santize user input and ldap records

luser/models.py

@@ -25,8 +25,11 @@ class LUSER():
 
         for i in alluids:
             i_uid = i['attributes']['uidNumber']
-            if int(i_uid) > max:
+            if type(i_uid) is str or type(i_uid) is int:
-                max = int(i_uid)
+                i_uid = int(i_uid)
+
+                if i_uid > max:
+                    max = i_uid
 
         return max
 
@@ -224,4 +227,9 @@ class LUSER():
         self.ldapconnection.search(search_base=self.base,search_filter=f'(&(objectClass=inetOrgPerson)(uid={user}))', attributes=['userPassword'])
 
         # Return userPassword attribute from the response
-        return self.ldapconnection.response[0]['attributes']['userPassword'][0].decode('utf-8')
+        userpass = self.ldapconnection.response[0]['attributes']['userPassword'][0]
+        
+        if type(userpass) is bytes:
+            userpass = userpass.decode('utf-8')
+
+        return userpass

luser/routes.py

@@ -127,8 +127,8 @@ def register():
             return 'Error: uppercase characters in username are not allowed'
 
         # Check lenght of username
-        if len(username) < 1:
+        if len(username) < 1 or len(username) > 30:
-            return 'Error: username is too short'
+            return 'Error: username has to be between 1 and 30 characters long'
 
         # Check if username is alphanumeric
         if not username.isalnum():