Browse Source
do not create empty userid when attribute does not have allowed chars
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>tags/v14.0.0beta1
Arthur Schiwon
6 years ago
2 changed files with 47 additions and 3 deletions
+ 19
- 3
apps/user_ldap/lib/Access.php
View File
| @@ -579,7 +579,19 @@ class Access extends LDAPUtility implements IUserTools { | |||
| } else { | |||
| $username = $uuid; | |||
| } | |||
| $intName = $this->sanitizeUsername($username); | |||
| try { | |||
| $intName = $this->sanitizeUsername($username); | |||
| } catch (\InvalidArgumentException $e) { | |||
| \OC::$server->getLogger()->logException($e, [ | |||
| 'app' => 'user_ldap', | |||
| 'level' => Util::WARN, | |||
| ]); | |||
| // we don't attempt to set a username here. We can go for | |||
| // for an alternativ 4 digit random number as we would append | |||
| // otherwise, however it's likely not enough space in bigger | |||
| // setups, and most importantly: this is not intended. | |||
| return false; | |||
| } | |||
| } else { | |||
| $intName = $ldapName; | |||
| } | |||
| @@ -1291,7 +1303,7 @@ class Access extends LDAPUtility implements IUserTools { | |||
| /** | |||
| * @param string $name | |||
| * @return bool|mixed|string | |||
| * @return string | |||
| */ | |||
| public function sanitizeUsername($name) { | |||
| if($this->connection->ldapIgnoreNamingRules) { | |||
| @@ -1300,7 +1312,7 @@ class Access extends LDAPUtility implements IUserTools { | |||
| // Transliteration | |||
| // latin characters to ASCII | |||
| $name = iconv('UTF-8', 'ASCII//TRANSLIT', $name); | |||
| $name = iconv('UTF-8', 'ASCII//TRANSLIT', trim($name)); | |||
| // Replacements | |||
| $name = str_replace(' ', '_', $name); | |||
| @@ -1308,6 +1320,10 @@ class Access extends LDAPUtility implements IUserTools { | |||
| // Every remaining disallowed characters will be removed | |||
| $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); | |||
| if($name === '') { | |||
| throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters'); | |||
| } | |||
| return $name; | |||
| } | |||
+ 28
- 0
apps/user_ldap/tests/AccessTest.php
View File
| @@ -632,5 +632,33 @@ class AccessTest extends TestCase { | |||
| $this->assertSame($expected, $list); | |||
| } | |||
| public function intUsernameProvider() { | |||
| return [ | |||
| ['alice', 'alice'], | |||
| ['b/ob', 'bob'], | |||
| ['charly🐬', 'charly'], | |||
| ['debo rah', 'debo_rah'], | |||
| ['epost@poste.test', 'epost@poste.test'], | |||
| ['fränk', 'frank'], | |||
| [' gerda ', 'gerda'], | |||
| ['🕱🐵🐘🐑', null] | |||
| ]; | |||
| } | |||
| /** | |||
| * @dataProvider intUsernameProvider | |||
| * | |||
| * @param $name | |||
| * @param $expected | |||
| */ | |||
| public function testSanitizeUsername($name, $expected) { | |||
| if($expected === null) { | |||
| $this->expectException(\InvalidArgumentException::class); | |||
| } | |||
| $sanitizedName = $this->access->sanitizeUsername($name); | |||
| $this->assertSame($expected, $sanitizedName); | |||
| } | |||
| } | |||
Loading…