[#3619] Validate the AuthSourceLdap#custom_filter

Conflicts:

	app/models/auth_source_ldap.rb
	test/unit/auth_source_ldap_test.rb
This commit is contained in:
Eric Davis 2011-07-12 14:43:50 -07:00 committed by elm
parent 1318ac204e
commit 0f8a040d28
2 changed files with 25 additions and 0 deletions

View File

@ -21,6 +21,7 @@ class AuthSourceLdap < AuthSource
validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
validates_numericality_of :port, :only_integer => true validates_numericality_of :port, :only_integer => true
validate :custom_filter_should_be_valid_ldap_filter_syntax
before_validation :strip_ldap_attributes before_validation :strip_ldap_attributes
@ -136,6 +137,16 @@ class AuthSourceLdap < AuthSource
return nil return nil
end end
end end
def custom_filter_should_be_valid_ldap_filter_syntax
return true unless custom_filter.present?
begin
return Net::LDAP::Filter.construct(custom_filter)
rescue Net::LDAP::LdapError # Filter syntax error
errors.add(:custom_filter, :invalid)
end
end
def self.get_attr(entry, attr_name) def self.get_attr(entry, attr_name)
if !attr_name.blank? if !attr_name.blank?

View File

@ -31,6 +31,20 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
assert_equal 'givenName', a.reload.attr_firstname assert_equal 'givenName', a.reload.attr_firstname
end end
context "validations" do
should "validate that custom_filter is a valid LDAP filter" do
@auth = AuthSourceLdap.new(:name => 'Validation', :host => 'localhost', :port => 389, :attr_login => 'login')
@auth.custom_filter = "(& (homeDirectory=*) (sn=O*" # Missing ((
assert @auth.invalid?
assert_equal "is invalid", @auth.errors.on(:custom_filter)
@auth.custom_filter = "(& (homeDirectory=*) (sn=O*))"
assert @auth.valid?
assert_equal nil, @auth.errors.on(:custom_filter)
end
end
if ldap_configured? if ldap_configured?
context '#authenticate' do context '#authenticate' do
setup do setup do