||
|
|
||||||
cherrypy.log.error(
|
cherrypy.log.error(
|
||||||
msg="user '" + username + "' added by '" + admin + "'",
|
msg="user '" + username + "' added by '" + admin + "'",
|
||||||
@ -677,7 +677,7 @@ class LdapCherry(object):
|
|||||||
severity=logging.DEBUG
|
severity=logging.DEBUG
|
||||||
)
|
)
|
||||||
sess = cherrypy.session
|
sess = cherrypy.session
|
||||||
username = str(sess.get(SESSION_KEY, None))
|
username = sess.get(SESSION_KEY, None)
|
||||||
badd = self._modify_attrs(
|
badd = self._modify_attrs(
|
||||||
params,
|
params,
|
||||||
self.attributes.get_selfattributes(),
|
self.attributes.get_selfattributes(),
|
||||||
@ -707,7 +707,7 @@ class LdapCherry(object):
|
|||||||
)
|
)
|
||||||
|
|
||||||
sess = cherrypy.session
|
sess = cherrypy.session
|
||||||
admin = str(sess.get(SESSION_KEY, None))
|
admin = sess.get(SESSION_KEY, None)
|
||||||
|
|
||||||
cherrypy.log.error(
|
cherrypy.log.error(
|
||||||
msg="user '" + username + "' modified by '" + admin + "'",
|
msg="user '" + username + "' modified by '" + admin + "'",
|
||||||
@ -793,7 +793,7 @@ class LdapCherry(object):
|
|||||||
|
|
||||||
def _deleteuser(self, username):
|
def _deleteuser(self, username):
|
||||||
sess = cherrypy.session
|
sess = cherrypy.session
|
||||||
admin = str(sess.get(SESSION_KEY, None))
|
admin = sess.get(SESSION_KEY, None)
|
||||||
|
|
||||||
for b in self.backends:
|
for b in self.backends:
|
||||||
self.backends[b].del_user(username)
|
self.backends[b].del_user(username)
|
||||||
@ -886,14 +886,12 @@ class LdapCherry(object):
|
|||||||
self._check_auth(must_admin=False)
|
self._check_auth(must_admin=False)
|
||||||
is_admin = self._check_admin()
|
is_admin = self._check_admin()
|
||||||
sess = cherrypy.session
|
sess = cherrypy.session
|
||||||
user = str(sess.get(SESSION_KEY, None))
|
user = sess.get(SESSION_KEY, None)
|
||||||
if self.auth_mode == 'none':
|
if self.auth_mode == 'none':
|
||||||
user_attrs = None
|
user_attrs = None
|
||||||
else:
|
else:
|
||||||
user_attrs = self._get_user(user)
|
user_attrs = self._get_user(user)
|
||||||
attrs_list = self.attributes.get_search_attributes()
|
attrs_list = self.attributes.get_search_attributes()
|
||||||
print attrs_list
|
|
||||||
print user_attrs
|
|
||||||
return self.temp['index.tmpl'].render(
|
return self.temp['index.tmpl'].render(
|
||||||
is_admin=is_admin,
|
is_admin=is_admin,
|
||||||
attrs_list=attrs_list,
|
attrs_list=attrs_list,
|
||||||
@ -1095,7 +1093,7 @@ class LdapCherry(object):
|
|||||||
self._check_auth(must_admin=False)
|
self._check_auth(must_admin=False)
|
||||||
is_admin = self._check_admin()
|
is_admin = self._check_admin()
|
||||||
sess = cherrypy.session
|
sess = cherrypy.session
|
||||||
user = str(sess.get(SESSION_KEY, None))
|
user = sess.get(SESSION_KEY, None)
|
||||||
if self.auth_mode == 'none':
|
if self.auth_mode == 'none':
|
||||||
return self.temp['error.tmpl'].render(
|
return self.temp['error.tmpl'].render(
|
||||||
is_admin=is_admin,
|
is_admin=is_admin,
|
||||||
|
@ -244,10 +244,9 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
username = ldap.filter.escape_filter_chars(username)
|
username = ldap.filter.escape_filter_chars(username)
|
||||||
user_filter = self.user_filter_tmpl % {
|
user_filter = self.user_filter_tmpl % {
|
||||||
