You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2014/11/20 15:40:58 UTC

[3/3] allura git commit: [#7787] ticket:689 Handle unicode in ldap usernames and passwords

[#7787] ticket:689 Handle unicode in ldap usernames and passwords


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/88b9926e
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/88b9926e
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/88b9926e

Branch: refs/heads/ib/7787
Commit: 88b9926e7b46ee1fde8022d280984b5a1c2d43ce
Parents: 4d7b4d4
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu Nov 20 08:16:46 2014 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Thu Nov 20 08:16:46 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py               | 6 +++++-
 Allura/allura/lib/widgets/auth_widgets.py | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/88b9926e/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index ea66b60..006a8e0 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -562,7 +562,10 @@ class LdapAuthenticationProvider(AuthenticationProvider):
         if ldap is None:
             raise Exception('The python-ldap package needs to be installed.  Run `pip install python-ldap` in your allura environment.')
         from allura import model as M
-        username = self.request.params['username']
+        try:
+            username = str(self.request.params['username'])
+        except UnicodeEncodeError:
+            raise exc.HTTPBadRequest('Unicode is not allowed in usernames')
         if not self._validate_password(username, self.request.params['password']):
             raise exc.HTTPUnauthorized()
         user = M.User.query.get(username=username)
@@ -586,6 +589,7 @@ class LdapAuthenticationProvider(AuthenticationProvider):
 
     def _validate_password(self, username, password):
         '''by username'''
+        password = h.really_unicode(password).encode('utf-8')
         try:
             ldap_user = ldap_user_dn(username)
         except ValueError:

http://git-wip-us.apache.org/repos/asf/allura/blob/88b9926e/Allura/allura/lib/widgets/auth_widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/auth_widgets.py b/Allura/allura/lib/widgets/auth_widgets.py
index 33444f9..22f4429 100644
--- a/Allura/allura/lib/widgets/auth_widgets.py
+++ b/Allura/allura/lib/widgets/auth_widgets.py
@@ -66,6 +66,12 @@ class LoginForm(ForgeForm):
                 dict(username=value['username'], rememberme=value.get('rememberme'),
                      return_to=value.get('return_to')),
                 None)
+        except exc.HTTPBadRequest as e:
+            raise Invalid(
+                e.message,
+                dict(username=value['username'], rememberme=value.get('rememberme'),
+                     return_to=value.get('return_to')),
+                None)
         return value