@@ -140,6 +140,18 @@ class Access extends LDAPUtility implements user\IUserTools { | |||
return in_array($attr, $resemblingAttributes); | |||
} | |||
/** | |||
* checks whether the given string is probably a DN | |||
* @param string $string | |||
* @return boolean | |||
*/ | |||
public function stringResemblesDN($string) { | |||
$r = $this->ldap->explodeDN($string, 0); | |||
// if exploding a DN succeeds and does not end up in | |||
// an empty array except for $r[count] being 0. | |||
return (is_array($r) && count($r) > 1); | |||
} | |||
/** | |||
* sanitizes a DN received from the LDAP server | |||
* @param array $dn the DN in question |
@@ -33,6 +33,8 @@ interface IUserTools { | |||
public function readAttribute($dn, $attr, $filter = 'objectClass=*'); | |||
public function stringResemblesDN($string); | |||
public function dn2username($dn, $ldapname = null); | |||
public function username2dn($name); |
@@ -143,8 +143,7 @@ class Manager { | |||
return $this->users['byUid'][$id]; | |||
} | |||
if(strpos(mb_strtolower($id, 'UTF-8'), 'dc=') === false | |||
&& strpos(mb_strtolower($id, 'UTF-8'), 'uid=') === false ) { | |||
if(!$this->access->stringResemblesDN($id) ) { | |||
//most likely a uid | |||
$dn = $this->access->username2dn($id); | |||
if($dn !== false) { |
@@ -156,4 +156,80 @@ class Test_Access extends \PHPUnit_Framework_TestCase { | |||
$this->assertSame($expected, $access->getDomainDNFromDN($inputDN)); | |||
} | |||
public function stringResemblesDNYes() { | |||
list($lw, $con, $um) = $this->getConnecterAndLdapMock(); | |||
$access = new Access($con, $lw, $um); | |||
$input = 'foo=bar,bar=foo,dc=foobar'; | |||
$interResult = array( | |||
'count' => 3, | |||
0 => 'foo=bar', | |||
1 => 'bar=foo', | |||
2 => 'dc=foobar' | |||
); | |||
$lw->expects($this->once()) | |||
->method('explodeDN') | |||
->will($this->returnValue($interResult)); | |||
$this->assertTrue($access->stringResemblesDN($input)); | |||
} | |||
public function stringResemblesDNYesLDAPmod() { | |||
list($lw, $con, $um) = $this->getConnecterAndLdapMock(); | |||
$lw = new \OCA\user_ldap\lib\LDAP(); | |||
$access = new Access($con, $lw, $um); | |||
if(!function_exists('ldap_explode_dn')) { | |||
$this->markTestSkipped('LDAP Module not available'); | |||
} | |||
$input = 'foo=bar,bar=foo,dc=foobar'; | |||
$interResult = array( | |||
'count' => 3, | |||
0 => 'foo=bar', | |||
1 => 'bar=foo', | |||
2 => 'dc=foobar' | |||
); | |||
$lw->expects($this->once()) | |||
->method('explodeDN') | |||
->will($this->returnValue($interResult)); | |||
$this->assertTrue($access->stringResemblesDN($input)); | |||
} | |||
public function stringResemblesDNNo() { | |||
list($lw, $con, $um) = $this->getConnecterAndLdapMock(); | |||
$access = new Access($con, $lw, $um); | |||
$input = 'foobarbarfoodcfoobar'; | |||
$interResult = false; | |||
$lw->expects($this->once()) | |||
->method('explodeDN') | |||
->will($this->returnValue($interResult)); | |||
$this->assertFalse($access->stringResemblesDN($input)); | |||
} | |||
public function stringResemblesDNNoLDAPMod() { | |||
list($lw, $con, $um) = $this->getConnecterAndLdapMock(); | |||
$lw = new \OCA\user_ldap\lib\LDAP(); | |||
$access = new Access($con, $lw, $um); | |||
if(!function_exists('ldap_explode_dn')) { | |||
$this->markTestSkipped('LDAP Module not available'); | |||
} | |||
$input = 'foobarbarfoodcfoobar'; | |||
$interResult = false; | |||
$lw->expects($this->once()) | |||
->method('explodeDN') | |||
->will($this->returnValue($interResult)); | |||
$this->assertFalse($access->stringResemblesDN($input)); | |||
} | |||
} |
@@ -44,6 +44,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase { | |||
$inputDN = 'cn=foo,dc=foobar,dc=bar'; | |||
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e'; | |||
$access->expects($this->once()) | |||
->method('stringResemblesDN') | |||
->with($this->equalTo($inputDN)) | |||
->will($this->returnValue(true)); | |||
$access->expects($this->once()) | |||
->method('dn2username') | |||
->with($this->equalTo($inputDN)) | |||
@@ -66,6 +71,38 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase { | |||
$inputDN = 'uid=foo,o=foobar,c=bar'; | |||
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e'; | |||
$access->expects($this->once()) | |||
->method('stringResemblesDN') | |||
->with($this->equalTo($inputDN)) | |||
->will($this->returnValue(true)); | |||
$access->expects($this->once()) | |||
->method('dn2username') | |||
->with($this->equalTo($inputDN)) | |||
->will($this->returnValue($uid)); | |||
$access->expects($this->never()) | |||
->method('username2dn'); | |||
$manager = new Manager($config, $filesys, $log, $avaMgr, $image); | |||
$manager->setLdapAccess($access); | |||
$user = $manager->get($inputDN); | |||
$this->assertInstanceOf('\OCA\user_ldap\lib\user\User', $user); | |||
} | |||
public function testGetByExoticDN() { | |||
list($access, $config, $filesys, $image, $log, $avaMgr) = | |||
$this->getTestInstances(); | |||
$inputDN = 'ab=cde,f=ghei,mno=pq'; | |||
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e'; | |||
$access->expects($this->once()) | |||
->method('stringResemblesDN') | |||
->with($this->equalTo($inputDN)) | |||
->will($this->returnValue(true)); | |||
$access->expects($this->once()) | |||
->method('dn2username') | |||
->with($this->equalTo($inputDN)) | |||
@@ -87,6 +124,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase { | |||
$inputDN = 'cn=gone,dc=foobar,dc=bar'; | |||
$access->expects($this->once()) | |||
->method('stringResemblesDN') | |||
->with($this->equalTo($inputDN)) | |||
->will($this->returnValue(true)); | |||
$access->expects($this->once()) | |||
->method('dn2username') | |||
->with($this->equalTo($inputDN)) | |||
@@ -119,6 +161,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase { | |||
->with($this->equalTo($uid)) | |||
->will($this->returnValue($dn)); | |||
$access->expects($this->once()) | |||
->method('stringResemblesDN') | |||
->with($this->equalTo($uid)) | |||
->will($this->returnValue(false)); | |||
$manager = new Manager($config, $filesys, $log, $avaMgr, $image); | |||
$manager->setLdapAccess($access); | |||
$user = $manager->get($uid); |