summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2018-03-05 19:37:17 +0100
committerGitHub <noreply@github.com>2018-03-05 19:37:17 +0100
commitc2320aea228e7c58d2e77038ca14a80486a9073c (patch)
treee2358e4146d21cae825ab03ad1979e8a81cba443 /apps/user_ldap
parent444159ddb0166b79e4e675fcfbe803fe140616c9 (diff)
parent47a10bd25aadae5774fb4c011810c9d4edc53949 (diff)
downloadnextcloud-server-c2320aea228e7c58d2e77038ca14a80486a9073c.tar.gz
nextcloud-server-c2320aea228e7c58d2e77038ca14a80486a9073c.zip
Merge pull request #8634 from nextcloud/ldap-no-empty-names
do not create empty userid when attribute does not have allowed chars
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/lib/Access.php34
-rw-r--r--apps/user_ldap/tests/AccessTest.php31
2 files changed, 59 insertions, 6 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index c02cc968637..0cbe8fd3028 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -579,7 +579,19 @@ class Access extends LDAPUtility implements IUserTools {
} else {
$username = $uuid;
}
- $intName = $this->sanitizeUsername($username);
+ try {
+ $intName = $this->sanitizeUsername($username);
+ } catch (\InvalidArgumentException $e) {
+ \OC::$server->getLogger()->logException($e, [
+ 'app' => 'user_ldap',
+ 'level' => Util::WARN,
+ ]);
+ // we don't attempt to set a username here. We can go for
+ // for an alternative 4 digit random number as we would append
+ // otherwise, however it's likely not enough space in bigger
+ // setups, and most importantly: this is not intended.
+ return false;
+ }
} else {
$intName = $ldapName;
}
@@ -1291,16 +1303,22 @@ class Access extends LDAPUtility implements IUserTools {
/**
* @param string $name
- * @return bool|mixed|string
+ * @return string
+ * @throws \InvalidArgumentException
*/
public function sanitizeUsername($name) {
+ $name = trim($name);
+
if($this->connection->ldapIgnoreNamingRules) {
- return trim($name);
+ return $name;
}
- // Transliteration
- // latin characters to ASCII
- $name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
+ // Transliteration to ASCII
+ $transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name);
+ if($transliterated !== false) {
+ // depending on system config iconv can work or not
+ $name = $transliterated;
+ }
// Replacements
$name = str_replace(' ', '_', $name);
@@ -1308,6 +1326,10 @@ class Access extends LDAPUtility implements IUserTools {
// Every remaining disallowed characters will be removed
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
+ if($name === '') {
+ throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
+ }
+
return $name;
}
diff --git a/apps/user_ldap/tests/AccessTest.php b/apps/user_ldap/tests/AccessTest.php
index cbb695d779a..336b92af04f 100644
--- a/apps/user_ldap/tests/AccessTest.php
+++ b/apps/user_ldap/tests/AccessTest.php
@@ -632,5 +632,36 @@ class AccessTest extends TestCase {
$this->assertSame($expected, $list);
}
+ public function intUsernameProvider() {
+ // system dependent :-/
+ $translitExpected = @iconv('UTF-8', 'ASCII//TRANSLIT', 'fränk') ? 'frank' : 'frnk';
+
+ return [
+ ['alice', 'alice'],
+ ['b/ob', 'bob'],
+ ['charly🐬', 'charly'],
+ ['debo rah', 'debo_rah'],
+ ['epost@poste.test', 'epost@poste.test'],
+ ['fränk', $translitExpected],
+ [' gerda ', 'gerda'],
+ ['🕱🐵🐘🐑', null]
+ ];
+ }
+
+ /**
+ * @dataProvider intUsernameProvider
+ *
+ * @param $name
+ * @param $expected
+ */
+ public function testSanitizeUsername($name, $expected) {
+ if($expected === null) {
+ $this->expectException(\InvalidArgumentException::class);
+ }
+ $sanitizedName = $this->access->sanitizeUsername($name);
+ $this->assertSame($expected, $sanitizedName);
+ }
+
+
}