Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
42bc6cae
Commit
42bc6cae
authored
Sep 17, 2017
by
Michael Kozono
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Trim extraneous spaces from DNs
parent
2ef28db9
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
189 additions
and
2 deletions
+189
-2
lib/gitlab/ldap/auth_hash.rb
lib/gitlab/ldap/auth_hash.rb
+4
-0
lib/gitlab/ldap/person.rb
lib/gitlab/ldap/person.rb
+40
-1
spec/lib/gitlab/ldap/auth_hash_spec.rb
spec/lib/gitlab/ldap/auth_hash_spec.rb
+15
-1
spec/lib/gitlab/ldap/person_spec.rb
spec/lib/gitlab/ldap/person_spec.rb
+130
-0
No files found.
lib/gitlab/ldap/auth_hash.rb
View file @
42bc6cae
...
@@ -3,6 +3,10 @@
...
@@ -3,6 +3,10 @@
module
Gitlab
module
Gitlab
module
LDAP
module
LDAP
class
AuthHash
<
Gitlab
::
OAuth
::
AuthHash
class
AuthHash
<
Gitlab
::
OAuth
::
AuthHash
def
uid
Gitlab
::
LDAP
::
Person
.
normalize_dn
(
super
)
end
private
private
def
get_info
(
key
)
def
get_info
(
key
)
...
...
lib/gitlab/ldap/person.rb
View file @
42bc6cae
...
@@ -36,6 +36,12 @@ module Gitlab
...
@@ -36,6 +36,12 @@ module Gitlab
]
]
end
end
def
self
.
normalize_dn
(
dn
)
dn
.
split
(
/([,+=])/
).
map
do
|
part
|
normalize_dn_part
(
part
)
end
.
join
(
''
)
end
def
initialize
(
entry
,
provider
)
def
initialize
(
entry
,
provider
)
Rails
.
logger
.
debug
{
"Instantiating
#{
self
.
class
.
name
}
with LDIF:
\n
#{
entry
.
to_ldif
}
"
}
Rails
.
logger
.
debug
{
"Instantiating
#{
self
.
class
.
name
}
with LDIF:
\n
#{
entry
.
to_ldif
}
"
}
@entry
=
entry
@entry
=
entry
...
@@ -58,10 +64,43 @@ module Gitlab
...
@@ -58,10 +64,43 @@ module Gitlab
attribute_value
(
:email
)
attribute_value
(
:email
)
end
end
delegate
:dn
,
to: :entry
def
dn
self
.
class
.
normalize_dn
(
entry
.
dn
)
end
private
private
def
self
.
normalize_dn_part
(
part
)
cleaned
=
part
.
strip
if
cleaned
.
ends_with?
(
'\\'
)
# If it ends with an escape character that is not followed by a
# character to be escaped, then this part may be malformed. But let's
# not worry too much about it, and just return it unmodified.
#
# Why? Because the reason we clean DNs is to make our simplistic
# string comparisons work better, even though there are all kinds of
# ways that equivalent DNs can vary as strings. If we run into a
# strange DN, we should just try to work with it.
#
# See https://www.ldap.com/ldap-dns-and-rdns for more.
return
part
unless
part
.
ends_with?
(
' '
)
# Ends with an escaped space (which is valid).
cleaned
=
cleaned
+
' '
end
# Get rid of blanks. This can happen if a split character is followed by
# whitespace and then another split character.
#
# E.g. this DN: 'uid=john+telephoneNumber= +1 555-555-5555'
#
# Should be returned as: 'uid=john+telephoneNumber=+1 555-555-5555'
cleaned
=
''
if
cleaned
.
blank?
cleaned
end
def
entry
def
entry
@entry
@entry
end
end
...
...
spec/lib/gitlab/ldap/auth_hash_spec.rb
View file @
42bc6cae
...
@@ -4,7 +4,7 @@ describe Gitlab::LDAP::AuthHash do
...
@@ -4,7 +4,7 @@ describe Gitlab::LDAP::AuthHash do
let
(
:auth_hash
)
do
let
(
:auth_hash
)
do
described_class
.
new
(
described_class
.
new
(
OmniAuth
::
AuthHash
.
new
(
OmniAuth
::
AuthHash
.
new
(
uid:
'123456'
,
uid:
given_uid
,
provider:
'ldapmain'
,
provider:
'ldapmain'
,
info:
info
,
info:
info
,
extra:
{
extra:
{
...
@@ -32,6 +32,8 @@ describe Gitlab::LDAP::AuthHash do
...
@@ -32,6 +32,8 @@ describe Gitlab::LDAP::AuthHash do
end
end
context
"without overridden attributes"
do
context
"without overridden attributes"
do
let
(
:given_uid
)
{
'uid=John Smith,ou=People,dc=example,dc=com'
}
it
"has the correct username"
do
it
"has the correct username"
do
expect
(
auth_hash
.
username
).
to
eq
(
"123456"
)
expect
(
auth_hash
.
username
).
to
eq
(
"123456"
)
end
end
...
@@ -42,6 +44,8 @@ describe Gitlab::LDAP::AuthHash do
...
@@ -42,6 +44,8 @@ describe Gitlab::LDAP::AuthHash do
end
end
context
"with overridden attributes"
do
context
"with overridden attributes"
do
let
(
:given_uid
)
{
'uid=John Smith,ou=People,dc=example,dc=com'
}
let
(
:attributes
)
do
let
(
:attributes
)
do
{
{
'username'
=>
%w(mail email)
,
'username'
=>
%w(mail email)
,
...
