You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by br...@apache.org on 2014/10/07 23:13:43 UTC

[8/8] git commit: [#7732] (unrelated) prevent empty LDAP login from proceeding

[#7732] (unrelated) prevent empty LDAP login from proceeding


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/8f0109df
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/8f0109df
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/8f0109df

Branch: refs/heads/db/7732
Commit: 8f0109df7fc2e3077e5803ba78def19b3c45c397
Parents: 5fc7c6f
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Fri Oct 3 19:26:32 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Mon Oct 6 19:22:04 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/8f0109df/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index f1c9c3c..a2a57b1 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -430,6 +430,8 @@ def ldap_conn(who=None, cred=None):
 
 def ldap_user_dn(username):
     'return a Distinguished Name for a given username'
+    if not username:
+        raise ValueError('Empty username')
     return 'uid=%s,%s' % (
         ldap.dn.escape_dn_chars(username),
         config['auth.ldap.suffix'])
@@ -569,7 +571,11 @@ class LdapAuthenticationProvider(AuthenticationProvider):
     def _validate_password(self, username, password):
         '''by username'''
         try:
-            con = ldap_conn(ldap_user_dn(username), password)
+            ldap_user = ldap_user_dn(username)
+        except ValueError:
+            return False
+        try:
+            con = ldap_conn(ldap_user, password)
             con.unbind_s()
             return True
         except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, ldap.NO_SUCH_OBJECT):