Unverified Commit ec40facc authored by Francesc Guasch's avatar Francesc Guasch Committed by GitHub
Browse files

fix(frontend): login with spaces now fails (#1106)

issue #1100
parent 516a6673
......@@ -51,7 +51,7 @@ Internal OO build
sub BUILD {
my $self = shift;
die "ERROR: Login failed ".$self->name
die "ERROR: Login failed '".$self->name."'"
if !$self->login;
return $self;
}
......@@ -175,6 +175,7 @@ sub search_user {
_init_ldap_admin();
return search_user(
name => $username
,base => $base
,field => $field
,retry => ++$retry
,typesonly => $typesonly
......@@ -186,8 +187,10 @@ sub search_user {
return if !$mesg->count();
my @entries = $mesg->entries;
# warn join ( "\n",map { $_->dn } @entries);
my @entries;
for my $entry ($mesg->entries) {
push @entries,($entry) if $entry->get_value($field) eq $username;
}
return @entries;
}
......@@ -321,15 +324,29 @@ sub add_to_group {
sub login($self) {
my $user_ok;
my $allowed;
if ($$CONFIG->{ldap}->{ravada_posix_group}) {
$allowed = search_user (name => $self->name, field => 'memberUid', base => $$CONFIG->{ldap}->{ravada_posix_group}) || 0;
$self->{_ldap_entry} = $allowed;
} else {
$allowed = 1;
my $posix_group_name = $$CONFIG->{ldap}->{ravada_posix_group};
if ($posix_group_name) {
my ($posix_group) = search_user (
name => $posix_group_name
,field => 'cn'
, base => 'ou=groups,'._dc_base()
);
if (!$posix_group) {
warn "Warning: posix group $posix_group_name not found";
return;
}
my @member = $posix_group->get_value('memberUid');
my $user_name = $self->name;
my ($found) = grep /^$user_name$/,@member;
if (!$found) {
warn "Error: $user_name is not a member of posix group $posix_group_name\n";
warn Dumper(\@member) if $Ravada::DEBUG;
return;
}
$self->{_ldap_entry} = $posix_group;
}
if ($allowed) {
$user_ok = $self->_login_bind()
if !exists $$CONFIG->{ldap}->{auth}
|| !$$CONFIG->{ldap}->{auth}
......@@ -339,9 +356,6 @@ sub login($self) {
$self->_check_user_profile($self->name) if $user_ok;
$LDAP_ADMIN->unbind if $LDAP_ADMIN && exists $self->{_auth} && $self->{_auth} eq 'bind';
return $user_ok;
} else {
return 0;
}
}
sub _login_bind {
......
use warnings;
use strict;
use Carp qw(confess);
use Data::Dumper;
use Test::More;
use YAML qw(LoadFile DumpFile);
......@@ -76,11 +77,11 @@ sub test_user{
ok(!$@, $@) or return;
_add_to_posix_group($name);
_add_to_posix_group($name, $with_posix_group);
my $mcnulty;
eval { $mcnulty = Ravada::Auth::LDAP->new(name => $name,password => $password) };
is($@,'', Dumper($Ravada::CONFIG)) or exit;
is($@,'', Dumper($Ravada::CONFIG)) or confess;
ok($mcnulty,($@ or "ldap login failed for $name")) or return;
ok(ref($mcnulty) =~ /Ravada/i,"User must be Ravada::Auth::LDAP , it is '".ref($mcnulty));
......@@ -237,7 +238,7 @@ sub test_user_bind {
Ravada::Auth::LDAP::init();
_add_to_posix_group('jimmy.mcnulty') if $with_posix_group;
_add_to_posix_group('jimmy.mcnulty', $with_posix_group);
my $mcnulty;
eval { $mcnulty = Ravada::Auth::LDAP->new(name => 'jimmy.mcnulty',password => 'jameson') };
......@@ -321,17 +322,31 @@ sub _add_posix_group {
$mesg = $ldap->search( filter => "cn=$RAVADA_POSIX_GROUP",base => $base );
my @group = $mesg->entries;
