From b477b8237323da083784c2b8169191094b355fce Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 23 Jul 2018 18:47:06 -0700 Subject: [PATCH] checks if search_s in fact returns dictionary, just in case client disabled referall chasing --- flask_simpleldap/__init__.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/flask_simpleldap/__init__.py b/flask_simpleldap/__init__.py index 82ae17f..a823dcb 100644 --- a/flask_simpleldap/__init__.py +++ b/flask_simpleldap/__init__.py @@ -34,7 +34,6 @@ def init_app(app): :param flask.Flask app: the application to configure for use with this :class:`~LDAP` """ - app.config.setdefault('LDAP_HOST', 'localhost') app.config.setdefault('LDAP_PORT', 389) app.config.setdefault('LDAP_SCHEMA', 'ldap') @@ -163,7 +162,6 @@ def get_object_details(self, user=None, group=None, dn_only=False): :param bool dn_only: If we should only retrieve the object's distinguished name or not. Default: ``False``. """ - query = None fields = None if user is not None: @@ -180,7 +178,6 @@ def get_object_details(self, user=None, group=None, dn_only=False): try: records = conn.search_s(current_app.config['LDAP_BASE_DN'], ldap.SCOPE_SUBTREE, query, fields) - conn.unbind_s() result = {} if records: @@ -194,9 +191,10 @@ def get_object_details(self, user=None, group=None, dn_only=False): dn = records[0][1][ current_app.config['LDAP_OBJECTS_DN']] return dn[0] - for k, v in list(records[0][1].items()): - result[k] = v - return result + if type(records[0][1]) == 'dict': + for k, v in list(records[0][1].items()): + result[k] = v + return result except ldap.LDAPError as e: raise LDAPException(self.error(e.args)) @@ -368,7 +366,6 @@ def wrapped(*args, **kwargs): else: req_username = request.authorization.username req_password = request.authorization.password - # Many LDAP servers will grant you anonymous access if you log in # with an empty password, even if you supply a non-anonymous user # ID, causing .bind_user() to return True. Therefore, only accept