RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a check for enclosing parenthesis in LDAP users and groups filters.

pull/490/head
Clement Michaud 2019-12-08 23:21:55 +01:00 committed by Clément Michaud
parent 31776d2d94
commit 26798cdf3a
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
internal/configuration/validator/authentication.go
View File

@ -4,6 +4,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"net/url" "net/url"
"strings"
"github.com/clems4ever/authelia/internal/configuration/schema" "github.com/clems4ever/authelia/internal/configuration/schema"
) )
@ -66,10 +67,18 @@ func validateLdapAuthenticationBackend(configuration *schema.LDAPAuthenticationB
configuration.UsersFilter = "(cn={0})" configuration.UsersFilter = "(cn={0})"
} }
if !strings.HasPrefix(configuration.UsersFilter, "(") || !strings.HasSuffix(configuration.UsersFilter, ")") {
validator.Push(errors.New("The users filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})"))
}
if configuration.GroupsFilter == "" { if configuration.GroupsFilter == "" {
configuration.GroupsFilter = "(member={dn})" configuration.GroupsFilter = "(member={dn})"
} }
if !strings.HasPrefix(configuration.GroupsFilter, "(") || !strings.HasSuffix(configuration.GroupsFilter, ")") {
validator.Push(errors.New("The groups filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})"))
}
if configuration.GroupNameAttribute == "" { if configuration.GroupNameAttribute == "" {
configuration.GroupNameAttribute = "cn" configuration.GroupNameAttribute = "cn"
} }

14
internal/configuration/validator/authentication_test.go
View File

@ -120,6 +120,20 @@ func (suite *LdapAuthenticationBackendSuite) TestShouldSetDefaultMailAttribute()
assert.Equal(suite.T(), "mail", suite.configuration.Ldap.MailAttribute) assert.Equal(suite.T(), "mail", suite.configuration.Ldap.MailAttribute)
} }
func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenUsersFilterDoesNotContainEnclosingParenthesis() {
suite.configuration.Ldap.UsersFilter = "cn={0}"
ValidateAuthenticationBackend(&suite.configuration, suite.validator)
assert.Len(suite.T(), suite.validator.Errors(), 1)
assert.EqualError(suite.T(), suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})")
}
func (suite *LdapAuthenticationBackendSuite) TestShouldRaiseWhenGroupsFilterDoesNotContainEnclosingParenthesis() {
suite.configuration.Ldap.UsersFilter = "cn={0}"
ValidateAuthenticationBackend(&suite.configuration, suite.validator)
assert.Len(suite.T(), suite.validator.Errors(), 1)
assert.EqualError(suite.T(), suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance cn={0} should be (cn={0})")
}
func (suite *LdapAuthenticationBackendSuite) TestShouldAdaptLDAPURL() { func (suite *LdapAuthenticationBackendSuite) TestShouldAdaptLDAPURL() {
assert.Equal(suite.T(), "", validateLdapURL("127.0.0.1", suite.validator)) assert.Equal(suite.T(), "", validateLdapURL("127.0.0.1", suite.validator))
require.Len(suite.T(), suite.validator.Errors(), 1) require.Len(suite.T(), suite.validator.Errors(), 1)