Fixes get_user_groups for dn's with special chars (#42)

nickw444 · Sep 26, 2018 · 9069565 · 9069565
1 parent 97b6029
commit 9069565
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/flask_ldap3_login/__init__.py b/flask_ldap3_login/__init__.py
@@ -549,10 +549,11 @@ def get_user_groups(self, dn, group_search_dn=None, _connection=None):
             )
             connection.bind()
 
+        safe_dn = ldap3.utils.conv.escape_filter_chars(dn)
         search_filter = '(&{group_filter}({members_attr}={user_dn}))'.format(
             group_filter=self.config.get('LDAP_GROUP_OBJECT_FILTER'),
             members_attr=self.config.get('LDAP_GROUP_MEMBERS_ATTR'),
-            user_dn=dn
+            user_dn=safe_dn
         )
 
         log.debug("Searching for groups for specific user with filter '{0}' "

diff --git a/flask_ldap3_login_tests/Directory.py b/flask_ldap3_login_tests/Directory.py
@@ -1,3 +1,5 @@
+import ldap3
+
 DIRECTORY = {
     'dc=com': {
         'dc=mydomain': {
@@ -29,6 +31,17 @@
                     'dn': 'cn=Fake User,ou=users,dc=mydomain,dc=com',
                     'password': 'fake321',
                 },
+                ldap3.utils.conv.escape_filter_chars('cn=Jane (admin)'): {
+                    'cn': ['Jane Citizen'],
+                    'mail': ['jane@jane.com'],
+                    'website': ['http://www.janecitizen.com'],
+                    'sn': ['Citizen'],
+                    'givenname': ['Jane'],
+                    'objectclass': ['person'],
+                    'dn': ldap3.utils.conv.escape_filter_chars(
+                        'cn=Jane (admin),ou=users,dc=mydomain,dc=com'),
+                    'password': 'fake123'
+                },
             },
             'ou=groups': {
                 'cn=Staff': {
@@ -46,6 +59,8 @@
                     'description': ['A Group for Admins'],
                     'uniqueMember': [
                         'cn=Nick Whyte,ou=users,dc=mydomain,dc=com',
+                        ldap3.utils.conv.escape_filter_chars(
+                            'cn=Jane (admin),ou=users,dc=mydomain,dc=com'),
                     ],
                     'objectclass': ['group'],
                     'dn': 'cn=Admins,ou=groups,dc=mydomain,dc=com',

diff --git a/flask_ldap3_login_tests/test_ldap3_login.py b/flask_ldap3_login_tests/test_ldap3_login.py
@@ -423,6 +423,18 @@ def test_get_user_info_for_username(self):
                          'ou=users']['cn=Nick Whyte'])
 
 
+@mock.patch('ldap3.ServerPool', new=ServerPool)
+@mock.patch('ldap3.Server', new=Server)
+@mock.patch('ldap3.Connection', new=Connection)
+class SpecialCharactersTestCase(BaseTestCase):
+    def test_get_user_groups_special_characters(self):
+        groups = self.manager.get_user_groups(
+            dn='cn=Jane (admin),ou=users,dc=mydomain,dc=com')
+
+        assert DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Staff'] not in groups
+        assert DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Admins'] in groups
+
+
 @mock.patch('ldap3.ServerPool', new=ServerPool)
 @mock.patch('ldap3.Server', new=Server)
 @mock.patch('ldap3.Connection', new=Connection)