diff options
| author | Unknwon <u@gogs.io> | 2016-07-12 07:07:57 +0800 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2016-07-12 07:07:57 +0800 |
| commit | a752f0905551a0d8fd6edb893f748cb9490a28dc (patch) | |
| tree | 2a29a99725fe1b7ee3471e087e1dd89e1a51b0f6 /models/login.go | |
| parent | 846bf2ca9fcb4cd8cc85cc189e9f153c04080e5d (diff) | |
| download | gitea-a752f0905551a0d8fd6edb893f748cb9490a28dc.tar.gz gitea-a752f0905551a0d8fd6edb893f748cb9490a28dc.zip | |
#2709 validate username attribute fetched from LDAP
Diffstat (limited to 'models/login.go')
| -rw-r--r-- | models/login.go | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/models/login.go b/models/login.go index 22edc25b55..84f17d18e5 100644 --- a/models/login.go +++ b/models/login.go @@ -15,6 +15,7 @@ import ( "time" "github.com/Unknwon/com" + "github.com/go-macaron/binding" "github.com/go-xorm/core" "github.com/go-xorm/xorm" @@ -280,7 +281,7 @@ func DeleteSource(source *LoginSource) error { func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) { cfg := source.Cfg.(*LDAPConfig) directBind := (source.Type == LOGIN_DLDAP) - name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind) + username, fn, sn, mail, isAdmin, logged := cfg.SearchEntry(loginName, passwd, directBind) if !logged { // User not in LDAP, do nothing return nil, ErrUserNotExist{0, loginName} @@ -291,37 +292,42 @@ func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, } // Fallback. - if len(name) == 0 { - name = loginName + if len(username) == 0 { + username = loginName } + // Validate username make sure it satisfies requirement. + if !binding.AlphaDashDotPattern.MatchString(username) { + return nil, fmt.Errorf("Invalid pattern for attribute 'username' [%s]: must be valid alpha or numeric or dash(-_) or dot characters", username) + } + if len(mail) == 0 { - mail = fmt.Sprintf("%s@localhost", name) + mail = fmt.Sprintf("%s@localhost", username) } u = &User{ - LowerName: strings.ToLower(name), - Name: name, - FullName: composeFullName(fn, sn, name), + LowerName: strings.ToLower(username), + Name: username, + FullName: composeFullName(fn, sn, username), LoginType: source.Type, LoginSource: source.ID, LoginName: loginName, Email: mail, - IsAdmin: admin, + IsAdmin: isAdmin, IsActive: true, } return u, CreateUser(u) } -func composeFullName(firstName, surename, userName string) string { +func composeFullName(firstname, surname, username string) string { switch { - case len(firstName) == 0 && len(surename) == 0: - return userName - case len(firstName) == 0: - return surename - case len(surename) == 0: - return firstName + case len(firstname) == 0 && len(surname) == 0: + return username + case len(firstname) == 0: + return surname + case len(surname) == 0: + return firstname default: - return firstName + " " + surename + return firstname + " " + surname } } |