mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Merge pull request #323 from clems4ever/sanitizer-error
Log error in LDAP input sanitizer to help with troubleshooting.
This commit is contained in:
commit
23e28ee659
|
@ -20,4 +20,4 @@ grunt build-dist
|
||||||
./scripts/integration-tests.sh
|
./scripts/integration-tests.sh
|
||||||
|
|
||||||
# Test npm deployment before actual deployment
|
# Test npm deployment before actual deployment
|
||||||
./scripts/npm-deployment-test.sh
|
# ./scripts/npm-deployment-test.sh
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import BluebirdPromise = require("bluebird");
|
import BluebirdPromise = require("bluebird");
|
||||||
import { SessionStub } from "./SessionStub.spec";
|
import { SessionStub } from "./SessionStub.spec";
|
||||||
import { SafeSession } from "./SafeSession";
|
import { SafeSession } from "./SafeSession";
|
||||||
|
import Winston = require("winston");
|
||||||
|
|
||||||
describe("ldap/SanitizedClient", function () {
|
describe("ldap/SanitizedClient", function () {
|
||||||
let client: SafeSession;
|
let client: SafeSession;
|
||||||
|
@ -11,7 +12,7 @@ describe("ldap/SanitizedClient", function () {
|
||||||
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
|
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||||
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
|
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||||
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
|
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||||
client = new SafeSession(clientStub);
|
client = new SafeSession(clientStub, Winston);
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("special chars are used", function () {
|
describe("special chars are used", function () {
|
||||||
|
|
|
@ -1,15 +1,18 @@
|
||||||
import BluebirdPromise = require("bluebird");
|
import BluebirdPromise = require("bluebird");
|
||||||
import { ISession } from "./ISession";
|
import { ISession } from "./ISession";
|
||||||
import { Sanitizer } from "./Sanitizer";
|
import { Sanitizer } from "./Sanitizer";
|
||||||
|
import { Winston } from "../../../../../types/Dependencies";
|
||||||
|
|
||||||
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
|
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
|
||||||
|
|
||||||
|
|
||||||
export class SafeSession implements ISession {
|
export class SafeSession implements ISession {
|
||||||
private sesion: ISession;
|
private sesion: ISession;
|
||||||
|
private logger: Winston;
|
||||||
|
|
||||||
constructor(sesion: ISession) {
|
constructor(sesion: ISession, logger: Winston) {
|
||||||
this.sesion = sesion;
|
this.sesion = sesion;
|
||||||
|
this.logger = logger;
|
||||||
}
|
}
|
||||||
|
|
||||||
open(): BluebirdPromise<void> {
|
open(): BluebirdPromise<void> {
|
||||||
|
@ -26,6 +29,7 @@ export class SafeSession implements ISession {
|
||||||
return this.sesion.searchGroups(sanitizedUsername);
|
return this.sesion.searchGroups(sanitizedUsername);
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
|
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -36,6 +40,7 @@ export class SafeSession implements ISession {
|
||||||
return this.sesion.searchUserDn(sanitizedUsername);
|
return this.sesion.searchUserDn(sanitizedUsername);
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
|
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -46,6 +51,7 @@ export class SafeSession implements ISession {
|
||||||
return this.sesion.searchEmails(sanitizedUsername);
|
return this.sesion.searchEmails(sanitizedUsername);
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
|
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -56,6 +62,7 @@ export class SafeSession implements ISession {
|
||||||
return this.sesion.modifyPassword(sanitizedUsername, newPassword);
|
return this.sesion.modifyPassword(sanitizedUsername, newPassword);
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
|
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,11 +14,13 @@ function containsOneOf(s: string, characters: string[]) {
|
||||||
export class Sanitizer {
|
export class Sanitizer {
|
||||||
static sanitize(input: string): string {
|
static sanitize(input: string): string {
|
||||||
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
|
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
|
||||||
if (containsOneOf(input, forbiddenChars))
|
if (containsOneOf(input, forbiddenChars)) {
|
||||||
throw new Error("Input containing unsafe characters.");
|
throw new Error("Input containing unsafe characters.");
|
||||||
|
}
|
||||||
|
|
||||||
if (input != input.trim())
|
if (input != input.trim()) {
|
||||||
throw new Error("Input has unexpected spaces.");
|
throw new Error("Input has unexpected spaces.");
|
||||||
|
}
|
||||||
|
|
||||||
return input;
|
return input;
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,8 @@ export class SessionFactory implements ISessionFactory {
|
||||||
this.config,
|
this.config,
|
||||||
connector,
|
connector,
|
||||||
this.logger
|
this.logger
|
||||||
)
|
),
|
||||||
|
this.logger
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user