Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-16 16:00:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement Openfire username escaping (#703)

Browse Source 
* Fix openfire username sanitize function

* Use escaping instead of stripping characters
This commit is contained in:
Basraah 2017-02-10 13:30:57 +10:00 committed by GitHub
parent ff1c2030ca
commit 489b9a601d
2 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
services/modules/openfire/manager.py
View File

@ -37,9 +37,30 @@ class OpenfireManager:
return completed_username return completed_username
@staticmethod @staticmethod
def __santatize_username(username): def __sanitize_username(username):
sanatized = username.replace(" ", "_") # https://xmpp.org/extensions/xep-0106.html#escaping
return sanatized.lower() replace = [
("\\", "\\5c"), # Escape backslashes first to double escape existing escape sequences
("\"", "\\22"),
("&", "\\26"),
("'", "\\27"),
("/", "\\2f"),
(":", "\\3a"),
("<", "\\3c"),
(">", "\\3e"),
("@", "\\40"),
("\u007F", ""),
("\uFFFE", ""),
("\uFFFF", ""),
(" ", "\\20"),
]
sanitized = username.strip(' ')
for find, rep in replace:
sanitized = sanitized.replace(find, rep)
return sanitized
@staticmethod @staticmethod
def __generate_random_pass(): def __generate_random_pass():
@ -54,17 +75,17 @@ class OpenfireManager:
def add_user(username): def add_user(username):
logger.debug("Adding username %s to openfire." % username) logger.debug("Adding username %s to openfire." % username)
try: try:
sanatized_username = OpenfireManager.__santatize_username(username) sanitized_username = OpenfireManager.__sanitize_username(username)
password = OpenfireManager.__generate_random_pass() password = OpenfireManager.__generate_random_pass()
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY) api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
api.add_user(sanatized_username, password) api.add_user(sanitized_username, password)
logger.info("Added openfire user %s" % username) logger.info("Added openfire user %s" % username)
except exception.UserAlreadyExistsException: except exception.UserAlreadyExistsException:
# User exist # User exist
logger.error("Attempting to add a user %s to openfire which already exists on server." % username) logger.error("Attempting to add a user %s to openfire which already exists on server." % username)
return "", "" return "", ""
return sanatized_username, password return sanitized_username, password
@staticmethod @staticmethod
def delete_user(username): def delete_user(username):

7
services/modules/openfire/tests.py
View File

@ -205,3 +205,10 @@ class OpenfireManagerTestCase(TestCase):
self.assertEqual(len(password), 16) self.assertEqual(len(password), 16)
self.assertIsInstance(password, type('')) self.assertIsInstance(password, type(''))
def test__sanitize_username(self):
test_username = " My_Test User\"'&/:<>@name\\20name"
result_username = self.manager._OpenfireManager__sanitize_username(test_username)
self.assertEqual(result_username, 'My_Test\\20User\\22\\27\\26\\2f\\3a\\3c\\3e\\40name\\5c20name')