Merge pull request #8634 from nextcloud/ldap-no-empty-names
do not create empty userid when attribute does not have allowed chars
This commit is contained in:
commit
c2320aea22
|
@ -579,7 +579,19 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
} else {
|
} else {
|
||||||
$username = $uuid;
|
$username = $uuid;
|
||||||
}
|
}
|
||||||
$intName = $this->sanitizeUsername($username);
|
try {
|
||||||
|
$intName = $this->sanitizeUsername($username);
|
||||||
|
} catch (\InvalidArgumentException $e) {
|
||||||
|
\OC::$server->getLogger()->logException($e, [
|
||||||
|
'app' => 'user_ldap',
|
||||||
|
'level' => Util::WARN,
|
||||||
|
]);
|
||||||
|
// we don't attempt to set a username here. We can go for
|
||||||
|
// for an alternative 4 digit random number as we would append
|
||||||
|
// otherwise, however it's likely not enough space in bigger
|
||||||
|
// setups, and most importantly: this is not intended.
|
||||||
|
return false;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$intName = $ldapName;
|
$intName = $ldapName;
|
||||||
}
|
}
|
||||||
|
@ -1291,16 +1303,22 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $name
|
* @param string $name
|
||||||
* @return bool|mixed|string
|
* @return string
|
||||||
|
* @throws \InvalidArgumentException
|
||||||
*/
|
*/
|
||||||
public function sanitizeUsername($name) {
|
public function sanitizeUsername($name) {
|
||||||
|
$name = trim($name);
|
||||||
|
|
||||||
if($this->connection->ldapIgnoreNamingRules) {
|
if($this->connection->ldapIgnoreNamingRules) {
|
||||||
return trim($name);
|
return $name;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Transliteration
|
// Transliteration to ASCII
|
||||||
// latin characters to ASCII
|
$transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name);
|
||||||
$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
|
if($transliterated !== false) {
|
||||||
|
// depending on system config iconv can work or not
|
||||||
|
$name = $transliterated;
|
||||||
|
}
|
||||||
|
|
||||||
// Replacements
|
// Replacements
|
||||||
$name = str_replace(' ', '_', $name);
|
$name = str_replace(' ', '_', $name);
|
||||||
|
@ -1308,6 +1326,10 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
// Every remaining disallowed characters will be removed
|
// Every remaining disallowed characters will be removed
|
||||||
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
|
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
|
||||||
|
|
||||||
|
if($name === '') {
|
||||||
|
throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
|
||||||
|
}
|
||||||
|
|
||||||
return $name;
|
return $name;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -632,5 +632,36 @@ class AccessTest extends TestCase {
|
||||||
$this->assertSame($expected, $list);
|
$this->assertSame($expected, $list);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function intUsernameProvider() {
|
||||||
|
// system dependent :-/
|
||||||
|
$translitExpected = @iconv('UTF-8', 'ASCII//TRANSLIT', 'fränk') ? 'frank' : 'frnk';
|
||||||
|
|
||||||
|
return [
|
||||||
|
['alice', 'alice'],
|
||||||
|
['b/ob', 'bob'],
|
||||||
|
['charly🐬', 'charly'],
|
||||||
|
['debo rah', 'debo_rah'],
|
||||||
|
['epost@poste.test', 'epost@poste.test'],
|
||||||
|
['fränk', $translitExpected],
|
||||||
|
[' gerda ', 'gerda'],
|
||||||
|
['🕱🐵🐘🐑', null]
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider intUsernameProvider
|
||||||
|
*
|
||||||
|
* @param $name
|
||||||
|
* @param $expected
|
||||||
|
*/
|
||||||
|
public function testSanitizeUsername($name, $expected) {
|
||||||
|
if($expected === null) {
|
||||||
|
$this->expectException(\InvalidArgumentException::class);
|
||||||
|
}
|
||||||
|
$sanitizedName = $this->access->sanitizeUsername($name);
|
||||||
|
$this->assertSame($expected, $sanitizedName);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue