globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

ldap backend: make sure to escape special chars in object identifiers

Browse source
This commit is contained in:
Éloi Rivard 2023-06-28 18:31:17 +02:00 committed by Éloi Rivard
parent 3ecb8b4722
commit 7bce9b9a74
2 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
canaille/backends/ldap/ldapobject.py
View file

@ -303,6 +303,7 @@ class LDAPObject(metaclass=LDAPObjectMetaclass):
if base is None:
base = f"{cls.base},{cls.root_dn}"
elif "=" not in base:
base = ldap.dn.escape_dn_chars(base)
base = f"{cls.rdn_attribute}={base},{cls.base},{cls.root_dn}"
class_filter = (

24
tests/backends/ldap/test_utils.py
View file

@ -36,11 +36,11 @@ def test_repr(backend, foo_group, user):
assert repr(user) == "<User user_name=user>"
def test_dn_when_leading_space_in_id_attribute(backend):
def test_dn_when_leading_space_in_id_attribute(testclient, backend):
user = models.User(
formatted_name=" Doe", # leading space
family_name="Doe",
user_name="user",
family_name=" Doe",
user_name=" user",
emails="john@doe.com",
)
user.save()
@ -49,15 +49,19 @@ def test_dn_when_leading_space_in_id_attribute(backend):
assert ldap.dn.dn2str(ldap.dn.str2dn(user.dn)) == user.dn
assert user.dn == "uid=user,ou=users,dc=mydomain,dc=tld"
assert user == models.User.get(user.identifier)
assert user == models.User.get(user_name=user.identifier)
assert user == models.User.get(id=user.dn)
user.delete()
def test_dn_when_ldap_special_char_in_id_attribute(backend):
def test_special_chars_in_rdn(testclient, backend):
user = models.User(
formatted_name="#Doe", # special char
family_name="Doe",
user_name="#user",
emails="john@doe.com",
formatted_name="#Doe",
family_name="#Doe",
user_name="#user", # special char
emails=["john@doe.com"],
)
user.save()
@ -65,6 +69,10 @@ def test_dn_when_ldap_special_char_in_id_attribute(backend):
assert ldap.dn.dn2str(ldap.dn.str2dn(user.dn)) == user.dn
assert user.dn == "uid=\\#user,ou=users,dc=mydomain,dc=tld"
assert user == models.User.get(user.identifier)
assert user == models.User.get(user_name=user.identifier)
assert user == models.User.get(id=user.dn)
user.delete()