summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Kozono <mkozono@gmail.com>2017-09-17 23:13:45 -0700
committerMichael Kozono <mkozono@gmail.com>2017-10-07 10:28:12 -0700
commita3ec58dacf0d390512144d79c8972de2c41fc60b (patch)
tree8997404a0fe374d1e78186621ea3844686d5ccf5
parent4ae32d9577d63e95c7d924cb72cce2e7b8fbdf47 (diff)
downloadgitlab-ce-a3ec58dacf0d390512144d79c8972de2c41fc60b.tar.gz
Downcase normalized LDAP DNs and UIDs
-rw-r--r--lib/gitlab/ldap/person.rb2
-rw-r--r--spec/lib/gitlab/ldap/auth_hash_spec.rb12
-rw-r--r--spec/lib/gitlab/ldap/person_spec.rb116
3 files changed, 69 insertions, 61 deletions
diff --git a/lib/gitlab/ldap/person.rb b/lib/gitlab/ldap/person.rb
index 267514d0fcd..d2d6aedba0f 100644
--- a/lib/gitlab/ldap/person.rb
+++ b/lib/gitlab/ldap/person.rb
@@ -100,7 +100,7 @@ module Gitlab
private
def self.normalize_dn_part(part)
- cleaned = part.strip
+ cleaned = part.strip.downcase
if cleaned.ends_with?('\\')
# If it ends with an escape character that is not followed by a
diff --git a/spec/lib/gitlab/ldap/auth_hash_spec.rb b/spec/lib/gitlab/ldap/auth_hash_spec.rb
index a4bd40705df..1785094af10 100644
--- a/spec/lib/gitlab/ldap/auth_hash_spec.rb
+++ b/spec/lib/gitlab/ldap/auth_hash_spec.rb
@@ -68,10 +68,18 @@ describe Gitlab::LDAP::AuthHash do
describe '#uid' do
context 'when there is extraneous (but valid) whitespace' do
- let(:given_uid) { 'uid =John Smith , ou = People, dc= example,dc =com' }
+ let(:given_uid) { 'uid =john smith , ou = people, dc= example,dc =com' }
it 'removes the extraneous whitespace' do
- expect(auth_hash.uid).to eq('uid=John Smith,ou=People,dc=example,dc=com')
+ expect(auth_hash.uid).to eq('uid=john smith,ou=people,dc=example,dc=com')
+ end
+ end
+
+ context 'when there are upper case characters' do
+ let(:given_uid) { 'UID=John Smith,ou=People,dc=example,dc=com' }
+
+ it 'downcases' do
+ expect(auth_hash.uid).to eq('uid=john smith,ou=people,dc=example,dc=com')
end
end
end
diff --git a/spec/lib/gitlab/ldap/person_spec.rb b/spec/lib/gitlab/ldap/person_spec.rb
