previously, the default logger was passed, this logger was using the
default configuration and log level, not honoring log level in
particular.
As a consequence, it was impossible to get debug logs from the backend.
This is now working as expected.
Now the escaping is done by in the templates.
We need to remove the previous escaping done by hand in the code.
Otherwise, we end-up with double escaping and funky displaying of
fields.
With python 2 it was possible to do exception[0][...] to recover
details about an exception.
It's no longer authorized with python 3.
Now, we must do something like exception.args or exception.urls.
fortunately this syntax also works with python 2.
So we use it for both.
in python 2, (html) escape is part of the cgi module
in python 3, it's part of the html module
we now do a conditional import depending on the version, and name the
function html_escape.
python-ldap talks in bytes,
as the rest of ldapcherry talks in unicode utf-8:
* everything passed to python-ldap must be converted to bytes
* everything coming from python-ldap must be converted to unicode
The previous statement was true for python-ldap < version 3.X.
With versions > 3.0.0 and python 3, it gets tricky,
some parts of python-ldap takes string, specially the filters/escaper.
so we have now:
*_byte_p2 (unicode -> bytes conversion for python 2)
*_byte_p3 (unicode -> bytes conversion for python 3)
*_byte_p23 (unicode -> bytes conversion for python AND 3)
* python-ldap 3 is slightly different than 2 on how it handles modify
the modified attributes used to be transmitted as a dict, now it should
be transmitted as a list of dict)
* log where the backend is declared (role or attribute) when
inconsistency with main .ini file
* fix check of configuration, only role file was checked 2 times instead
on checking role one time and attribute one time
* <dict>.keys() seems to have a different behavior between 2 (return
"list") and 3 (return "dict_keys"), casting to "list" to avoid that.
* switch from script to entry_points in setup.py
* move the cli script in ldapcherry (to be used as a module)
* put the __main__ code in a dedicated function constituting the entry
point
* add a few python3 environments in travis file
* changes in urllib imports since quote_plus in urllib with python 2 and
in urllib.parse in python 3
* changes in imports for Sets since set is a native type in python 3 and
doesn't requires an import
* fix in __import__, '-1' level for module path discovery is not supported
anymore, switching to 0 (absolute import only).
- Switch from base64 to URL encoding for the passing the URL, using the built-in Mako filtering
- Apply HTML filtering to Mako output by default
- Disable HTML filtering for nested templates in adduser, modify, and selfmodify
Before, no particular treatment was done on the user attributes.
This caused some issues because python-ldap systematically returns
the attribute value as a list (even if it's mono-valuated).
Now we recover the attributes used in the group attr templates,
and we "normalize" the user attributes before using it in add_to_groups
and del_from_groups.
By normalize, we mean, transforming the list to it's unique value.
In case the attribute doesn't exist or is multi-valuated, it raises an
error.
previously, if a user didn't exist in one backend, the _deleteuser
function in ldapcherry would stop on the UserDoesntExist exception,
potentially leaving the user in other backends.
Now it logs it and continues to delete the user in other backend.
_check_auth can now return a 403 error instead of redirected to
the login page if needed (in case of the checkppolicy for example).
The default page handles post data and querystring better now.