Apache Allura™ / Tickets / #7787 Ldap error when logging in with unicode in username or password

#7787 Ldap error when logging in with unicode in username or password

Milestone: v1.2.0

Status: closed

Owner: Igor Bondarenko

Labels: 42cc (432) sf-1 (616)

Component: General

Reviewer: Dave Brondsema

Updated: 2015-08-20

Created: 2014-10-30

Creator: Dave Brondsema

Private: No

The following error occurs with unicode in username or in password fields.

Since most LDAP systems aren't going to allow unicode usernames, I think its best to catch this situation ahead of time and provide a relevant error message, so the user can fix their input. Note that the unicode char may even be a hidden left-to-right marker for example, so an explicit message about unicode or non-ascii may be helpful.

For password, we should handle it. (The password change form lets you change it to unicode successfully)

File '/home/dbrondsema/dbrondsema-1019/forge/Allura/allura/lib/plugin.py', line 578 in _validate_password
  con = ldap_conn(ldap_user, password)
File '/home/dbrondsema/dbrondsema-1019/forge/Allura/allura/lib/plugin.py', line 427 in ldap_conn
  cred or config['auth.ldap.admin_password'])
File '/var/local/env-allura/lib/python2.7/site-packages/TimerMiddleware-0.4.4-py2.7.egg/timermiddleware/__init__.py', line 117 in wrapper
  return self.run_and_log(func, inst, *args, **kwargs)
File '/var/local/env-allura/lib/python2.7/site-packages/TimerMiddleware-0.4.4-py2.7.egg/timermiddleware/__init__.py', line 126 in run_and_log
  return func(*args, **kwargs)
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 222 in bind_s
  msgid = self.bind(who,cred,method)
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 216 in bind
  return self.simple_bind(who,cred)
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 201 in simple_bind
  return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 99 in _ldap_call
  result = func(*args,**kwargs)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 4-6: ordinal not in range(128)

Discussion

summary: Ldap error when logging in with unicode in username field --> Ldap error when logging in with unicode in username or password
Description has changed:

Diff:

--- old
+++ new
@@ -1,4 +1,8 @@
+The following error occurs with unicode in username or in password fields.
+
 Since most LDAP systems aren't going to allow unicode usernames, I think its best to catch this situation ahead of time and provide a relevant error message, so the user can fix their input.  Note that the unicode char may even be a hidden left-to-right marker for example, so an explicit message about unicode or non-ascii may be helpful.
+
+For password, we should handle it.  (The password change form lets you change it to unicode successfully)

 ~~~~
 File '/home/dbrondsema/dbrondsema-1019/forge/Allura/allura/lib/plugin.py', line 578 in _validate_password

Dave Brondsema - 2014-11-17

labels: --> sf-current
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-11-17

labels: sf-current --> sf-current, sf-1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-11-18

I have a fix related to the error handling that happens here: to show a proper error page instead of a weird 301 error, when there is an error on /auth. It is committed on db/7787

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-11-18

Owner: Anonymous --> Igor Bondarenko

Labels: sf-current, sf-1 --> 42cc, sf-current, sf-1

Status: open --> in-progress
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-11-20

status: in-progress --> review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-11-20

Closed #689. ib/7787

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-11-20

status: review --> closed

Reviewer: Dave Brondsema
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-12-01

labels: 42cc, sf-current, sf-1 --> 42cc, sf-1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-01-05

Milestone: unreleased --> asf_release_1.2.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apache Allura™

Forge software for hosting software projects

Milestone

Searches

Help

#7787 Ldap error when logging in with unicode in username or password

Discussion