You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/05/23 19:54:59 UTC
[06/11] git commit: [#7388] ticket:591 Escape DN's when constructing
from username
[#7388] ticket:591 Escape DN's when constructing from username
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/78d63bfb
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/78d63bfb
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/78d63bfb
Branch: refs/heads/master
Commit: 78d63bfb922203d09b6269e7ea74218723eaa6ec
Parents: bfe0f1c
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon May 19 10:11:07 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 17:53:45 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/plugin.py | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/78d63bfb/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index a188190..40683b9 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -294,7 +294,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
def register_user(self, user_doc):
from allura import model as M
result = M.User(**user_doc)
- dn_u = 'uid=%s,%s' % (user_doc['username'], config['auth.ldap.suffix'])
+ dn_u = 'uid=%s,%s' % (
+ ldap.dn.escape_dn_chars(user_doc['username']),
+ config['auth.ldap.suffix'])
uid = str(M.AuthGlobals.get_next_uid())
try:
con = ldap.initialize(config['auth.ldap.server'])
@@ -369,7 +371,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
return M.User.query.get(username=username, disabled=False)
def set_password(self, user, old_password, new_password):
- dn = 'uid=%s,%s' % (user.username, config['auth.ldap.suffix'])
+ dn = 'uid=%s,%s' % (
+ ldap.dn.escape_dn_chars(user.username),
+ config['auth.ldap.suffix'])
if old_password:
ldap_ident = dn
ldap_pass = old_password.encode('utf-8')
@@ -393,7 +397,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
if user is None:
raise exc.HTTPUnauthorized()
try:
- dn = 'uid=%s,%s' % (user.username, config['auth.ldap.suffix'])
+ dn = 'uid=%s,%s' % (
+ ldap.dn.escape_dn_chars(user.username),
+ config['auth.ldap.suffix'])
con = ldap.initialize(config['auth.ldap.server'])
con.bind_s(dn, self.request.params['password'])
con.unbind_s()