Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2026-01-26 17:30:00 +01:00
Code Issues Packages Projects Releases Activity

Merge r24366 from trunk to 6.0-stable (#43692).

Browse Source 
git-svn-id: https://svn.redmine.org/redmine/branches/6.0-stable@24371 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Marius Balteanu
2026-01-26 06:04:30 +00:00
parent 85c0ae96ba
commit def0d56e4f
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/auth_source_ldap.rb
View File

@@ -228,7 +228,7 @@ class AuthSourceLdap < AuthSource
ldap_con = initialize_ldap_con(self.account, self.account_password)
end
attrs = {}
search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
search_filter = base_filter & Net::LDAP::Filter.equals(self.attr_login, login)
ldap_con.search(:base => self.base_dn,
:filter => search_filter,
:attributes=> search_attributes) do |entry|

7
test/unit/auth_source_ldap_test.rb
View File

@@ -161,6 +161,13 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
assert_nil auth.authenticate('edavis', '123456')
end
test '#authenticate with special characters in login should not allow filter manipulation' do
auth = AuthSourceLdap.find(1)
result = auth.authenticate("*", "123456")
assert_nil result
end
def test_authenticate_should_timeout
auth_source = AuthSourceLdap.find(1)
auth_source.timeout = 1