[Bps-public-commit] rt-authen-externalauth branch, master, updated. 0.10-2-g927f8ee
Thomas Sibley
trs at bestpractical.com
Thu Feb 23 11:28:20 EST 2012
The branch, master has been updated
via 927f8ee777ca87f45dac5f2a1adacdbd3d428a34 (commit)
via 6323aed5c296924120f1f4659c19c7f03f598f51 (commit)
from 3154934ceca60f167bdcf2caf35973af476369c3 (commit)
Summary of changes:
lib/RT/Authen/ExternalAuth/LDAP.pm | 8 ++++----
xt/ldap_escaping.t | 26 +++++++++++++++++++++++++-
2 files changed, 29 insertions(+), 5 deletions(-)
- Log -----------------------------------------------------------------
commit 6323aed5c296924120f1f4659c19c7f03f598f51
Author: Thomas Sibley <trs at bestpractical.com>
Date: Thu Feb 23 11:09:31 2012 -0500
Escape the rest of the filter values we use in constructed filters
Usernames with special characters—e.g. parens—were breaking all of our
normal filters.
diff --git a/lib/RT/Authen/ExternalAuth/LDAP.pm b/lib/RT/Authen/ExternalAuth/LDAP.pm
index a8fcb95..b228e77 100644
--- a/lib/RT/Authen/ExternalAuth/LDAP.pm
+++ b/lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -39,7 +39,7 @@ sub GetAuth {
$filter = Net::LDAP::Filter->new( '(&(' .
$attr_map->{'Name'} .
'=' .
- $username .
+ escape_filter_value($username) .
')' .
$filter .
')'
@@ -188,7 +188,7 @@ sub CanonicalizeUserInfo {
my @attrs = values(%{$config->{'attr_map'}});
# This is a bit confusing and probably broken. Something to revisit..
- my $filter_addition = ($key && $value) ? "(". $key . "=$value)" : "";
+ my $filter_addition = ($key && $value) ? "(". $key . "=". escape_filter_value($value) .")" : "";
if(defined($filter) && ($filter ne "()")) {
$filter = Net::LDAP::Filter->new( "(&" .
$filter .
@@ -315,7 +315,7 @@ sub UserExists {
'(' .
$config->{'attr_map'}->{'Name'} .
'=' .
- $username .
+ escape_filter_value($username) .
'))'
);
}
@@ -400,7 +400,7 @@ sub UserDisabled {
'(' .
$config->{'attr_map'}->{'Name'} .
'=' .
- $username .
+ escape_filter_value($username) .
'))'
);
} else {
commit 927f8ee777ca87f45dac5f2a1adacdbd3d428a34
Author: Thomas Sibley <trs at bestpractical.com>
Date: Thu Feb 23 11:28:04 2012 -0500
Test for parentheses in usernames
diff --git a/xt/ldap_escaping.t b/xt/ldap_escaping.t
index f243fdd..ef8a59b 100644
--- a/xt/ldap_escaping.t
+++ b/xt/ldap_escaping.t
@@ -31,10 +31,20 @@ $ldap->add(
]
);
$ldap->add(
+ "cn=John Doe,$users_dn",
+ attr => [
+ cn => 'John Doe',
+ mail => 'jdoe at example.com',
+ uid => 'j(doe',
+ objectClass => 'User',
+ userPassword => 'password',
+ ]
+);
+$ldap->add(
$group_dn,
attr => [
cn => "test group",
- memberDN => [ "cn=Smith\\, John,$users_dn" ],
+ memberDN => [ "cn=Smith\\, John,$users_dn", "cn=John Doe,$users_dn" ],
objectClass => 'Group',
],
);
@@ -77,6 +87,20 @@ diag "comma in the DN";
is($testuser->EmailAddress,'jsmith at example.com');
}
+diag "paren in the username";
+{
+ ok( $m->logout, 'logged out' );
+ # $m->login chokes on ( in 4.0.5
+ $m->get_ok($m->rt_base_url . "?user=j(doe;pass=password");
+ $m->content_like(qr/Logout/i, 'contains logout link');
+ $m->content_contains('<span class="current-user">j(doe</span>', 'contains logged in user name');
+
+ my $testuser = RT::User->new($RT::SystemUser);
+ my ($ok,$msg) = $testuser->Load( 'j(doe' );
+ ok($ok,$msg);
+ is($testuser->EmailAddress,'jdoe at example.com');
+}
+
$ldap->unbind();
undef $m;
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list