ok($group[0],"Expecting group $RAVADA_POSIX_GROUP") or return;
push @USERS,($group[0]);
return $group[0];
}
sub _add_to_posix_group {
my $user_name = shift;
sub _add_to_posix_group($user_name, $with_posix_group) {
my $group = _add_posix_group();
my $ldap = Ravada::Auth::LDAP::_init_ldap_admin();
$group->add(memberUid => $user_name);
my $mesg = $group->update($ldap);
die $mesg->code." ".$mesg->error if $mesg->code && $mesg->code != 20;
if ($with_posix_group) {
$group->add(memberUid => $user_name);
my $mesg = $group->update($ldap);
# 20: no such object
die $mesg->code." ".$mesg->error if $mesg->code && $mesg->code != 20;
} else {
$group->delete(memberUid => $user_name );
my $mesg = $group->update($ldap);
# 16: no such attrib
die $mesg->code." ".$mesg->error if $mesg->code && $mesg->code != 16;
}
my @member = $group->get_value('memberUid');
my ($found) = grep /^$user_name$/,@member;
ok( $found, "Expecting $user_name in $RAVADA_POSIX_GROUP") if $with_posix_group;
ok( !$found ) if !$with_posix_group;
}
sub test_filter {
......@@ -398,7 +413,7 @@ sub test_posix_group {
} else {
ok($user_login);
}
_add_to_posix_group($user_name);
_add_to_posix_group($user_name, $with_posix_group);
eval { $user_login= Ravada::Auth::LDAP->new(name => $user_name,password => $password) };
is($@,'');
......@@ -446,11 +461,10 @@ SKIP: {
ok($ldap) and do {
test_user_fail();
test_user( );
test_user( 'pepe.mcnulty', $with_posix_group );
test_add_group();
test_manage_group($with_admin);
test_manage_group($with_admin, $with_posix_group);
test_posix_group($with_posix_group);
test_user_bind($fly_config, $with_posix_group);
......
......@@ -65,6 +65,38 @@ sub test_ldap {
ok(Ravada::Auth::LDAP::_init_ldap_admin(),"Expecting LDAP admin connected");
}
sub test_ldap_space {
create_ldap_user($USER_DATA->{name}, $USER_DATA->{password});
my %user = %$USER_DATA;
$user{name} = " ".$user{name};
my $login_ok;
$Ravada::CONFIG->{ldap}->{auth} = 'bind';
eval { $login_ok = Ravada::Auth::LDAP->new(name => $user{name}, password => $user{password}) };
like($@, qr'.');
ok(!$login_ok,"Expecting no login with $user{name}");
eval { $login_ok = Ravada::Auth::login($user{name}, $user{password}) };
like($@, qr'.');
ok(!$login_ok,"Expecting no login with $user{name}");
$Ravada::CONFIG->{ldap}->{auth} = 'match';
eval { $login_ok = Ravada::Auth::LDAP->new(name => $user{name}, password => $user{password}) };
like($@, qr'.');
ok(!$login_ok,"Expecting no login with $user{name}");
eval { $login_ok = Ravada::Auth::login($user{name}, $user{password}) };
like($@, qr'.');
ok(!$login_ok,"Expecting no login with $user{name}");
}
sub test_ldap_search_space {
my @entries = Ravada::Auth::LDAP::search_user( name =>" $USER_DATA->{name}");
is(scalar@entries, 0);
}
#########################################################################
SKIP: {
......@@ -73,6 +105,7 @@ SKIP: {
$ravada->_install();
my $ldap;
delete $Ravada::CONFIG->{ldap}->{ravada_posix_group};
eval { $ldap = Ravada::Auth::LDAP::_init_ldap_admin() };
......@@ -87,6 +120,9 @@ SKIP: {
ok($ldap) and do {
test_ldap_space();
test_ldap_search_space();
test_ldap();
};
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment