Commit 422d6da5 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

fix(frontend): LDAP access settings

Check for usernames with spaces are scaped now

issue #1277
parent ab68ce43
...@@ -198,6 +198,7 @@ sub search_user { ...@@ -198,6 +198,7 @@ sub search_user {
confess "ERROR: I can't connect to LDAP " if!$ldap; confess "ERROR: I can't connect to LDAP " if!$ldap;
$username = escape_filter_value($username); $username = escape_filter_value($username);
$username =~ s/ /\\ /g;
my $filter = "($field=$username)"; my $filter = "($field=$username)";
if ( exists $$CONFIG->{ldap}->{filter} ) { if ( exists $$CONFIG->{ldap}->{filter} ) {
...@@ -237,12 +238,7 @@ sub search_user { ...@@ -237,12 +238,7 @@ sub search_user {
return if !$mesg->count(); return if !$mesg->count();
my @entries; return $mesg->entries;
for my $entry ($mesg->entries) {
push @entries,($entry) if $entry->get_value($field) eq $username;
}
return @entries;
} }
=head2 add_group =head2 add_group
......
...@@ -523,7 +523,15 @@ ...@@ -523,7 +523,15 @@
}); });
}; };
$scope.delete_ldap_access= function(id_access) { $scope.add_ldap_access = function() {
$http.get('/add_ldap_access/'+$scope.showmachine.id+'/'+$scope.ldap_attribute+'/'
+$scope.ldap_attribute_value+"/"+$scope.ldap_attribute_allowed
+'/'+$scope.ldap_attribute_last)
.then(function(response) {
$scope.init_ldap_access();
});
};
$scope.delete_ldap_access= function(id_access) {
$http.get('/delete_ldap_access/'+$scope.showmachine.id+'/'+id_access) $http.get('/delete_ldap_access/'+$scope.showmachine.id+'/'+id_access)
.then(function(response) { .then(function(response) {
$scope.init_ldap_access(); $scope.init_ldap_access();
......
...@@ -936,6 +936,33 @@ post '/machine/add_access/(#id_domain)' => sub { ...@@ -936,6 +936,33 @@ post '/machine/add_access/(#id_domain)' => sub {
}; };
get '/add_ldap_access/(#id_domain)/(#attribute)/(#value)/(#allowed)/(#last)' => sub {
my $c = shift;
return _access_denied($c) if !$USER->is_admin;
my $domain_id = $c->stash('id_domain');
my $domain = Ravada::Front::Domain->open($domain_id);
my $attribute = $c->stash('attribute');
my $value = $c->stash('value');
my $allowed = 1;
if ($c->stash('allowed') eq 'false') {
$allowed = 0;
}
my $last = 1;
if ($c->stash('last') eq 'false') {
$last = 0;
}
$last = 1 if !$allowed;
eval { $domain->allow_ldap_access($attribute => $value, $allowed, $last ) };
_fix_default_ldap_access($c,'ldap', $domain, $allowed) if !$@;
return $c->render(json => { error => $@ }) if $@;
return $c->render(json => { ok => 1 });
};
sub _fix_default_ldap_access($c, $type, $domain, $allowed) { sub _fix_default_ldap_access($c, $type, $domain, $allowed) {
my @list = $domain->list_ldap_access(); my @list = $domain->list_ldap_access();
my $default_found; my $default_found;
......
...@@ -292,6 +292,20 @@ sub test_access_by_attribute($vm, $do_clones=0) { ...@@ -292,6 +292,20 @@ sub test_access_by_attribute($vm, $do_clones=0) {
my $data = _create_users(); my $data = _create_users();
my @entries = Ravada::Auth::LDAP::search_user(
field => 'givenName'
,name => $data->{student}->{name}
,typesonly => 1
);
is(scalar(@entries),1) or exit;
@entries = Ravada::Auth::LDAP::search_user(
field => 'givenName'
,name => " ".$data->{student}->{name}
,typesonly => 1
);
is(scalar(@entries),0) or exit;
my $base = create_domain($vm->type); my $base = create_domain($vm->type);
$base->prepare_base(user_admin); $base->prepare_base(user_admin);
$base->is_public(1); $base->is_public(1);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment