You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by br...@apache.org on 2014/10/03 23:12:46 UTC

[3/4] git commit: [#7732] (unrelated) prevent empty LDAP login from proceeding

[#7732] (unrelated) prevent empty LDAP login from proceeding


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/751d2521
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/751d2521
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/751d2521

Branch: refs/heads/db/7732
Commit: 751d2521206b506ed73650a1d7f0b04c0ebd61b4
Parents: 652b406
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Fri Oct 3 19:26:32 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Oct 3 21:05:53 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/751d2521/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 71ba353..78c8ba1 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -430,6 +430,8 @@ def ldap_conn(who=None, cred=None):
 
 def ldap_user_dn(username):
     'return a Distinguished Name for a given username'
+    if not username:
+        raise ValueError('Empty username')
     return 'uid=%s,%s' % (
         ldap.dn.escape_dn_chars(username),
         config['auth.ldap.suffix'])
@@ -567,7 +569,11 @@ class LdapAuthenticationProvider(AuthenticationProvider):
     def _validate_password(self, username, password):
         '''by username'''
         try:
-            con = ldap_conn(ldap_user_dn(username), password)
+            ldap_user = ldap_user_dn(username)
+        except ValueError:
+            return False
+        try:
+            con = ldap_conn(ldap_user, password)
             con.unbind_s()
             return True
         except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, ldap.NO_SUCH_OBJECT):