Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug when user cn has utf8 characters #61

Closed
ansibleguy76 opened this issue Feb 8, 2024 · 8 comments
Closed

Bug when user cn has utf8 characters #61

ansibleguy76 opened this issue Feb 8, 2024 · 8 comments

Comments

@ansibleguy76
Copy link

Add function :

function unescapeLdapResult(ldapResult) {
  // Regular expression to match the escaped sequences
  const regex = /\\([0-9a-fA-F]{2})\\([0-9a-fA-F]{2})/g;

  // Replace each escaped sequence with its Unicode character
  return ldapResult.replace(regex, (match, p1, p2) => {
      // Convert the hex codes to a Buffer
      const bytes = Buffer.from([parseInt(p1, 16), parseInt(p2, 16)]);
      // Convert the Buffer to a UTF-8 String
      return bytes.toString('utf8');
  });
}

and use it to unescape the result :

  ldapAdminClient.unbind()
  if (!user || !user.dn) {
    ldapOpts.log &&
      ldapOpts.log.trace(
        `admin did not find user! (${usernameAttribute}=${username})`
      )
    throw new LdapAuthenticationError(
      'user not found or usernameAttribute is wrong'
    )
  }
  var userDn = user.dn
  userDn = unescapeLdapResult(userDn)
  let ldapUserClient
  try {
    ldapUserClient = await _ldapBind(userDn, userPassword, starttls, ldapOpts)
  } catch (error) {
    throw error
  }
  ldapUserClient.unbind()
  if (groupsSearchBase && groupClass && groupMemberAttribute) {
    try {
      ldapAdminClient = await _ldapBind(
@shaozi
Copy link
Owner

shaozi commented Jun 19, 2024

I would like to understand more about this patch:

  • Can you give an example of a utf-8 DN?
  • How do you know the DN is hex coded, not regular string happened to look like a hex string?

@ansibleguy76
Copy link
Author

i went into the code of ldap.js and noticed that they return encoded utf8 chars. which wasn't handled in your code. if you would patch your code, i can use npm again.

i will try to simulate a user later

@shaozi
Copy link
Owner

shaozi commented Jun 19, 2024

Can you be kindly to point me to where in the ldapjs code that it return encoded utf8?

@shaozi
Copy link
Owner

shaozi commented Jun 19, 2024

ok. I think I get what you mean. The return string from ldapjs will be backslash escaped hex if the result have utf encode runes. like this:
'cn=\\e7\\a0\\94\\e5\\8f\\91A\\e9\\83\\a8,ou=users,dc=example,dc=com'
Your method may not be enough to decode it. We need a better way.

@shaozi shaozi mentioned this issue Jun 20, 2024
Merged
@shaozi
Copy link
Owner

shaozi commented Jun 20, 2024

fixed by merge #66

@shaozi shaozi closed this as completed Jun 20, 2024
@ansibleguy76
Copy link
Author

Hi,
I tested your 3.2.1 version from npm
Did this fix make it ? Because I still have the same issue. If I fall back to my verions, it work.

@ansibleguy76
Copy link
Author

Seems not, I copied your code manually, and it works too.

@shaozi
Copy link
Owner

shaozi commented Jun 23, 2024

just published 3.2.2 which has the fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shaozi @ansibleguy76