From 0f8a040d28a3041fa86937fcfd4b2839934c05b2 Mon Sep 17 00:00:00 2001 From: Eric Davis Date: Tue, 12 Jul 2011 14:43:50 -0700 Subject: [PATCH] [#3619] Validate the AuthSourceLdap#custom_filter Conflicts: app/models/auth_source_ldap.rb test/unit/auth_source_ldap_test.rb --- app/models/auth_source_ldap.rb | 11 +++++++++++ test/unit/auth_source_ldap_test.rb | 14 ++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index 1e2bf243..3536b4f6 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -21,6 +21,7 @@ class AuthSourceLdap < AuthSource validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true validates_numericality_of :port, :only_integer => true + validate :custom_filter_should_be_valid_ldap_filter_syntax before_validation :strip_ldap_attributes @@ -136,6 +137,16 @@ class AuthSourceLdap < AuthSource return nil end end + + def custom_filter_should_be_valid_ldap_filter_syntax + return true unless custom_filter.present? + + begin + return Net::LDAP::Filter.construct(custom_filter) + rescue Net::LDAP::LdapError # Filter syntax error + errors.add(:custom_filter, :invalid) + end + end def self.get_attr(entry, attr_name) if !attr_name.blank? diff --git a/test/unit/auth_source_ldap_test.rb b/test/unit/auth_source_ldap_test.rb index 9fcdace9..0effa103 100644 --- a/test/unit/auth_source_ldap_test.rb +++ b/test/unit/auth_source_ldap_test.rb @@ -31,6 +31,20 @@ class AuthSourceLdapTest < ActiveSupport::TestCase assert_equal 'givenName', a.reload.attr_firstname end + context "validations" do + should "validate that custom_filter is a valid LDAP filter" do + @auth = AuthSourceLdap.new(:name => 'Validation', :host => 'localhost', :port => 389, :attr_login => 'login') + @auth.custom_filter = "(& (homeDirectory=*) (sn=O*" # Missing (( + assert @auth.invalid? + assert_equal "is invalid", @auth.errors.on(:custom_filter) + + @auth.custom_filter = "(& (homeDirectory=*) (sn=O*))" + assert @auth.valid? + assert_equal nil, @auth.errors.on(:custom_filter) + + end + end + if ldap_configured? context '#authenticate' do setup do