index 58e63b52631..c2294e63171 100644
--- a/spec/lib/gitlab/ldap/person_spec.rb
+++ b/spec/lib/gitlab/ldap/person_spec.rb
@@ -26,24 +26,24 @@ describe Gitlab::LDAP::Person do
# I am not sure if it matters to us or anyone else, so rather than dig
# through RFCs, I am only documenting the behavior here.
where(:test_description, :given, :expected) do
- 'strips extraneous whitespace' | 'uid =John Smith , ou = People, dc= example,dc =com' | 'uid=John Smith,ou=People,dc=example,dc=com'
- 'strips extraneous whitespace for a DN with a single RDN' | 'uid = John Smith' | 'uid=John Smith'
- 'strips extraneous whitespace without changing escaped characters' | 'uid = Sebasti\\c3\\a1n\\ C.\\20Smith\\ , ou=People (aka. \\22humans\\") ,dc=example, dc=com' | 'uid=Sebasti\\c3\\a1n\\ C.\\20Smith\\ ,ou=People (aka. \\22humans\\"),dc=example,dc=com'
- 'strips extraneous whitespace without modifying the multivalued RDN' | 'uid = John Smith + telephoneNumber = +1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=John Smith+telephoneNumber=+1 555-555-5555,ou=People,dc=example,dc=com'
- 'strips the space after the plus sign in the telephoneNumber' | 'uid = John Smith + telephoneNumber = + 1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=John Smith+telephoneNumber=+1 555-555-5555,ou=People,dc=example,dc=com'
+ 'strips extraneous whitespace' | 'uid =John Smith , ou = People, dc= example,dc =com' | 'uid=john smith,ou=people,dc=example,dc=com'
+ 'strips extraneous whitespace for a DN with a single RDN' | 'uid = John Smith' | 'uid=john smith'
+ 'strips extraneous whitespace without changing escaped characters' | 'uid = Sebasti\\c3\\a1n\\ C.\\20Smith\\ , ou=People (aka. \\22humans\\") ,dc=example, dc=com' | 'uid=sebasti\\c3\\a1n\\ c.\\20smith\\ ,ou=people (aka. \\22humans\\"),dc=example,dc=com'
+ 'strips extraneous whitespace without modifying the multivalued RDN' | 'uid = John Smith + telephoneNumber = +1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=john smith+telephonenumber=+1 555-555-5555,ou=people,dc=example,dc=com'
+ 'strips the space after the plus sign in the telephoneNumber' | 'uid = John Smith + telephoneNumber = + 1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=john smith+telephonenumber=+1 555-555-5555,ou=people,dc=example,dc=com'
+ 'downcases the whole string' | 'UID=John Smith,ou=People,dc=example,dc=com' | 'uid=john smith,ou=people,dc=example,dc=com'
'for a null DN (empty string), returns empty string and does not error' | '' | ''
- 'does not strip the escaped leading space in an attribute value (and does not error like Net::LDAP::DN.new does)' | 'uid=\\ John Smith,ou=People,dc=example,dc=com' | 'uid=\\ John Smith,ou=People,dc=example,dc=com'
- 'does not strip the escaped trailing space in an attribute value' | 'uid=John Smith\\ ,ou=People,dc=example,dc=com' | 'uid=John Smith\\ ,ou=People,dc=example,dc=com'
- 'does not strip the escaped leading newline in an attribute value' | 'uid=\\\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\\\nJohn Smith,ou=People,dc=example,dc=com'
- 'does not strip the escaped trailing newline in an attribute value' | 'uid=John Smith\\\n,ou=People,dc=example,dc=com' | 'uid=John Smith\\\n,ou=People,dc=example,dc=com'
- 'does not strip the unescaped leading newline in an attribute value' | 'uid=\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\nJohn Smith,ou=People,dc=example,dc=com'
- 'does not strip the unescaped trailing newline in an attribute value' | 'uid=John Smith\n ,ou=People,dc=example,dc=com' | 'uid=John Smith\n,ou=People,dc=example,dc=com'
- 'does not modify casing' | 'UID=John Smith,ou=People,dc=example,dc=com' | 'UID=John Smith,ou=People,dc=example,dc=com'
- 'does not strip non whitespace' | 'uid=John Smith,ou=People,dc=example,dc=com' | 'uid=John Smith,ou=People,dc=example,dc=com'
+ 'does not strip the escaped leading space in an attribute value (and does not error like Net::LDAP::DN.new does)' | 'uid=\\ John Smith,ou=People,dc=example,dc=com' | 'uid=\\ john smith,ou=people,dc=example,dc=com'
+ 'does not strip the escaped trailing space in an attribute value' | 'uid=John Smith\\ ,ou=People,dc=example,dc=com' | 'uid=john smith\\ ,ou=people,dc=example,dc=com'
+ 'does not strip the escaped leading newline in an attribute value' | 'uid=\\\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\\\njohn smith,ou=people,dc=example,dc=com'
