Decentrala/luser
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add integrity checks for user input

Browse Source
This commit is contained in:
fram3d 2024-01-04 08:22:17 +01:00
parent 7f1ab45d53
commit 1da508d0d6
Signed by: fram3d
GPG Key ID: 938920E709EEA32A
5 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build-deb/Makefile
View File

@ -11,6 +11,7 @@ deb: man ../requirments.txt ../run.py ../luser ../LICENSE
chmod -w luser/DEBIAN/* chmod -w luser/DEBIAN/*
chmod +w luser/DEBIAN/control chmod +w luser/DEBIAN/control
dpkg-deb --build luser dpkg-deb --build luser
chmod +w luser/DEBIAN/*
clean: clean:
rm -f luser.deb rm -f luser.deb
rm -f man/luser.1 rm -f man/luser.1

2
build-deb/luser/DEBIAN/control
View File

@ -8,4 +8,4 @@ Depends: python3-flask, python3-ldap3, gunicorn, imagemagick, python3-passlib
Homepage: https://gitea.dmz.rs/fram3d/luser Homepage: https://gitea.dmz.rs/fram3d/luser
Maintainer: fram3d <fram3d@dmz.rs> Maintainer: fram3d <fram3d@dmz.rs>
Description: Web app that allows users to add,remove and change passwords in LDAP system Description: Web app that allows users to add,remove and change passwords in LDAP system
Version: 1.0.4 Version: 1.0.7

2
build-deb/luser/DEBIAN/prerm
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
/sbin/service luser stop /sbin/service luser stop
/usr/bin/systemdctl disable luser.service /usr/bin/systemctl disable luser.service
if [ -f /var/luser/luser/config.ini ] ; then if [ -f /var/luser/luser/config.ini ] ; then
cp /var/luser/luser/config.ini /tmp/oldluserconfig.ini cp /var/luser/luser/config.ini /tmp/oldluserconfig.ini
fi fi

4
luser/models.py
View File

@ -25,8 +25,8 @@ class LUSER():
for i in alluids: for i in alluids:
i_uid = i['attributes']['uidNumber'] i_uid = i['attributes']['uidNumber']
if i_uid > max: if int(i_uid) > max:
max = i_uid max = int(i_uid)
return max return max

10
luser/routes.py
View File

@ -118,7 +118,7 @@ def register():
if len(password) < 8: if len(password) < 8:
return 'Error: password is too short' return 'Error: password is too short'
# Check lenght of password # Check if passwords matches
if password != confirmpassword: if password != confirmpassword:
return 'Error: passwords do not match' return 'Error: passwords do not match'
@ -126,6 +126,14 @@ def register():
if username.islower() == False: if username.islower() == False:
return 'Error: uppercase characters in username are not allowed' return 'Error: uppercase characters in username are not allowed'
# Check lenght of username
if len(username) < 1:
return 'Error: username is too short'
# Check if username is alphanumeric
if not username.isalnum():
return 'Error: username can only contain letters and numbers'
# Create a LUSER connection # Create a LUSER connection
luser = LUSER(LDAPHOST,LDAPADMINNAME,LDAPPASS,USERBASE,ALTUSERBASE) luser = LUSER(LDAPHOST,LDAPADMINNAME,LDAPPASS,USERBASE,ALTUSERBASE)
# Try to add user # Try to add user