Merge pull request #323 from clems4ever/sanitizer-error

Log error in LDAP input sanitizer to help with troubleshooting.

scripts/travis.sh

@@ -20,4 +20,4 @@ grunt build-dist
 ./scripts/integration-tests.sh
 
 # Test npm deployment before actual deployment
-./scripts/npm-deployment-test.sh
+# ./scripts/npm-deployment-test.sh

server/src/lib/authentication/backends/ldap/SafeSession.spec.ts

@@ -1,6 +1,7 @@
 import BluebirdPromise = require("bluebird");
 import { SessionStub } from "./SessionStub.spec";
 import { SafeSession } from "./SafeSession";
+import Winston = require("winston");
 
 describe("ldap/SanitizedClient", function () {
   let client: SafeSession;
@@ -11,7 +12,7 @@ describe("ldap/SanitizedClient", function () {
     clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
     clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
     clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
-    client = new SafeSession(clientStub);
+    client = new SafeSession(clientStub, Winston);
   });
 
   describe("special chars are used", function () {
@@ -73,4 +74,4 @@ describe("ldap/SanitizedClient", function () {
       return client.modifyPassword("dummy_user", "abc");
     });
   });
-});
+});

server/src/lib/authentication/backends/ldap/SafeSession.ts

@@ -1,15 +1,18 @@
 import BluebirdPromise = require("bluebird");
 import { ISession } from "./ISession";
 import { Sanitizer } from "./Sanitizer";
+import { Winston } from "../../../../../types/Dependencies";
 
 const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
 
 
 export class SafeSession implements ISession {
   private sesion: ISession;
+  private logger: Winston;
 
-  constructor(sesion: ISession) {
+  constructor(sesion: ISession, logger: Winston) {
     this.sesion = sesion;
+    this.logger = logger;
   }
 
   open(): BluebirdPromise<void> {
@@ -26,6 +29,7 @@ export class SafeSession implements ISession {
       return this.sesion.searchGroups(sanitizedUsername);
     }
     catch (e) {
+      this.logger.error("Error with input " + username + ". Cause:" + e);
       return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
     }
   }
@@ -36,6 +40,7 @@ export class SafeSession implements ISession {
       return this.sesion.searchUserDn(sanitizedUsername);
     }
     catch (e) {
+      this.logger.error("Error with input " + username + ". Cause:" + e);
       return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
     }
   }
@@ -46,6 +51,7 @@ export class SafeSession implements ISession {
       return this.sesion.searchEmails(sanitizedUsername);
     }
     catch (e) {
+      this.logger.error("Error with input " + username + ". Cause:" + e);
       return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
     }
   }
@@ -56,6 +62,7 @@ export class SafeSession implements ISession {
       return this.sesion.modifyPassword(sanitizedUsername, newPassword);
     }
     catch (e) {
+      this.logger.error("Error with input " + username + ". Cause:" + e);
       return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
     }
   }

server/src/lib/authentication/backends/ldap/Sanitizer.ts

@@ -14,12 +14,14 @@ function containsOneOf(s: string, characters: string[]) {
 export class Sanitizer {
   static sanitize(input: string): string {
     const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
-    if (containsOneOf(input, forbiddenChars))
+    if (containsOneOf(input, forbiddenChars)) {
       throw new Error("Input containing unsafe characters.");
+    }
 
-    if (input != input.trim())
+    if (input != input.trim()) {
       throw new Error("Input has unexpected spaces.");
+    }
 
     return input;
   }
-}
+}

server/src/lib/authentication/backends/ldap/SessionFactory.ts

@@ -31,7 +31,8 @@ export class SessionFactory implements ISessionFactory {
         this.config,
         connector,
         this.logger
-      )
+      ),
+      this.logger
     );
   }
-}
+}