fix(frontend): LDAP access settings

Check for usernames with spaces are scaped now issue #1277

fix(frontend): LDAP access settings
Check for usernames with spaces are scaped now issue #1277
422d6da5 · Francesc Guasch · ab68ce43 · 422d6da5 · 422d6da5 · 422d6da5
Commit 422d6da5 authored Mar 30, 2020 by Francesc Guasch
--- a/lib/Ravada/Auth/LDAP.pm
+++ b/lib/Ravada/Auth/LDAP.pm
@@ -198,6 +198,7 @@ sub search_user {
    confess "ERROR: I can't connect to LDAP " if!$ldap;

    $username = escape_filter_value($username);
+    $username =~ s/ /\\ /g;

    my $filter = "($field=$username)";
    if ( exists $$CONFIG->{ldap}->{filter} ) {
@@ -237,12 +238,7 @@ sub search_user {

    return if !$mesg->count();

-    my @entries;
-    for my $entry ($mesg->entries) {
-        push @entries,($entry) if $entry->get_value($field) eq $username;
-    }
-
-    return @entries;
+    return $mesg->entries;
 }

 =head2 add_group

--- a/public/js/ravada.js
+++ b/public/js/ravada.js
@@ -523,7 +523,15 @@
                    });
          };

-           $scope.delete_ldap_access= function(id_access) {
+          $scope.add_ldap_access = function() {
+              $http.get('/add_ldap_access/'+$scope.showmachine.id+'/'+$scope.ldap_attribute+'/'
+                            +$scope.ldap_attribute_value+"/"+$scope.ldap_attribute_allowed
+                            +'/'+$scope.ldap_attribute_last)
+                    .then(function(response) {
+                        $scope.init_ldap_access();
+                    });
+          };
+          $scope.delete_ldap_access= function(id_access) {
              $http.get('/delete_ldap_access/'+$scope.showmachine.id+'/'+id_access)
                    .then(function(response) {
                        $scope.init_ldap_access();

--- a/rvd_front.pl
+++ b/rvd_front.pl
@@ -936,6 +936,33 @@ post '/machine/add_access/(#id_domain)' => sub {

 };

+get '/add_ldap_access/(#id_domain)/(#attribute)/(#value)/(#allowed)/(#last)' => sub {
+    my $c = shift;
+
+    return _access_denied($c) if !$USER->is_admin;
+
+    my $domain_id = $c->stash('id_domain');
+    my $domain = Ravada::Front::Domain->open($domain_id);
+
+    my $attribute = $c->stash('attribute');
+    my $value = $c->stash('value');
+    my $allowed = 1;
+    if ($c->stash('allowed') eq 'false') {
+        $allowed = 0;
+    }
+    my $last = 1;
+    if ($c->stash('last') eq 'false') {
+        $last = 0;
+    }
+    $last = 1 if !$allowed;
+
+    eval { $domain->allow_ldap_access($attribute => $value, $allowed, $last ) };
+    _fix_default_ldap_access($c,'ldap', $domain, $allowed) if !$@;
+    return $c->render(json => { error => $@ }) if $@;
+    return $c->render(json => { ok => 1 });
+
+};
+
 sub _fix_default_ldap_access($c, $type, $domain, $allowed) {
    my @list = $domain->list_ldap_access();
    my $default_found;

--- a/t/front/70_ldap_access.t
+++ b/t/front/70_ldap_access.t
@@ -292,6 +292,20 @@ sub test_access_by_attribute($vm, $do_clones=0) {

    my $data = _create_users();

+    my @entries = Ravada::Auth::LDAP::search_user(
+            field => 'givenName'
+            ,name => $data->{student}->{name}
+            ,typesonly => 1
+    );
+    is(scalar(@entries),1) or exit;
+
+    @entries = Ravada::Auth::LDAP::search_user(
+            field => 'givenName'
+            ,name => " ".$data->{student}->{name}
+            ,typesonly => 1
+    );
+    is(scalar(@entries),0) or exit;
+
    my $base = create_domain($vm->type);
    $base->prepare_base(user_admin);
    $base->is_public(1);