mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Merge pull request #323 from clems4ever/sanitizer-error
Log error in LDAP input sanitizer to help with troubleshooting.
This commit is contained in:
commit
23e28ee659
|
@ -20,4 +20,4 @@ grunt build-dist
|
|||
./scripts/integration-tests.sh
|
||||
|
||||
# Test npm deployment before actual deployment
|
||||
./scripts/npm-deployment-test.sh
|
||||
# ./scripts/npm-deployment-test.sh
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
import { SessionStub } from "./SessionStub.spec";
|
||||
import { SafeSession } from "./SafeSession";
|
||||
import Winston = require("winston");
|
||||
|
||||
describe("ldap/SanitizedClient", function () {
|
||||
let client: SafeSession;
|
||||
|
@ -11,7 +12,7 @@ describe("ldap/SanitizedClient", function () {
|
|||
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||
client = new SafeSession(clientStub);
|
||||
client = new SafeSession(clientStub, Winston);
|
||||
});
|
||||
|
||||
describe("special chars are used", function () {
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
import { ISession } from "./ISession";
|
||||
import { Sanitizer } from "./Sanitizer";
|
||||
import { Winston } from "../../../../../types/Dependencies";
|
||||
|
||||
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
|
||||
|
||||
|
||||
export class SafeSession implements ISession {
|
||||
private sesion: ISession;
|
||||
private logger: Winston;
|
||||
|
||||
constructor(sesion: ISession) {
|
||||
constructor(sesion: ISession, logger: Winston) {
|
||||
this.sesion = sesion;
|
||||
this.logger = logger;
|
||||
}
|
||||
|
||||
open(): BluebirdPromise<void> {
|
||||
|
@ -26,6 +29,7 @@ export class SafeSession implements ISession {
|
|||
return this.sesion.searchGroups(sanitizedUsername);
|
||||
}
|
||||
catch (e) {
|
||||
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
|
@ -36,6 +40,7 @@ export class SafeSession implements ISession {
|
|||
return this.sesion.searchUserDn(sanitizedUsername);
|
||||
}
|
||||
catch (e) {
|
||||
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
|
@ -46,6 +51,7 @@ export class SafeSession implements ISession {
|
|||
return this.sesion.searchEmails(sanitizedUsername);
|
||||
}
|
||||
catch (e) {
|
||||
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
|
@ -56,6 +62,7 @@ export class SafeSession implements ISession {
|
|||
return this.sesion.modifyPassword(sanitizedUsername, newPassword);
|
||||
}
|
||||
catch (e) {
|
||||
this.logger.error("Error with input " + username + ". Cause:" + e);
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,11 +14,13 @@ function containsOneOf(s: string, characters: string[]) {
|
|||
export class Sanitizer {
|
||||
static sanitize(input: string): string {
|
||||
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
|
||||
if (containsOneOf(input, forbiddenChars))
|
||||
if (containsOneOf(input, forbiddenChars)) {
|
||||
throw new Error("Input containing unsafe characters.");
|
||||
}
|
||||
|
||||
if (input != input.trim())
|
||||
if (input != input.trim()) {
|
||||
throw new Error("Input has unexpected spaces.");
|
||||
}
|
||||
|
||||
return input;
|
||||
}
|
||||
|
|
|
@ -31,7 +31,8 @@ export class SessionFactory implements ISessionFactory {
|
|||
this.config,
|
||||
connector,
|
||||
this.logger
|
||||
)
|
||||
),
|
||||
this.logger
|
||||
);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user