Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Projets publics
Ravada-Mirror
Commits
ec40facc
Unverified
Commit
ec40facc
authored
Aug 13, 2019
by
Francesc Guasch
Committed by
GitHub
Aug 13, 2019
Browse files
fix(frontend): login with spaces now fails (#1106)
issue #1100
parent
516a6673
Changes
3
Hide whitespace changes
Inline
Side-by-side
lib/Ravada/Auth/LDAP.pm
View file @
ec40facc
...
...
@@ -51,7 +51,7 @@ Internal OO build
sub
BUILD
{
my
$self
=
shift
;
die
"
ERROR: Login failed
"
.
$self
->
name
die
"
ERROR: Login failed
'
"
.
$self
->
name
.
"
'
"
if
!
$self
->
login
;
return
$self
;
}
...
...
@@ -175,6 +175,7 @@ sub search_user {
_init_ldap_admin
();
return
search_user
(
name
=>
$username
,
base
=>
$base
,
field
=>
$field
,
retry
=>
++
$retry
,
typesonly
=>
$typesonly
...
...
@@ -186,8 +187,10 @@ sub search_user {
return
if
!
$mesg
->
count
();
my
@entries
=
$mesg
->
entries
;
# warn join ( "\n",map { $_->dn } @entries);
my
@entries
;
for
my
$entry
(
$mesg
->
entries
)
{
push
@entries
,(
$entry
)
if
$entry
->
get_value
(
$field
)
eq
$username
;
}
return
@entries
;
}
...
...
@@ -321,15 +324,29 @@ sub add_to_group {
sub
login
($self) {
my
$user_ok
;
my
$allowed
;
if
(
$$CONFIG
->
{
ldap
}
->
{
ravada_posix_group
})
{
$allowed
=
search_user
(
name
=>
$self
->
name
,
field
=>
'
memberUid
',
base
=>
$$CONFIG
->
{
ldap
}
->
{
ravada_posix_group
})
||
0
;
$self
->
{
_ldap_entry
}
=
$allowed
;
}
else
{
$allowed
=
1
;
my
$posix_group_name
=
$$CONFIG
->
{
ldap
}
->
{
ravada_posix_group
};
if
(
$posix_group_name
)
{
my
(
$posix_group
)
=
search_user
(
name
=>
$posix_group_name
,
field
=>
'
cn
'
,
base
=>
'
ou=groups,
'
.
_dc_base
()
);
if
(
!
$posix_group
)
{
warn
"
Warning: posix group
$posix_group_name
not found
";
return
;
}
my
@member
=
$posix_group
->
get_value
('
memberUid
');
my
$user_name
=
$self
->
name
;
my
(
$found
)
=
grep
/^$user_name$/
,
@member
;
if
(
!
$found
)
{
warn
"
Error:
$user_name
is not a member of posix group
$posix_group_name
\n
";
warn
Dumper
(
\
@member
)
if
$
Ravada::
DEBUG
;
return
;
}
$self
->
{
_ldap_entry
}
=
$posix_group
;
}
if
(
$allowed
)
{
$user_ok
=
$self
->
_login_bind
()
if
!
exists
$$CONFIG
->
{
ldap
}
->
{
auth
}
||
!
$$CONFIG
->
{
ldap
}
->
{
auth
}
...
...
@@ -339,9 +356,6 @@ sub login($self) {
$self
->
_check_user_profile
(
$self
->
name
)
if
$user_ok
;
$LDAP_ADMIN
->
unbind
if
$LDAP_ADMIN
&&
exists
$self
->
{
_auth
}
&&
$self
->
{
_auth
}
eq
'
bind
';
return
$user_ok
;
}
else
{
return
0
;
}
}
sub
_login_bind
{
...
...
t/65_user_ldap.t
View file @
ec40facc
use
warnings
;
use
strict
;
use
Carp
qw(confess)
;
use
Data::
Dumper
;
use
Test::
More
;
use
YAML
qw(LoadFile DumpFile)
;
...
...
@@ -76,11 +77,11 @@ sub test_user{
ok
(
!
$@
,
$@
)
or
return
;
_add_to_posix_group
(
$name
);
_add_to_posix_group
(
$name
,
$with_posix_group
);
my
$mcnulty
;
eval
{
$mcnulty
=
Ravada::Auth::
LDAP
->
new
(
name
=>
$name
,
password
=>
$password
)
};
is
(
$@
,'',
Dumper
(
$
Ravada::
CONFIG
))
or
exit
;
is
(
$@
,'',
Dumper
(
$
Ravada::
CONFIG
))
or
confess
;
ok
(
$mcnulty
,(
$@
or
"
ldap login failed for
$name
"))
or
return
;
ok
(
ref
(
$mcnulty
)
=~
/Ravada/i
,"
User must be Ravada::Auth::LDAP , it is '
"
.
ref
(
$mcnulty
));
...
...
@@ -237,7 +238,7 @@ sub test_user_bind {
Ravada::Auth::LDAP::
init
();
_add_to_posix_group
('
jimmy.mcnulty
'
)
if
$with_posix_group
;
_add_to_posix_group
('
jimmy.mcnulty
'
,
$with_posix_group
)
;
my
$mcnulty
;
eval
{
$mcnulty
=
Ravada::Auth::
LDAP
->
new
(
name
=>
'
jimmy.mcnulty
',
password
=>
'
jameson
')
};
...
...
@@ -321,17 +322,31 @@ sub _add_posix_group {
$mesg
=
$ldap
->
search
(
filter
=>
"
cn=
$RAVADA_POSIX_GROUP
",
base
=>
$base
);
my
@group
=
$mesg
->
entries
;
ok
(
$group
[
0
],"
Expecting group
$RAVADA_POSIX_GROUP
")
or
return
;
push
@USERS
,(
$group
[
0
]);
return
$group
[
0
];
}
sub
_add_to_posix_group
{
my
$user_name
=
shift
;
sub
_add_to_posix_group
($user_name, $with_posix_group) {
my
$group
=
_add_posix_group
();
my
$ldap
=
Ravada::Auth::LDAP::
_init_ldap_admin
();
$group
->
add
(
memberUid
=>
$user_name
);
my
$mesg
=
$group
->
update
(
$ldap
);
die
$mesg
->
code
.
"
"
.
$mesg
->
error
if
$mesg
->
code
&&
$mesg
->
code
!=
20
;
if
(
$with_posix_group
)
{
$group
->
add
(
memberUid
=>
$user_name
);
my
$mesg
=
$group
->
update
(
$ldap
);
# 20: no such object
die
$mesg
->
code
.
"
"
.
$mesg
->
error
if
$mesg
->
code
&&
$mesg
->
code
!=
20
;
}
else
{
$group
->
delete
(
memberUid
=>
$user_name
);
my
$mesg
=
$group
->
update
(
$ldap
);
# 16: no such attrib
die
$mesg
->
code
.
"
"
.
$mesg
->
error
if
$mesg
->
code
&&
$mesg
->
code
!=
16
;
}
my
@member
=
$group
->
get_value
('
memberUid
');
my
(
$found
)
=
grep
/^$user_name$/
,
@member
;
ok
(
$found
,
"
Expecting
$user_name
in
$RAVADA_POSIX_GROUP
")
if
$with_posix_group
;
ok
(
!
$found
)
if
!
$with_posix_group
;
}
sub
test_filter
{
...
...
@@ -398,7 +413,7 @@ sub test_posix_group {
}
else
{
ok
(
$user_login
);
}
_add_to_posix_group
(
$user_name
);
_add_to_posix_group
(
$user_name
,
$with_posix_group
);
eval
{
$user_login
=
Ravada::Auth::
LDAP
->
new
(
name
=>
$user_name
,
password
=>
$password
)
};
is
(
$@
,'');
...
...
@@ -446,11 +461,10 @@ SKIP: {
ok
(
$ldap
)
and
do
{
test_user_fail
();
test_user
(
);
test_user
(
'
pepe.mcnulty
',
$with_posix_group
);
test_add_group
();
test_manage_group
(
$with_admin
);
test_manage_group
(
$with_admin
,
$with_posix_group
);
test_posix_group
(
$with_posix_group
);
test_user_bind
(
$fly_config
,
$with_posix_group
);
...
...
t/front/60_ldap.t
View file @
ec40facc
...
...
@@ -65,6 +65,38 @@ sub test_ldap {
ok
(
Ravada::Auth::LDAP::
_init_ldap_admin
(),"
Expecting LDAP admin connected
");
}
sub
test_ldap_space
{
create_ldap_user
(
$USER_DATA
->
{
name
},
$USER_DATA
->
{
password
});
my
%user
=
%$USER_DATA
;
$user
{
name
}
=
"
"
.
$user
{
name
};
my
$login_ok
;
$
Ravada::
CONFIG
->
{
ldap
}
->
{
auth
}
=
'
bind
';
eval
{
$login_ok
=
Ravada::Auth::
LDAP
->
new
(
name
=>
$user
{
name
},
password
=>
$user
{
password
})
};
like
(
$@
,
qr'.'
);
ok
(
!
$login_ok
,"
Expecting no login with
$user
{name}
");
eval
{
$login_ok
=
Ravada::Auth::
login
(
$user
{
name
},
$user
{
password
})
};
like
(
$@
,
qr'.'
);
ok
(
!
$login_ok
,"
Expecting no login with
$user
{name}
");
$
Ravada::
CONFIG
->
{
ldap
}
->
{
auth
}
=
'
match
';
eval
{
$login_ok
=
Ravada::Auth::
LDAP
->
new
(
name
=>
$user
{
name
},
password
=>
$user
{
password
})
};
like
(
$@
,
qr'.'
);
ok
(
!
$login_ok
,"
Expecting no login with
$user
{name}
");
eval
{
$login_ok
=
Ravada::Auth::
login
(
$user
{
name
},
$user
{
password
})
};
like
(
$@
,
qr'.'
);
ok
(
!
$login_ok
,"
Expecting no login with
$user
{name}
");
}
sub
test_ldap_search_space
{
my
@entries
=
Ravada::Auth::LDAP::
search_user
(
name
=>
"
$USER_DATA
->{name}
");
is
(
scalar
@entries
,
0
);
}
#########################################################################
SKIP:
{
...
...
@@ -73,6 +105,7 @@ SKIP: {
$ravada
->
_install
();
my
$ldap
;
delete
$
Ravada::
CONFIG
->
{
ldap
}
->
{
ravada_posix_group
};
eval
{
$ldap
=
Ravada::Auth::LDAP::
_init_ldap_admin
()
};
...
...
@@ -87,6 +120,9 @@ SKIP: {
ok
(
$ldap
)
and
do
{
test_ldap_space
();
test_ldap_search_space
();
test_ldap
();
};
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment