do not create empty userid when attribute does not have allowed chars

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2018-03-02 17:44:06 +01:00
parent 655e39ffcd
commit 6e3c05f513
No known key found for this signature in database
GPG Key ID: 7424F1874854DF23
2 changed files with 59 additions and 6 deletions

View File

@ -580,7 +580,19 @@ class Access extends LDAPUtility implements IUserTools {
} else { } else {
$username = $uuid; $username = $uuid;
} }
try {
$intName = $this->sanitizeUsername($username); $intName = $this->sanitizeUsername($username);
} catch (\InvalidArgumentException $e) {
\OC::$server->getLogger()->logException($e, [
'app' => 'user_ldap',
'level' => Util::WARN,
]);
// we don't attempt to set a username here. We can go for
// for an alternative 4 digit random number as we would append
// otherwise, however it's likely not enough space in bigger
// setups, and most importantly: this is not intended.
return false;
}
} else { } else {
$intName = $ldapName; $intName = $ldapName;
} }
@ -1294,16 +1306,22 @@ class Access extends LDAPUtility implements IUserTools {
/** /**
* @param string $name * @param string $name
* @return bool|mixed|string * @return string
* @throws \InvalidArgumentException
*/ */
public function sanitizeUsername($name) { public function sanitizeUsername($name) {
$name = trim($name);
if($this->connection->ldapIgnoreNamingRules) { if($this->connection->ldapIgnoreNamingRules) {
return trim($name); return $name;
} }
// Transliteration // Transliteration to ASCII
// latin characters to ASCII $transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name);
$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name); if($transliterated !== false) {
// depending on system config iconv can work or not
$name = $transliterated;
}
// Replacements // Replacements
$name = str_replace(' ', '_', $name); $name = str_replace(' ', '_', $name);
@ -1311,6 +1329,10 @@ class Access extends LDAPUtility implements IUserTools {
// Every remaining disallowed characters will be removed // Every remaining disallowed characters will be removed
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
if($name === '') {
throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
}
return $name; return $name;
} }

View File

@ -632,5 +632,36 @@ class AccessTest extends TestCase {
$this->assertSame($expected, $list); $this->assertSame($expected, $list);
} }
public function intUsernameProvider() {
// system dependent :-/
$translitExpected = @iconv('UTF-8', 'ASCII//TRANSLIT', 'fränk') ? 'frank' : 'frnk';
return [
['alice', 'alice'],
['b/ob', 'bob'],
['charly🐬', 'charly'],
['debo rah', 'debo_rah'],
['epost@poste.test', 'epost@poste.test'],
['fränk', $translitExpected],
[' gerda ', 'gerda'],
['🕱🐵🐘🐑', null]
];
}
/**
* @dataProvider intUsernameProvider
*
* @param $name
* @param $expected
*/
public function testSanitizeUsername($name, $expected) {
if($expected === null) {
$this->expectException(\InvalidArgumentException::class);
}
$sanitizedName = $this->access->sanitizeUsername($name);
$this->assertSame($expected, $sanitizedName);
}
} }