You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/05/23 19:54:59 UTC

[06/11] git commit: [#7388] ticket:591 Escape DN's when constructing from username

[#7388] ticket:591 Escape DN's when constructing from username


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/78d63bfb
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/78d63bfb
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/78d63bfb

Branch: refs/heads/master
Commit: 78d63bfb922203d09b6269e7ea74218723eaa6ec
Parents: bfe0f1c
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon May 19 10:11:07 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 17:53:45 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/78d63bfb/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index a188190..40683b9 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -294,7 +294,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
     def register_user(self, user_doc):
         from allura import model as M
         result = M.User(**user_doc)
-        dn_u = 'uid=%s,%s' % (user_doc['username'], config['auth.ldap.suffix'])
+        dn_u = 'uid=%s,%s' % (
+            ldap.dn.escape_dn_chars(user_doc['username']),
+            config['auth.ldap.suffix'])
         uid = str(M.AuthGlobals.get_next_uid())
         try:
             con = ldap.initialize(config['auth.ldap.server'])
@@ -369,7 +371,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
         return M.User.query.get(username=username, disabled=False)
 
     def set_password(self, user, old_password, new_password):
-        dn = 'uid=%s,%s' % (user.username, config['auth.ldap.suffix'])
+        dn = 'uid=%s,%s' % (
+                ldap.dn.escape_dn_chars(user.username),
+                config['auth.ldap.suffix'])
         if old_password:
             ldap_ident = dn
             ldap_pass = old_password.encode('utf-8')
@@ -393,7 +397,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
         if user is None:
             raise exc.HTTPUnauthorized()
         try:
-            dn = 'uid=%s,%s' % (user.username, config['auth.ldap.suffix'])
+            dn = 'uid=%s,%s' % (
+                    ldap.dn.escape_dn_chars(user.username),
+                    config['auth.ldap.suffix'])
             con = ldap.initialize(config['auth.ldap.server'])
             con.bind_s(dn, self.request.params['password'])
             con.unbind_s()