ldap: transition to lowercase dn from case mixed in sessions (#50908)

2021-02-05 16:38:20 +01:00 · 2021-02-05 16:38:20 +01:00 · 69254370cb
parent 19a8dfc2bd
commit 69254370cb
2 changed files with 6 additions and 2 deletions
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@ -257,6 +257,10 @@ class LDAPUser(User):
    def init_from_session(self, session):
        if self.SESSION_LDAP_DATA_KEY in session:
            self.ldap_data = session[self.SESSION_LDAP_DATA_KEY]
+            # update dn case, can be removed in the future
+            self.ldap_data['dn'] = self.ldap_data['dn'].lower()
+            if self.ldap_data.get('password'):
+                self.ldap_data['password'] = {key.lower(): value for key, value in self.ldap_data['password'].items()}

            # retrieve encrypted bind pw if necessary
            encrypted_bindpw = self.ldap_data.get('block', {}).get('encrypted_bindpw')
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@ -245,10 +245,10 @@ def test_keep_password_in_session(slapd, settings, client, db):
    assert user.ou == get_default_ou()
    assert not user.check_password(PASS)
    assert client.session['ldap-data']['password']
-    assert force_text(DN) in result.context['request'].user.ldap_data['password']
+    assert DN.lower() in result.context['request'].user.ldap_data['password']
    assert crypto.aes_base64_decrypt(
        settings.SECRET_KEY,
-        force_bytes(result.context['request'].user.ldap_data['password'][force_text(DN)])) == force_bytes(PASS)
+        force_bytes(result.context['request'].user.ldap_data['password'][DN.lower()])) == force_bytes(PASS)


@pytest.mark.django_db