[Bps-public-commit] rt-authen-externalauth branch, master, updated. 0.10-2-g927f8ee

Thomas Sibley trs at bestpractical.com
Thu Feb 23 11:28:20 EST 2012


The branch, master has been updated
       via  927f8ee777ca87f45dac5f2a1adacdbd3d428a34 (commit)
       via  6323aed5c296924120f1f4659c19c7f03f598f51 (commit)
      from  3154934ceca60f167bdcf2caf35973af476369c3 (commit)

Summary of changes:
 lib/RT/Authen/ExternalAuth/LDAP.pm |    8 ++++----
 xt/ldap_escaping.t                 |   26 +++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 5 deletions(-)

- Log -----------------------------------------------------------------
commit 6323aed5c296924120f1f4659c19c7f03f598f51
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Thu Feb 23 11:09:31 2012 -0500

    Escape the rest of the filter values we use in constructed filters
    
    Usernames with special characters—e.g. parens—were breaking all of our
    normal filters.

diff --git a/lib/RT/Authen/ExternalAuth/LDAP.pm b/lib/RT/Authen/ExternalAuth/LDAP.pm
index a8fcb95..b228e77 100644
--- a/lib/RT/Authen/ExternalAuth/LDAP.pm
+++ b/lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -39,7 +39,7 @@ sub GetAuth {
     $filter = Net::LDAP::Filter->new(   '(&(' . 
                                         $attr_map->{'Name'} . 
                                         '=' . 
-                                        $username . 
+                                        escape_filter_value($username) . 
                                         ')' . 
                                         $filter . 
                                         ')'
@@ -188,7 +188,7 @@ sub CanonicalizeUserInfo {
     my @attrs = values(%{$config->{'attr_map'}});
 
     # This is a bit confusing and probably broken. Something to revisit..
-    my $filter_addition = ($key && $value) ? "(". $key . "=$value)" : "";
+    my $filter_addition = ($key && $value) ? "(". $key . "=". escape_filter_value($value) .")" : "";
     if(defined($filter) && ($filter ne "()")) {
         $filter = Net::LDAP::Filter->new(   "(&" . 
                                             $filter . 
@@ -315,7 +315,7 @@ sub UserExists {
                                                     '(' . 
                                                     $config->{'attr_map'}->{'Name'} . 
                                                     '=' . 
-                                                    $username . 
+                                                    escape_filter_value($username) . 
                                                     '))'
                                         );
     }
@@ -400,7 +400,7 @@ sub UserDisabled {
                                                     '(' . 
                                                     $config->{'attr_map'}->{'Name'} . 
                                                     '=' . 
-                                                    $username . 
+                                                    escape_filter_value($username) . 
                                                     '))'
                                                 );
     } else {

commit 927f8ee777ca87f45dac5f2a1adacdbd3d428a34
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Thu Feb 23 11:28:04 2012 -0500

    Test for parentheses in usernames

diff --git a/xt/ldap_escaping.t b/xt/ldap_escaping.t
index f243fdd..ef8a59b 100644
--- a/xt/ldap_escaping.t
+++ b/xt/ldap_escaping.t
@@ -31,10 +31,20 @@ $ldap->add(
     ]
 );
 $ldap->add(
+    "cn=John Doe,$users_dn",
+    attr => [
+        cn           => 'John Doe',
+        mail         => 'jdoe at example.com',
+        uid          => 'j(doe',
+        objectClass  => 'User',
+        userPassword => 'password',
+    ]
+);
+$ldap->add(
     $group_dn,
     attr => [
         cn          => "test group",
-        memberDN    => [ "cn=Smith\\, John,$users_dn" ],
+        memberDN    => [ "cn=Smith\\, John,$users_dn", "cn=John Doe,$users_dn" ],
         objectClass => 'Group',
     ],
 );
@@ -77,6 +87,20 @@ diag "comma in the DN";
     is($testuser->EmailAddress,'jsmith at example.com');
 }
 
+diag "paren in the username";
+{
+    ok( $m->logout, 'logged out' );
+    # $m->login chokes on ( in 4.0.5
+    $m->get_ok($m->rt_base_url . "?user=j(doe;pass=password");
+    $m->content_like(qr/Logout/i, 'contains logout link');
+    $m->content_contains('<span class="current-user">j(doe</span>', 'contains logged in user name');
+
+    my $testuser = RT::User->new($RT::SystemUser);
+    my ($ok,$msg) = $testuser->Load( 'j(doe' );
+    ok($ok,$msg);
+    is($testuser->EmailAddress,'jdoe at example.com');
+}
+
 $ldap->unbind();
 
 undef $m;

-----------------------------------------------------------------------



More information about the Bps-public-commit mailing list