'username': username
|
'username': self._uni(username)
|
||||||
}
|
}
|
||||||
user_filter = self._str(user_filter)
|
r = self._search(self._str(user_filter), attrs, self.userdn)
|
||||||
r = self._search(user_filter, attrs, self.userdn)
|
|
||||||
|
|
||||||
if len(r) == 0:
|
if len(r) == 0:
|
||||||
return None
|
return None
|
||||||
@ -279,11 +278,14 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def auth(self, username, password):
|
def auth(self, username, password):
|
||||||
"""Authentication of a user"""
|
"""Authentication of a user"""
|
||||||
|
|
||||||
binddn = self._str(self._get_user(username, NO_ATTR))
|
binddn = self._get_user(self._str(username), NO_ATTR)
|
||||||
if binddn is not None:
|
if binddn is not None:
|
||||||
ldap_client = self._connect()
|
ldap_client = self._connect()
|
||||||
try:
|
try:
|
||||||
ldap_client.simple_bind_s(binddn, password)
|
ldap_client.simple_bind_s(
|
||||||
|
self._str(binddn),
|
||||||
|
self._str(password)
|
||||||
|
)
|
||||||
except ldap.INVALID_CREDENTIALS:
|
except ldap.INVALID_CREDENTIALS:
|
||||||
ldap_client.unbind_s()
|
ldap_client.unbind_s()
|
||||||
return False
|
return False
|
||||||
@ -327,7 +329,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
"""delete a user"""
|
"""delete a user"""
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
# recover the user dn
|
# recover the user dn
|
||||||
dn = self._str(self._get_user(username, NO_ATTR))
|
dn = self._str(self._get_user(self._str(username), NO_ATTR))
|
||||||
# delete
|
# delete
|
||||||
if dn is not None:
|
if dn is not None:
|
||||||
ldap_client.delete_s(dn)
|
ldap_client.delete_s(dn)
|
||||||
@ -339,7 +341,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def set_attrs(self, username, attrs):
|
def set_attrs(self, username, attrs):
|
||||||
""" Set user attributes"""
|
""" Set user attributes"""
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
tmp = self._get_user(username, ALL_ATTRS)
|
tmp = self._get_user(self._str(username), ALL_ATTRS)
|
||||||
dn = self._str(tmp[0])
|
dn = self._str(tmp[0])
|
||||||
old_attrs = tmp[1]
|
old_attrs = tmp[1]
|
||||||
for attr in attrs:
|
for attr in attrs:
|
||||||
@ -382,7 +384,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def add_to_groups(self, username, groups):
|
def add_to_groups(self, username, groups):
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
# recover dn of the user and his attributes
|
# recover dn of the user and his attributes
|
||||||
tmp = self._get_user(username, ALL_ATTRS)
|
tmp = self._get_user(self._str(username), ALL_ATTRS)
|
||||||
dn = tmp[0]
|
dn = tmp[0]
|
||||||
attrs = tmp[1]
|
attrs = tmp[1]
|
||||||
attrs['dn'] = dn
|
attrs['dn'] = dn
|
||||||
@ -435,7 +437,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
# it follows the same logic than add_to_groups
|
# it follows the same logic than add_to_groups
|
||||||
# but with MOD_DELETE
|
# but with MOD_DELETE
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
tmp = self._get_user(username, ALL_ATTRS)
|
tmp = self._get_user(self._str(username), ALL_ATTRS)
|
||||||
dn = tmp[0]
|
dn = tmp[0]
|
||||||
attrs = tmp[1]
|
attrs = tmp[1]
|
||||||
attrs['dn'] = dn
|
attrs['dn'] = dn
|
||||||
@ -467,7 +469,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def search(self, searchstring):