+ 'does not strip the escaped trailing newline in an attribute value' | 'uid=John Smith\\\n,ou=People,dc=example,dc=com' | 'uid=john smith\\\n,ou=people,dc=example,dc=com'
+ 'does not strip the unescaped leading newline in an attribute value' | 'uid=\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\njohn smith,ou=people,dc=example,dc=com'
+ 'does not strip the unescaped trailing newline in an attribute value' | 'uid=John Smith\n ,ou=People,dc=example,dc=com' | 'uid=john smith\n,ou=people,dc=example,dc=com'
+ 'does not strip non whitespace' | 'uid=John Smith,ou=People,dc=example,dc=com' | 'uid=john smith,ou=people,dc=example,dc=com'
'does not treat escaped equal signs as attribute delimiters' | 'uid= foo \\= bar' | 'uid=foo \\= bar'
- 'does not treat escaped hex equal signs as attribute delimiters' | 'uid= foo \\3D bar' | 'uid=foo \\3D bar'
- 'does not treat escaped commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\, CA' | 'uid=John C. Smith,ou=San Francisco\\, CA'
- 'does not treat escaped hex commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\2C CA' | 'uid=John C. Smith,ou=San Francisco\\2C CA'
+ 'does not treat escaped hex equal signs as attribute delimiters' | 'uid= foo \\3D bar' | 'uid=foo \\3d bar'
+ 'does not treat escaped commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\, CA' | 'uid=john c. smith,ou=san francisco\\, ca'
+ 'does not treat escaped hex commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\2C CA' | 'uid=john c. smith,ou=san francisco\\2c ca'
end
with_them do
@@ -55,20 +55,20 @@ describe Gitlab::LDAP::Person do
context 'given a UID' do
where(:test_description, :given, :expected) do
- 'strips extraneous whitespace' | ' John C. Smith ' | 'John C. Smith'
- 'strips extraneous whitespace without changing escaped characters' | ' Sebasti\\c3\\a1n\\ C.\\20Smith\\ ' | 'Sebasti\\c3\\a1n\\ C.\\20Smith\\ '
- 'does not strip the escaped leading space in an attribute value' | ' \\ John Smith ' | '\\ John Smith'
- 'does not strip the escaped trailing space in an attribute value' | ' John Smith\\ ' | 'John Smith\\ '
- 'does not strip the escaped leading newline in an attribute value' | ' \\\nJohn Smith ' | '\\\nJohn Smith'
- 'does not strip the escaped trailing newline in an attribute value' | ' John Smith\\\n ' | 'John Smith\\\n'
- 'does not strip the unescaped leading newline in an attribute value' | ' \nJohn Smith ' | '\nJohn Smith'
- 'does not strip the unescaped trailing newline in an attribute value' | ' John Smith\n ' | 'John Smith\n'
- 'does not modify casing' | ' John Smith ' | 'John Smith'
- 'does not strip non whitespace' | 'John Smith' | 'John Smith'
+ 'strips extraneous whitespace' | ' John C. Smith ' | 'john c. smith'
+ 'strips extraneous whitespace without changing escaped characters' | ' Sebasti\\c3\\a1n\\ C.\\20Smith\\ ' | 'sebasti\\c3\\a1n\\ c.\\20smith\\ '
+ 'downcases the whole string' | 'John Smith' | 'john smith'
+ 'does not strip the escaped leading space in an attribute value' | ' \\ John Smith ' | '\\ john smith'
+ 'does not strip the escaped trailing space in an attribute value' | ' John Smith\\ ' | 'john smith\\ '
+ 'does not strip the escaped leading newline in an attribute value' | ' \\\nJohn Smith ' | '\\\njohn smith'
+ 'does not strip the escaped trailing newline in an attribute value' | ' John Smith\\\n ' | 'john smith\\\n'
+ 'does not strip the unescaped leading newline in an attribute value' | ' \nJohn Smith ' | '\njohn smith'
+ 'does not strip the unescaped trailing newline in an attribute value' | ' John Smith\n ' | 'john smith\n'
+ 'does not strip non whitespace' | 'John Smith' | 'john smith'
'does not treat escaped equal signs as attribute delimiters' | ' foo \\= bar' | 'foo \\= bar'
- 'does not treat escaped hex equal signs as attribute delimiters' | ' foo \\3D bar' | 'foo \\3D bar'
- 'does not treat escaped commas as attribute delimiters' | ' Smith\\, John C.' | 'Smith\\, John C.'
- 'does not treat escaped hex commas as attribute delimiters' | ' Smith\\2C John C.' | 'Smith\\2C John C.'
+ 'does not treat escaped hex equal signs as attribute delimiters' | ' foo \\3D bar' | 'foo \\3d bar'
+ 'does not treat escaped commas as attribute delimiters' | ' Smith\\, John C.' | 'smith\\, john c.'
+ 'does not treat escaped hex commas as attribute delimiters' | ' Smith\\2C John C.' | 'smith\\2c john c.'
end
with_them do
@@ -82,20 +82,20 @@ describe Gitlab::LDAP::Person do
describe '.normalize_uid' do
context 'given a UID' do
where(:test_description, :given, :expected) do
- 'strips extraneous whitespace' | ' John C. Smith ' | 'John C. Smith'
- 'strips extraneous whitespace without changing escaped characters' | ' Sebasti\\c3\\a1n\\ C.\\20Smith\\ ' | 'Sebasti\\c3\\a1n\\ C.\\20Smith\\ '
- 'does not strip the escaped leading space in an attribute value' | ' \\ John Smith ' | '\\ John Smith'
- 'does not strip the escaped trailing space in an attribute value' | ' John Smith\\ ' | 'John Smith\\ '
- 'does not strip the escaped leading newline in an attribute value' | ' \\\nJohn Smith ' | '\\\nJohn Smith'
- 'does not strip the escaped trailing newline in an attribute value' | ' John Smith\\\n ' | 'John Smith\\\n'
- 'does not strip the unescaped leading newline in an attribute value' | ' \nJohn Smith ' | '\nJohn Smith'
- 'does not strip the unescaped trailing newline in an attribute value' | ' John Smith\n ' | 'John Smith\n'
- 'does not modify casing' | ' John Smith ' | 'John Smith'
- 'does not strip non whitespace' | 'John Smith' | 'John Smith'
+ 'strips extraneous whitespace' | ' John C. Smith ' | 'john c. smith'
+ 'strips extraneous whitespace without changing escaped characters' | ' Sebasti\\c3\\a1n\\ C.\\20Smith\\ ' | 'sebasti\\c3\\a1n\\ c.\\20smith\\ '
+ 'downcases the whole string' | 'John Smith' | 'john smith'
+ 'does not strip the escaped leading space in an attribute value' | ' \\ John Smith ' | '\\ john smith'
+ 'does not strip the escaped trailing space in an attribute value' | ' John Smith\\ ' | 'john smith\\ '
+ 'does not strip the escaped leading newline in an attribute value' | ' \\\nJohn Smith ' | '\\\njohn smith'
+ 'does not strip the escaped trailing newline in an attribute value' | ' John Smith\\\n ' | 'john smith\\\n'
+ 'does not strip the unescaped leading newline in an attribute value' | ' \nJohn Smith ' | '\njohn smith'
+ 'does not strip the unescaped trailing newline in an attribute value' | ' John Smith\n ' | 'john smith\n'
+ 'does not strip non whitespace' | 'John Smith' | 'john smith'
'does not treat escaped equal signs as attribute delimiters' | ' foo \\= bar' | 'foo \\= bar'
- 'does not treat escaped hex equal signs as attribute delimiters' | ' foo \\3D bar' | 'foo \\3D bar'
- 'does not treat escaped commas as attribute delimiters' | ' Smith\\, John C.' | 'Smith\\, John C.'
- 'does not treat escaped hex commas as attribute delimiters' | ' Smith\\2C John C.' | 'Smith\\2C John C.'
+ 'does not treat escaped hex equal signs as attribute delimiters' | ' foo \\3D bar' | 'foo \\3d bar'
+ 'does not treat escaped commas as attribute delimiters' | ' Smith\\, John C.' | 'smith\\, john c.'
+ 'does not treat escaped hex commas as attribute delimiters' | ' Smith\\2C John C.' | 'smith\\2c john c.'
end
with_them do
@@ -114,24 +114,24 @@ describe Gitlab::LDAP::Person do
# I am not sure if it matters to us or anyone else, so rather than dig
# through RFCs, I am only documenting the behavior here.
where(:test_description, :given, :expected) do
- 'strips extraneous whitespace' | 'uid =John Smith , ou = People, dc= example,dc =com' | 'uid=John Smith,ou=People,dc=example,dc=com'
- 'strips extraneous whitespace for a DN with a single RDN' | 'uid = John Smith' | 'uid=John Smith'
- 'strips extraneous whitespace without changing escaped characters' | 'uid = Sebasti\\c3\\a1n\\ C.\\20Smith\\ , ou=People (aka. \\22humans\\") ,dc=example, dc=com' | 'uid=Sebasti\\c3\\a1n\\ C.\\20Smith\\ ,ou=People (aka. \\22humans\\"),dc=example,dc=com'
- 'strips extraneous whitespace without modifying the multivalued RDN' | 'uid = John Smith + telephoneNumber = +1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=John Smith+telephoneNumber=+1 555-555-5555,ou=People,dc=example,dc=com'
- 'strips the space after the plus sign in the telephoneNumber' | 'uid = John Smith + telephoneNumber = + 1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=John Smith+telephoneNumber=+1 555-555-5555,ou=People,dc=example,dc=com'
+ 'strips extraneous whitespace' | 'uid =John Smith , ou = People, dc= example,dc =com' | 'uid=john smith,ou=people,dc=example,dc=com'
+ 'strips extraneous whitespace for a DN with a single RDN' | 'uid = John Smith' | 'uid=john smith'
+ 'strips extraneous whitespace without changing escaped characters' | 'uid = Sebasti\\c3\\a1n\\ C.\\20Smith\\ , ou=People (aka. \\22humans\\") ,dc=example, dc=com' | 'uid=sebasti\\c3\\a1n\\ c.\\20smith\\ ,ou=people (aka. \\22humans\\"),dc=example,dc=com'
+ 'strips extraneous whitespace without modifying the multivalued RDN' | 'uid = John Smith + telephoneNumber = +1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=john smith+telephonenumber=+1 555-555-5555,ou=people,dc=example,dc=com'
+ 'strips the space after the plus sign in the telephoneNumber' | 'uid = John Smith + telephoneNumber = + 1 555-555-5555 , ou = People,dc=example,dc=com' | 'uid=john smith+telephonenumber=+1 555-555-5555,ou=people,dc=example,dc=com'
+ 'downcases the whole string' | 'UID=John Smith,ou=People,dc=example,dc=com' | 'uid=john smith,ou=people,dc=example,dc=com'
'for a null DN (empty string), returns empty string and does not error' | '' | ''
- 'does not strip the escaped leading space in an attribute value (and does not error like Net::LDAP::DN.new does)' | 'uid=\\ John Smith,ou=People,dc=example,dc=com' | 'uid=\\ John Smith,ou=People,dc=example,dc=com'
- 'does not strip the escaped trailing space in an attribute value' | 'uid=John Smith\\ ,ou=People,dc=example,dc=com' | 'uid=John Smith\\ ,ou=People,dc=example,dc=com'
- 'does not strip the escaped leading newline in an attribute value' | 'uid=\\\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\\\nJohn Smith,ou=People,dc=example,dc=com'
- 'does not strip the escaped trailing newline in an attribute value' | 'uid=John Smith\\\n,ou=People,dc=example,dc=com' | 'uid=John Smith\\\n,ou=People,dc=example,dc=com'
- 'does not strip the unescaped leading newline in an attribute value' | 'uid=\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\nJohn Smith,ou=People,dc=example,dc=com'
- 'does not strip the unescaped trailing newline in an attribute value' | 'uid=John Smith\n ,ou=People,dc=example,dc=com' | 'uid=John Smith\n,ou=People,dc=example,dc=com'
- 'does not modify casing' | 'UID=John Smith,ou=People,dc=example,dc=com' | 'UID=John Smith,ou=People,dc=example,dc=com'
- 'does not strip non whitespace' | 'uid=John Smith,ou=People,dc=example,dc=com' | 'uid=John Smith,ou=People,dc=example,dc=com'
+ 'does not strip the escaped leading space in an attribute value (and does not error like Net::LDAP::DN.new does)' | 'uid=\\ John Smith,ou=People,dc=example,dc=com' | 'uid=\\ john smith,ou=people,dc=example,dc=com'
+ 'does not strip the escaped trailing space in an attribute value' | 'uid=John Smith\\ ,ou=People,dc=example,dc=com' | 'uid=john smith\\ ,ou=people,dc=example,dc=com'
+ 'does not strip the escaped leading newline in an attribute value' | 'uid=\\\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\\\njohn smith,ou=people,dc=example,dc=com'
+ 'does not strip the escaped trailing newline in an attribute value' | 'uid=John Smith\\\n,ou=People,dc=example,dc=com' | 'uid=john smith\\\n,ou=people,dc=example,dc=com'
+ 'does not strip the unescaped leading newline in an attribute value' | 'uid=\nJohn Smith,ou=People,dc=example,dc=com' | 'uid=\njohn smith,ou=people,dc=example,dc=com'
+ 'does not strip the unescaped trailing newline in an attribute value' | 'uid=John Smith\n ,ou=People,dc=example,dc=com' | 'uid=john smith\n,ou=people,dc=example,dc=com'
+ 'does not strip non whitespace' | 'uid=John Smith,ou=People,dc=example,dc=com' | 'uid=john smith,ou=people,dc=example,dc=com'
'does not treat escaped equal signs as attribute delimiters' | 'uid= foo \\= bar' | 'uid=foo \\= bar'
- 'does not treat escaped hex equal signs as attribute delimiters' | 'uid= foo \\3D bar' | 'uid=foo \\3D bar'
- 'does not treat escaped commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\, CA' | 'uid=John C. Smith,ou=San Francisco\\, CA'
- 'does not treat escaped hex commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\2C CA' | 'uid=John C. Smith,ou=San Francisco\\2C CA'
+ 'does not treat escaped hex equal signs as attribute delimiters' | 'uid= foo \\3D bar' | 'uid=foo \\3d bar'
+ 'does not treat escaped commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\, CA' | 'uid=john c. smith,ou=san francisco\\, ca'
+ 'does not treat escaped hex commas as attribute delimiters' | 'uid= John C. Smith, ou=San Francisco\\2C CA' | 'uid=john c. smith,ou=san francisco\\2c ca'
end
with_them do