Fix issues with user setup in the scripts backend

In particular:
* Properly escape usernames before passing them to LDAP
* Error out if the user can't be found

In theory, neither should be an issue, because this should only get called if
certs are in use, so the username should be sane and present in LDAP.

Thanks to Anders for bringing the first issue to my attention.

diff --git a/django/mit/__init__.py b/django/mit/__init__.py
index 78ba4de675676d3dc2f808bff66928a71de4cbe7..1a19dc8aa42fe4fd599863ea45b068cd2273844b 100644 (file)
--- a/django/mit/__init__.py
+++ b/django/mit/__init__.py
@@ -1,4 +1,6 @@
 import subprocess
+import ldap
+import ldap.filter
 
 from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.contrib.auth.backends import RemoteUserBackend
@@ -26,12 +28,12 @@ class ScriptsRemoteUserBackend(RemoteUserBackend):
     def configure_user(self, user, ):
         username = user.username
         user.password = "ScriptsSSLAuth"
-        import ldap
         con = ldap.open('ldap.mit.edu')
         con.simple_bind_s("", "")
         dn = "dc=mit,dc=edu"
         fields = ['cn', 'sn', 'givenName', 'mail', ]
-        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields)
+        userfilter = ldap.filter.filter_format('uid=%s', [username])
+        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
         if len(result) == 1:
             user.first_name = result[0][1]['givenName'][0]
             user.last_name = result[0][1]['sn'][0]
@@ -40,6 +42,8 @@ class ScriptsRemoteUserBackend(RemoteUserBackend):
                 user.groups.add(auth.models.Group.objects.get(name='mit'))
             except ObjectDoesNotExist:
                 print "Failed to retrieve mit group"
+        else:
+            raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
         try:
             user.groups.add(auth.models.Group.objects.get(name='autocreated'))
         except ObjectDoesNotExist: