#2709 validate username attribute fetched from LDAP
This commit is contained in:
parent
846bf2ca9f
commit
a752f09055
4 changed files with 32 additions and 26 deletions
|
@ -79,7 +79,7 @@ func checkVersion() {
|
||||||
// Check dependency version.
|
// Check dependency version.
|
||||||
checkers := []VerChecker{
|
checkers := []VerChecker{
|
||||||
{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.5.5.0711"},
|
{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.5.5.0711"},
|
||||||
{"github.com/go-macaron/binding", binding.Version, "0.2.1"},
|
{"github.com/go-macaron/binding", binding.Version, "0.3.2"},
|
||||||
{"github.com/go-macaron/cache", cache.Version, "0.1.2"},
|
{"github.com/go-macaron/cache", cache.Version, "0.1.2"},
|
||||||
{"github.com/go-macaron/csrf", csrf.Version, "0.1.0"},
|
{"github.com/go-macaron/csrf", csrf.Version, "0.1.0"},
|
||||||
{"github.com/go-macaron/i18n", i18n.Version, "0.3.0"},
|
{"github.com/go-macaron/i18n", i18n.Version, "0.3.0"},
|
||||||
|
|
4
glide.lock
generated
4
glide.lock
generated
|
@ -8,7 +8,7 @@ imports:
|
||||||
- name: github.com/codegangsta/cli
|
- name: github.com/codegangsta/cli
|
||||||
version: 1efa31f08b9333f1bd4882d61f9d668a70cd902e
|
version: 1efa31f08b9333f1bd4882d61f9d668a70cd902e
|
||||||
- name: github.com/go-macaron/binding
|
- name: github.com/go-macaron/binding
|
||||||
version: bd00823a7e9aa00cb3b1738fde244573ba7cce2c
|
version: 9440f336b443056c90d7d448a0a55ad8c7599880
|
||||||
- name: github.com/go-macaron/cache
|
- name: github.com/go-macaron/cache
|
||||||
version: 56173531277692bc2925924d51fda1cd0a6b8178
|
version: 56173531277692bc2925924d51fda1cd0a6b8178
|
||||||
subpackages:
|
subpackages:
|
||||||
|
@ -43,7 +43,7 @@ imports:
|
||||||
- name: github.com/gogits/git-module
|
- name: github.com/gogits/git-module
|
||||||
version: db93fa550116997bbe0b62baa653b8e6f4135258
|
version: db93fa550116997bbe0b62baa653b8e6f4135258
|
||||||
- name: github.com/gogits/go-gogs-client
|
- name: github.com/gogits/go-gogs-client
|
||||||
version: 872cf281aac97429da02b6cdea942c9388eb65fb
|
version: ee68cd9eefff11615f336e9965762f6736eeecc8
|
||||||
- name: github.com/issue9/identicon
|
- name: github.com/issue9/identicon
|
||||||
version: d36b54562f4cf70c83653e13dc95c220c79ef521
|
version: d36b54562f4cf70c83653e13dc95c220c79ef521
|
||||||
- name: github.com/jaytaylor/html2text
|
- name: github.com/jaytaylor/html2text
|
||||||
|
|
|
@ -15,6 +15,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Unknwon/com"
|
"github.com/Unknwon/com"
|
||||||
|
"github.com/go-macaron/binding"
|
||||||
"github.com/go-xorm/core"
|
"github.com/go-xorm/core"
|
||||||
"github.com/go-xorm/xorm"
|
"github.com/go-xorm/xorm"
|
||||||
|
|
||||||
|
@ -280,7 +281,7 @@ func DeleteSource(source *LoginSource) error {
|
||||||
func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
|
func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
|
||||||
cfg := source.Cfg.(*LDAPConfig)
|
cfg := source.Cfg.(*LDAPConfig)
|
||||||
directBind := (source.Type == LOGIN_DLDAP)
|
directBind := (source.Type == LOGIN_DLDAP)
|
||||||
name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)
|
username, fn, sn, mail, isAdmin, logged := cfg.SearchEntry(loginName, passwd, directBind)
|
||||||
if !logged {
|
if !logged {
|
||||||
// User not in LDAP, do nothing
|
// User not in LDAP, do nothing
|
||||||
return nil, ErrUserNotExist{0, loginName}
|
return nil, ErrUserNotExist{0, loginName}
|
||||||
|
@ -291,37 +292,42 @@ func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fallback.
|
// Fallback.
|
||||||
if len(name) == 0 {
|
if len(username) == 0 {
|
||||||
name = loginName
|
username = loginName
|
||||||
}
|
}
|
||||||
|
// Validate username make sure it satisfies requirement.
|
||||||
|
if !binding.AlphaDashDotPattern.MatchString(username) {
|
||||||
|
return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", username)
|
||||||
|
}
|
||||||
|
|
||||||
if len(mail) == 0 {
|
if len(mail) == 0 {
|
||||||
mail = fmt.Sprintf("%s@localhost", name)
|
mail = fmt.Sprintf("%s@localhost", username)
|
||||||
}
|
}
|
||||||
|
|
||||||
u = &User{
|
u = &User{
|
||||||
LowerName: strings.ToLower(name),
|
LowerName: strings.ToLower(username),
|
||||||
Name: name,
|
Name: username,
|
||||||
FullName: composeFullName(fn, sn, name),
|
FullName: composeFullName(fn, sn, username),
|
||||||
LoginType: source.Type,
|
LoginType: source.Type,
|
||||||
LoginSource: source.ID,
|
LoginSource: source.ID,
|
||||||
LoginName: loginName,
|
LoginName: loginName,
|
||||||
Email: mail,
|
Email: mail,
|
||||||
IsAdmin: admin,
|
IsAdmin: isAdmin,
|
||||||
IsActive: true,
|
IsActive: true,
|
||||||
}
|
}
|
||||||
return u, CreateUser(u)
|
return u, CreateUser(u)
|
||||||
}
|
}
|
||||||
|
|
||||||
func composeFullName(firstName, surename, userName string) string {
|
func composeFullName(firstname, surname, username string) string {
|
||||||
switch {
|
switch {
|
||||||
case len(firstName) == 0 && len(surename) == 0:
|
case len(firstname) == 0 && len(surname) == 0:
|
||||||
return userName
|
return username
|
||||||
case len(firstName) == 0:
|
case len(firstname) == 0:
|
||||||
return surename
|
return surname
|
||||||
case len(surename) == 0:
|
case len(surname) == 0:
|
||||||
return firstName
|
return firstname
|
||||||
default:
|
default:
|
||||||
return firstName + " " + surename
|
return firstname + " " + surname
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -210,12 +210,12 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
|
||||||
return "", "", "", "", false, false
|
return "", "", "", "", false, false
|
||||||
}
|
}
|
||||||
|
|
||||||
username_attr := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
|
username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
|
||||||
name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)
|
firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
|
||||||
sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
|
surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
|
||||||
mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
|
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
|
||||||
|
|
||||||
admin_attr := false
|
isAdmin := false
|
||||||
if len(ls.AdminFilter) > 0 {
|
if len(ls.AdminFilter) > 0 {
|
||||||
log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, userDN)
|
log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, userDN)
|
||||||
search = ldap.NewSearchRequest(
|
search = ldap.NewSearchRequest(
|
||||||
|
@ -229,7 +229,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
|
||||||
} else if len(sr.Entries) < 1 {
|
} else if len(sr.Entries) < 1 {
|
||||||
log.Error(4, "LDAP Admin Search failed")
|
log.Error(4, "LDAP Admin Search failed")
|
||||||
} else {
|
} else {
|
||||||
admin_attr = true
|
isAdmin = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -241,5 +241,5 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return username_attr, name_attr, sn_attr, mail_attr, admin_attr, true
|
return username, firstname, surname, mail, isAdmin, true
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue