cqrenet/mxids
3
0
Fork 0
Code Pull Requests 10 Actions Releases Activity

LDAP backend: protect against empty username

Browse Source
This commit is contained in:
Maxime Dor
2017-09-18 12:51:36 +02:00
parent 9e8dade238
commit 00a00be692
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/groovy/io/kamax/mxisd/backend/ldap/LdapAuthProvider.java
View File

@@ -63,6 +63,11 @@ public class LdapAuthProvider extends LdapGenericBackend implements Authenticato
String uidType = getCfg().getAttribute().getUid().getType(); String uidType = getCfg().getAttribute().getUid().getType();
String userFilterValue = StringUtils.equals(LdapThreePidProvider.UID, uidType) ? mxid.getLocalPart() : mxid.getId(); String userFilterValue = StringUtils.equals(LdapThreePidProvider.UID, uidType) ? mxid.getLocalPart() : mxid.getId();
if (StringUtils.isBlank(userFilterValue)) {
log.warn("Username is empty, failing auth");
return BackendAuthResult.failure();
}
String userFilter = "(" + getCfg().getAttribute().getUid().getValue() + "=" + userFilterValue + ")"; String userFilter = "(" + getCfg().getAttribute().getUid().getValue() + "=" + userFilterValue + ")";
if (!StringUtils.isBlank(getCfg().getAuth().getFilter())) { if (!StringUtils.isBlank(getCfg().getAuth().getFilter())) {
userFilter = "(&" + getCfg().getAuth().getFilter() + userFilter + ")"; userFilter = "(&" + getCfg().getAuth().getFilter() + userFilter + ")";