diff --git a/server/src/lib/authentication/backends/ldap/SafeSession.spec.ts b/server/src/lib/authentication/backends/ldap/SafeSession.spec.ts index 9dedfcb7..c02e0dfa 100644 --- a/server/src/lib/authentication/backends/ldap/SafeSession.spec.ts +++ b/server/src/lib/authentication/backends/ldap/SafeSession.spec.ts @@ -1,6 +1,7 @@ import BluebirdPromise = require("bluebird"); import { SessionStub } from "./SessionStub.spec"; import { SafeSession } from "./SafeSession"; +import Winston = require("winston"); describe("ldap/SanitizedClient", function () { let client: SafeSession; @@ -11,7 +12,7 @@ describe("ldap/SanitizedClient", function () { clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve()); clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve()); clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve()); - client = new SafeSession(clientStub); + client = new SafeSession(clientStub, Winston); }); describe("special chars are used", function () { @@ -73,4 +74,4 @@ describe("ldap/SanitizedClient", function () { return client.modifyPassword("dummy_user", "abc"); }); }); -}); \ No newline at end of file +}); diff --git a/server/src/lib/authentication/backends/ldap/SafeSession.ts b/server/src/lib/authentication/backends/ldap/SafeSession.ts index 57220906..fda99c8e 100644 --- a/server/src/lib/authentication/backends/ldap/SafeSession.ts +++ b/server/src/lib/authentication/backends/ldap/SafeSession.ts @@ -1,15 +1,18 @@ import BluebirdPromise = require("bluebird"); import { ISession } from "./ISession"; import { Sanitizer } from "./Sanitizer"; +import { Winston } from "../../../../../types/Dependencies"; const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query."; export class SafeSession implements ISession { private sesion: ISession; + private logger: Winston; - constructor(sesion: ISession) { + constructor(sesion: ISession, logger: Winston) { this.sesion = sesion; + this.logger = logger; } open(): BluebirdPromise { @@ -26,6 +29,7 @@ export class SafeSession implements ISession { return this.sesion.searchGroups(sanitizedUsername); } catch (e) { + this.logger.error("Error with input " + username + ". Cause:" + e); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); } } @@ -36,6 +40,7 @@ export class SafeSession implements ISession { return this.sesion.searchUserDn(sanitizedUsername); } catch (e) { + this.logger.error("Error with input " + username + ". Cause:" + e); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); } } @@ -46,6 +51,7 @@ export class SafeSession implements ISession { return this.sesion.searchEmails(sanitizedUsername); } catch (e) { + this.logger.error("Error with input " + username + ". Cause:" + e); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); } } @@ -56,6 +62,7 @@ export class SafeSession implements ISession { return this.sesion.modifyPassword(sanitizedUsername, newPassword); } catch (e) { + this.logger.error("Error with input " + username + ". Cause:" + e); return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE)); } } diff --git a/server/src/lib/authentication/backends/ldap/Sanitizer.ts b/server/src/lib/authentication/backends/ldap/Sanitizer.ts index be74132a..2790de7f 100644 --- a/server/src/lib/authentication/backends/ldap/Sanitizer.ts +++ b/server/src/lib/authentication/backends/ldap/Sanitizer.ts @@ -14,12 +14,14 @@ function containsOneOf(s: string, characters: string[]) { export class Sanitizer { static sanitize(input: string): string { const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="]; - if (containsOneOf(input, forbiddenChars)) + if (containsOneOf(input, forbiddenChars)) { throw new Error("Input containing unsafe characters."); + } - if (input != input.trim()) + if (input != input.trim()) { throw new Error("Input has unexpected spaces."); + } return input; } -} \ No newline at end of file +} diff --git a/server/src/lib/authentication/backends/ldap/SessionFactory.ts b/server/src/lib/authentication/backends/ldap/SessionFactory.ts index 0b6c4bff..6e8cc6f3 100644 --- a/server/src/lib/authentication/backends/ldap/SessionFactory.ts +++ b/server/src/lib/authentication/backends/ldap/SessionFactory.ts @@ -31,7 +31,8 @@ export class SessionFactory implements ISessionFactory { this.config, connector, this.logger - ) + ), + this.logger ); } -} \ No newline at end of file +}