From 18785dad91140cc331a2f3a50e49254cb9002173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Fri, 5 Jun 2020 23:43:16 +0200 Subject: [PATCH] fixed ##261 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit hier wird nun der username auf casesensitiv überprüft. --- geruecht/controller/databaseController/dbUserController.py | 5 ++++- geruecht/controller/ldapController.py | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/geruecht/controller/databaseController/dbUserController.py b/geruecht/controller/databaseController/dbUserController.py index 08f2d9d..e88940a 100644 --- a/geruecht/controller/databaseController/dbUserController.py +++ b/geruecht/controller/databaseController/dbUserController.py @@ -38,7 +38,10 @@ class Base: retVal.initGeruechte(creditLists) if workgroups: retVal.workgroups = self.getWorkgroupsOfUser(retVal.id) - return retVal + if retVal.uid == username: + return retVal + else: + return None except Exception as err: traceback.print_exc() self.db.connection.rollback() diff --git a/geruecht/controller/ldapController.py b/geruecht/controller/ldapController.py index ca204b2..6769995 100644 --- a/geruecht/controller/ldapController.py +++ b/geruecht/controller/ldapController.py @@ -52,12 +52,15 @@ class LDAPController(metaclass=Singleton): 'dn': self.ldap.connection.response[0]['dn'], 'firstname': user['givenName'][0], 'lastname': user['sn'][0], - 'uid': username, + 'uid': user['uid'][0], } if user['mail']: retVal['mail'] = user['mail'][0] debug.debug("user is {{ {} }}".format(retVal)) - return retVal + if retVal['uid'] == username: + return retVal + else: + raise Exception() except: debug.warning("exception in get user data from ldap", exc_info=True) raise PermissionDenied("No User exists with this uid.")