Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

services: slugify before DB lookup #48

Closed
wants to merge 1 commit into from
Closed

services: slugify before DB lookup #48

wants to merge 1 commit into from

Conversation

veox
Copy link

@veox veox commented Dec 1, 2016

In ldap_register(), LDAP binding has already been performed, and the user is allowed to authenticate. However, the current logic is to look up the user entry in local DB using the string from the login form. If the latter fails, creating a new user is attempted - which might have been already created!

This still does not allow special characters (as in #43, which can be unsafe), but does address the underlying issue.

Should fix #15, #17, #45, and make #43 obsolete.

This PR conflicts with #47 due to whitespace changes in the latter. If either gets merged first, I can rebase the other one.

@veox
services: slugify before DB lookup.
b87b358 
In `ldap_register()`, LDAP binding has already been performed,
and the user is allowed to authenticate. However, the current
logic is to look up the user entry in local DB using the string
from the login form. If the latter fails, creating a new user
is attempted - which might have been already created!

This still does not allow special characters (as in ensky#43, which
can be unsafe), but does address the underlying issue.

Should fix ensky#15, ensky#17, ensky#45, and make ensky#43 obsolete.
@veox veox changed the title services: slugify before DB lookup. services: slugify before DB lookup Dec 1, 2016
@veox veox mentioned this pull request Dec 1, 2016
Open
@pstreef
Copy link

pstreef commented Dec 8, 2016

This does not seem to work for me.

It looks like slugify_uniquely() creates a unique instance of an object for a model. Meaning it ads "-1" or probably something similar when the name exists for the model (user_model).

peter.streef becomes peterstreef the first time. but the second it becomes peterstreef-1. which does not exist (when getting) so it still tries to create a new one.

As a fix I now just remove the known characters in the ldap server ("." and "-") with a replace from the username.

@veox
Copy link
Author

veox commented Dec 8, 2016

Looks like I opened this PR without sufficient testing. :( Thanks @pstreef - I'll close this and reopen if fixed.

@veox veox closed this Dec 8, 2016
@veox
Copy link
Author

veox commented Mar 9, 2017
edited
Loading

@pstreef Well, there seems to be a general disconnect between LDAP and Taiga in this case, arising from the need to map usernames, determined by the LDAP schema and dependent on the schema used, to Taiga/Django unique user identifiers, currently determined by unique_slugify() implementation.

The best I've come up with is a "pre-slugify" _slugify(), which is ugly, but might work.

It's different from your approach in constraning at the time of LDAP registration.

I won't be submitting a PR for this, seeing how development here is stalled. I've moved my own development to the organisation that I'm doing this work for instead (if relevant, see link above).

@veox
Copy link
Author

veox commented Mar 10, 2017
edited
Loading

Slept on it. Understood that this might as well just be a config option, e.g. LDAP_SLUGIFY or the like, with a function. Will rework.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Login failed at the second time
2 participants
@veox @pstreef