ldap: ignore undecodable attribute values (fixes #31232)
Tests augmented with a jpegPhot binary attribute.
This commit is contained in:
parent
8a68af0e48
commit
9ec79b6d24
|
@ -41,7 +41,7 @@ from authentic2.user_login_failure import user_login_failure, user_login_success
|
|||
from django_rbac.utils import get_ou_model
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.ldap_utils import FilterFormatter
|
||||
from authentic2.utils import utf8_encode
|
||||
from authentic2.utils import utf8_encode, to_list
|
||||
|
||||
from authentic2.backends import is_user_authenticable
|
||||
|
||||
|
@ -60,6 +60,16 @@ for bundle_path in CA_BUNDLE_PATHS:
|
|||
DEFAULT_CA_BUNDLE = bundle_path
|
||||
break
|
||||
|
||||
|
||||
@to_list
|
||||
def filter_non_unicode_values(atvs):
|
||||
for atv in atvs:
|
||||
try:
|
||||
yield atv.decode('utf-8')
|
||||
except UnicodeDecodeError:
|
||||
pass
|
||||
|
||||
|
||||
if PYTHON_LDAP3 is True:
|
||||
class LDAPObject(NativeLDAPObject):
|
||||
def __init__(self, uri, trace_level=0, trace_file=None,
|
||||
|
@ -77,7 +87,7 @@ if PYTHON_LDAP3 is True:
|
|||
for dn, attrs in result_list:
|
||||
if dn is not None:
|
||||
# tuple is a real entry with a DN not a search reference
|
||||
attrs = {attribute: map(force_text, attrs[attribute]) for attribute in attrs}
|
||||
attrs = {attribute: filter_non_unicode_values(attrs[attribute]) for attribute in attrs}
|
||||
yield dn, attrs
|
||||
|
||||
def search_s(self, base, scope, filterstr='(objectclass=*)', attrlist=None, attrsonly=0):
|
||||
|
@ -136,7 +146,7 @@ elif PYTHON_LDAP3 is False:
|
|||
for dn, attrs in result_list:
|
||||
if dn is not None:
|
||||
# tuple is a real entry with a DN not a search reference
|
||||
attrs = {attribute: map(force_text, attrs[attribute]) for attribute in attrs}
|
||||
attrs = {attribute: filter_non_unicode_values(attrs[attribute]) for attribute in attrs}
|
||||
yield force_text(dn), attrs
|
||||
|
||||
def search_s(self, base, scope, filterstr='(objectclass=*)', attrlist=None, attrsonly=0):
|
||||
|
|
|
@ -81,6 +81,7 @@ sn: Michu
|
|||
gn: Étienne
|
||||
l: Paris
|
||||
mail: etienne.michu@example.net
|
||||
jpegPhoto:: ACOE
|
||||
|
||||
dn: cn=group1,o=ôrga
|
||||
objectClass: groupOfNames
|
||||
|
@ -121,6 +122,7 @@ def test_simple(slapd, settings, client, db):
|
|||
'url': [slapd.ldap_url],
|
||||
'basedn': u'o=ôrga',
|
||||
'use_tls': False,
|
||||
'attributes': ['jpegPhoto'],
|
||||
}]
|
||||
result = client.post('/login/', {'login-password-submit': '1',
|
||||
'username': USERNAME,
|
||||
|
|
Loading…
Reference in New Issue