|
def search(self, searchstring):
|
||||||
"""Search users"""
|
"""Search users"""
|
||||||
# escape special char to avoid injection
|
# escape special char to avoid injection
|
||||||
searchstring = ldap.filter.escape_filter_chars(searchstring)
|
searchstring = ldap.filter.escape_filter_chars(self._str(searchstring))
|
||||||
# fill the search string template
|
# fill the search string template
|
||||||
searchfilter = self.search_filter_tmpl % {
|
searchfilter = self.search_filter_tmpl % {
|
||||||
'searchstring': searchstring
|
'searchstring': searchstring
|
||||||
@ -492,7 +494,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def get_user(self, username):
|
def get_user(self, username):
|
||||||
"""Gest a specific user"""
|
"""Gest a specific user"""
|
||||||
ret = {}
|
ret = {}
|
||||||
tmp = self._get_user(username, ALL_ATTRS)
|
tmp = self._get_user(self._str(username), ALL_ATTRS)
|
||||||
if tmp is None:
|
if tmp is None:
|
||||||
raise UserDoesntExist(username, self.backend_name)
|
raise UserDoesntExist(username, self.backend_name)
|
||||||
attrs_tmp = tmp[1]
|
attrs_tmp = tmp[1]
|
||||||
@ -506,7 +508,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
def get_groups(self, username):
|
def get_groups(self, username):
|
||||||
"""Get all groups of a user"""
|
"""Get all groups of a user"""
|
||||||
username = ldap.filter.escape_filter_chars(username)
|
username = ldap.filter.escape_filter_chars(self._str(username))
|
||||||
userdn = self._get_user(username, NO_ATTR)
|
userdn = self._get_user(username, NO_ATTR)
|
||||||
|
|
||||||
searchfilter = self.group_filter_tmpl % {
|
searchfilter = self.group_filter_tmpl % {
|
||||||
|
@ -120,12 +120,12 @@ class TestError(object):
|
|||||||
|
|
||||||
def testAuthSuccess(self):
|
def testAuthSuccess(self):
|
||||||
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
||||||
ret = inv.auth('jwatson', 'passwordwatson')
|
ret = inv.auth(u'jwatsoné', u'passwordwatsoné')
|
||||||
assert ret == True
|
assert ret == True
|
||||||
|
|
||||||
def testAuthFailure(self):
|
def testAuthFailure(self):
|
||||||
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
||||||
res = inv.auth('notauser', 'password') or inv.auth('jwatson', 'notapassword')
|
res = inv.auth('notauser', 'password') or inv.auth(u'jwatsoné', 'notapasswordé')
|
||||||
assert res == False
|
assert res == False
|
||||||
|
|
||||||
def testMissingParam(self):
|
def testMissingParam(self):
|
||||||
@ -140,13 +140,13 @@ class TestError(object):
|
|||||||
|
|
||||||
def testGetUser(self):
|
def testGetUser(self):
|
||||||
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
||||||
ret = inv.get_user('jwatson')
|
ret = inv.get_user(u'jwatsoné')
|
||||||
expected = {'uid': 'jwatson', 'cn': 'John Watson', 'sn': 'watson'}
|
expected = {'uid': u'jwatsoné', 'cn': 'John Watson', 'sn': 'watson'}
|
||||||
assert ret == expected
|
assert ret == expected
|
||||||
|
|
||||||
def testGetGroups(self):
|
def testGetGroups(self):
|
||||||
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
||||||
ret = inv.get_groups('jwatson')
|
ret = inv.get_groups(u'jwatsoné')
|
||||||
expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']
|
expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']
|
||||||
assert ret == expected
|
assert ret == expected
|
||||||
|
|
||||||
@ -156,11 +156,11 @@ class TestError(object):
|
|||||||
'cn=hrpeople,ou=Groups,dc=example,dc=org',
|
'cn=hrpeople,ou=Groups,dc=example,dc=org',
|
||||||
'cn=itpeople,ou=Groups,dc=example,dc=org',
|
'cn=itpeople,ou=Groups,dc=example,dc=org',
|
||||||
]
|
]
|
||||||
inv.add_to_groups('jwatson', groups)
|
inv.add_to_groups(u'jwatsoné', groups)
|
||||||
ret = inv.get_groups('jwatson')
|
ret = inv.get_groups(u'jwatsoné')
|
||||||
print ret
|
print ret
|
||||||
inv.del_from_groups('jwatson', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
|
inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
|
||||||
inv.del_from_groups('jwatson', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
|
inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
|
||||||
assert ret == ['cn=itpeople,ou=Groups,dc=example,dc=org', 'cn=hrpeople,ou=Groups,dc=example,dc=org']
|
assert ret == ['cn=itpeople,ou=Groups,dc=example,dc=org', 'cn=hrpeople,ou=Groups,dc=example,dc=org']
|
||||||
|
|
||||||
|
|
||||||
@ -236,8 +236,8 @@ class TestError(object):
|
|||||||
|
|
||||||
def testGetUser(self):
|
def testGetUser(self):
|
||||||
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
|
||||||
ret = inv.get_user('jwatson')
|
ret = inv.get_user(u'jwatsoné')
|
||||||
expected = {'uid': 'jwatson', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatson'}
|
expected = {'uid': u'jwatsoné', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatsoné'}
|
||||||
assert ret == expected
|
assert ret == expected
|
||||||
|
|
||||||
def testAddUserMissingMustattribute(self):
|
def testAddUserMissingMustattribute(self):
|
||||||
|
@ -158,7 +158,7 @@ class TestError(object):
|
|||||||
loadconf('./tests/cfg/ldapcherry_test.ini', app)
|
loadconf('./tests/cfg/ldapcherry_test.ini', app)
|
||||||
app.auth_mode = 'or'
|
app.auth_mode = 'or'
|
||||||
try:
|
try:
|
||||||
app.login('jwatson', 'passwordwatson')
|
app.login('jwatsoné', 'passwordwatsoné')
|
||||||
except cherrypy.HTTPRedirect as e:
|
except cherrypy.HTTPRedirect as e:
|
||||||
expected = 'http://127.0.0.1:8080/'
|
expected = 'http://127.0.0.1:8080/'
|
||||||
assert e[0][0] == expected
|
assert e[0][0] == expected
|
||||||
@ -170,7 +170,7 @@ class TestError(object):
|
|||||||
loadconf('./tests/cfg/ldapcherry_test.ini', app)
|
loadconf('./tests/cfg/ldapcherry_test.ini', app)
|
||||||
app.auth_mode = 'or'
|
app.auth_mode = 'or'
|
||||||
try:
|
try:
|
||||||
app.login('jwatson', 'wrongPassword')
|
app.login('jwatsoné', 'wrongPasswordé')
|
||||||
except cherrypy.HTTPRedirect as e:
|
except cherrypy.HTTPRedirect as e:
|
||||||
expected = 'http://127.0.0.1:8080/signin'
|
expected = 'http://127.0.0.1:8080/signin'
|
||||||
assert e[0][0] == expected
|
assert e[0][0] == expected
|
||||||
|
@ -61,8 +61,8 @@ dn: cn=John Watson,ou=people,dc=example,dc=org
|
|||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
cn: John Watson
|
cn: John Watson
|
||||||
sn: watson
|
sn: watson
|
||||||
uid: jwatson
|
uid: jwatsoné
|
||||||
userpassword: passwordwatson
|
userpassword: passwordwatsoné
|
||||||
carlicense: HERCAR 125
|
carlicense: HERCAR 125
|
||||||
homephone: 555-111-2225
|
homephone: 555-111-2225
|
||||||
mail: j.watson@example.com
|
mail: j.watson@example.com
|
||||||
|
Loading…
Reference in New Issue
Block a user