commit 3ae70ad5028f82fd7b3a33bb36d2d05bd546fab3
author Dave Brondsema <dbrondsema@slashdotmedia.com> Fri Oct 03 19:26:32 2014 +0000
committer Igor Bondarenko <jetmind2@gmail.com> Thu Oct 16 09:18:52 2014 +0000
tree 6c45ecf64c018e58fe225f2ca8f154411574875e
parent 49be4903b8957ecbdaefc92456701a0513b815db

[#7732] (unrelated) prevent empty LDAP login from proceeding

Allura/allura/lib/plugin.py

diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index f1c9c3c..a2a57b1 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -430,6 +430,8 @@
 
 def ldap_user_dn(username):
     'return a Distinguished Name for a given username'
+    if not username:
+        raise ValueError('Empty username')
     return 'uid=%s,%s' % (
         ldap.dn.escape_dn_chars(username),
         config['auth.ldap.suffix'])
@@ -569,7 +571,11 @@
     def _validate_password(self, username, password):
         '''by username'''
         try:
-            con = ldap_conn(ldap_user_dn(username), password)
+            ldap_user = ldap_user_dn(username)
+        except ValueError:
+            return False
+        try:
+            con = ldap_conn(ldap_user, password)
             con.unbind_s()
             return True
         except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, ldap.NO_SUCH_OBJECT):