You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/10/03 23:12:46 UTC
[3/4] git commit: [#7732] (unrelated) prevent empty LDAP login from
proceeding
[#7732] (unrelated) prevent empty LDAP login from proceeding
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/751d2521
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/751d2521
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/751d2521
Branch: refs/heads/db/7732
Commit: 751d2521206b506ed73650a1d7f0b04c0ebd61b4
Parents: 652b406
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Fri Oct 3 19:26:32 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Oct 3 21:05:53 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/plugin.py | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/751d2521/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 71ba353..78c8ba1 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -430,6 +430,8 @@ def ldap_conn(who=None, cred=None):
def ldap_user_dn(username):
'return a Distinguished Name for a given username'
+ if not username:
+ raise ValueError('Empty username')
return 'uid=%s,%s' % (
ldap.dn.escape_dn_chars(username),
config['auth.ldap.suffix'])
@@ -567,7 +569,11 @@ class LdapAuthenticationProvider(AuthenticationProvider):
def _validate_password(self, username, password):
'''by username'''
try:
- con = ldap_conn(ldap_user_dn(username), password)
+ ldap_user = ldap_user_dn(username)
+ except ValueError:
+ return False
+ try:
+ con = ldap_conn(ldap_user, password)
con.unbind_s()
return True
except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, ldap.NO_SUCH_OBJECT):