@@ -61,4 +65,14 @@ describe Gitlab::LDAP::AuthHash do
...
@@ -61,4 +65,14 @@ describe Gitlab::LDAP::AuthHash do
expect
(
auth_hash
.
name
).
to
eq
(
"John Smith"
)
expect
(
auth_hash
.
name
).
to
eq
(
"John Smith"
)
end
end
end
end
describe
'#uid'
do
context
'when there is extraneous (but valid) whitespace'
do
let
(
:given_uid
)
{
'uid =John Smith , ou = People, dc= example,dc =com'
}
it
'removes the extraneous whitespace'
do
expect
(
auth_hash
.
uid
).
to
eq
(
'uid=John Smith,ou=People,dc=example,dc=com'
)
end
end
end
end
end
spec/lib/gitlab/ldap/person_spec.rb
View file @
42bc6cae
...
@@ -16,6 +16,136 @@ describe Gitlab::LDAP::Person do
...
@@ -16,6 +16,136 @@ describe Gitlab::LDAP::Person do
)
)
end
end
describe
'.normalize_dn'
do
context
'when there is extraneous (but valid) whitespace'
do
it
'removes the extraneous whitespace'
do
given
=
'uid =John Smith , ou = People, dc= example,dc =com'
expected
=
'uid=John Smith,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
context
'for a DN with a single RDN'
do
it
'removes the extraneous whitespace'
do
given
=
'uid = John Smith'
expected
=
'uid=John Smith'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when there are escaped characters'
do
it
'removes extraneous whitespace without changing the escaped characters'
do
given
=
'uid = Sebasti\\c3\\a1n\\ C.\\20Smith\\ , ou=People (aka. \\22humans\\") ,dc=example, dc=com'
expected
=
'uid=Sebasti\\c3\\a1n\\ C.\\20Smith\\ ,ou=People (aka. \\22humans\\"),dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'with a multivalued RDN'
do
it
'removes extraneous whitespace without modifying the multivalued RDN'
do
given
=
'uid = John Smith + telephoneNumber = +1 555-555-5555 , ou = People,dc=example,dc=com'
expected
=
'uid=John Smith+telephoneNumber=+1 555-555-5555,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
context
'with a telephoneNumber with a space after the plus sign'
do
# I am not sure whether a space after the telephoneNumber plus sign is valid,
# and I am not sure if this is "proper" behavior under these conditions, and
# I am not sure if it matters to us or anyone else, so rather than dig
# through RFCs, I am only documenting the behavior here.
it
'removes the space after the plus sign in the telephoneNumber'
do
given
=
'uid = John Smith + telephoneNumber = + 1 555-555-5555 , ou = People,dc=example,dc=com'
expected
=
'uid=John Smith+telephoneNumber=+1 555-555-5555,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
end
end
context
'for a null DN (empty string)'
do
it
'returns empty string and does not error'
do
given
=
''
expected
=
''
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when there is an escaped leading space in an attribute value'
do
it
'does not remove the escaped leading space (and does not error like Net::LDAP::DN.new does)'
do
given
=
'uid=\\ John Smith,ou=People,dc=example,dc=com'
expected
=
'uid=\\ John Smith,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when there is an escaped trailing space in an attribute value'
do
it
'does not remove the escaped trailing space'
do
given
=
'uid=John Smith\\ ,ou=People,dc=example,dc=com'
expected
=
'uid=John Smith\\ ,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when there is an escaped leading newline in an attribute value'
do
it
'does not remove the escaped leading newline'
do
given
=
'uid=\\\nJohn Smith,ou=People,dc=example,dc=com'
expected
=
'uid=\\\nJohn Smith,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when there is an escaped trailing newline in an attribute value'
do
it
'does not remove the escaped trailing newline'
do
given
=
'uid=John Smith\\\n,ou=People,dc=example,dc=com'
expected
=
'uid=John Smith\\\n,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when there is an unescaped leading newline in an attribute value'
do
it
'does not remove the unescaped leading newline'
do
given
=
'uid=\nJohn Smith,ou=People,dc=example,dc=com'
expected
=
'uid=\nJohn Smith,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when there is an unescaped trailing newline in an attribute value'
do
it
'does not remove the unescaped trailing newline'
do
given
=
'uid=John Smith\n ,ou=People,dc=example,dc=com'
expected
=
'uid=John Smith\n,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'with uppercase characters'
do
# We may need to normalize casing at some point.
# I am just making it explicit that we don't at this time.
it
'returns the DN with unmodified casing'
do
given
=
'UID=John Smith,ou=People,dc=example,dc=com'
expected
=
'UID=John Smith,ou=People,dc=example,dc=com'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'with a malformed DN'
do
context
'when passed a UID instead of a DN'
do
it
'returns the UID (with whitespace stripped)'
do
given
=
' John C. Smith '
expected
=
'John C. Smith'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
context
'when an equal sign is escaped'
do
it
'returns the DN completely unmodified'
do
given
=
'uid= foo\\=bar'
expected
=
'uid= foo\\=bar'
expect
(
described_class
.
normalize_dn
(
given
)).
to
eq
(
expected
)
end
end
end
end
describe
'#name'
do
describe
'#name'
do
it
'uses the configured name attribute and handles values as an array'
do
it
'uses the configured name attribute and handles values as an array'
do
name
=
'John Doe'
name
=
'John Doe'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment