#7787 Ldap error when logging in with unicode in username or password

v1.2.0
closed
General
2015-08-20
2014-10-30
No

The following error occurs with unicode in username or in password fields.

Since most LDAP systems aren't going to allow unicode usernames, I think its best to catch this situation ahead of time and provide a relevant error message, so the user can fix their input. Note that the unicode char may even be a hidden left-to-right marker for example, so an explicit message about unicode or non-ascii may be helpful.

For password, we should handle it. (The password change form lets you change it to unicode successfully)

File '/home/dbrondsema/dbrondsema-1019/forge/Allura/allura/lib/plugin.py', line 578 in _validate_password
  con = ldap_conn(ldap_user, password)
File '/home/dbrondsema/dbrondsema-1019/forge/Allura/allura/lib/plugin.py', line 427 in ldap_conn
  cred or config['auth.ldap.admin_password'])
File '/var/local/env-allura/lib/python2.7/site-packages/TimerMiddleware-0.4.4-py2.7.egg/timermiddleware/__init__.py', line 117 in wrapper
  return self.run_and_log(func, inst, *args, **kwargs)
File '/var/local/env-allura/lib/python2.7/site-packages/TimerMiddleware-0.4.4-py2.7.egg/timermiddleware/__init__.py', line 126 in run_and_log
  return func(*args, **kwargs)
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 222 in bind_s
  msgid = self.bind(who,cred,method)
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 216 in bind
  return self.simple_bind(who,cred)
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 201 in simple_bind
  return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
File '/var/local/env-allura/lib/python2.7/site-packages/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py', line 99 in _ldap_call
  result = func(*args,**kwargs)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 4-6: ordinal not in range(128)

Discussion

  • Dave Brondsema

    Dave Brondsema - 2014-11-12
    • summary: Ldap error when logging in with unicode in username field --> Ldap error when logging in with unicode in username or password
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,4 +1,8 @@
    +The following error occurs with unicode in username or in password fields.
    +
     Since most LDAP systems aren't going to allow unicode usernames, I think its best to catch this situation ahead of time and provide a relevant error message, so the user can fix their input.  Note that the unicode char may even be a hidden left-to-right marker for example, so an explicit message about unicode or non-ascii may be helpful.
    +
    +For password, we should handle it.  (The password change form lets you change it to unicode successfully)
    
     ~~~~
     File '/home/dbrondsema/dbrondsema-1019/forge/Allura/allura/lib/plugin.py', line 578 in _validate_password
    
     
  • Dave Brondsema

    Dave Brondsema - 2014-11-17
    • labels: --> sf-current
     
  • Dave Brondsema

    Dave Brondsema - 2014-11-17
    • labels: sf-current --> sf-current, sf-1
     
  • Dave Brondsema

    Dave Brondsema - 2014-11-18

    I have a fix related to the error handling that happens here: to show a proper error page instead of a weird 301 error, when there is an error on /auth. It is committed on db/7787

     
  • Igor Bondarenko

    Igor Bondarenko - 2014-11-18
    • Owner: Anonymous --> Igor Bondarenko
    • Labels: sf-current, sf-1 --> 42cc, sf-current, sf-1
    • Status: open --> in-progress
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-11-20
    • status: in-progress --> review
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-11-20

    Closed #689. ib/7787

     
  • Dave Brondsema

    Dave Brondsema - 2014-11-20
    • status: review --> closed
    • Reviewer: Dave Brondsema
     
  • Dave Brondsema

    Dave Brondsema - 2014-12-01
    • labels: 42cc, sf-current, sf-1 --> 42cc, sf-1
     
  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0
     

Log in to post a comment.