# HG changeset patch # User Thomas De Schampheleire # Date 1584908543 -3600 # Node ID 6f9970a3619086509dd190a771bd862d21d3437a # Parent 7a939ea3510aa4464103b030f909be14851584a4 auth_ldap: fix interpretation of LDAP attributes in Python 3 The python-ldap module returns the LDAP attribute names as strings, and the attribute values as arrays of bytes, e.g. for email: 'mail': [b'john.doe@example.com'], See https://www.python-ldap.org/en/latest/bytes_mode.html, particularly: https://www.python-ldap.org/en/latest/bytes_mode.html#what-s-text-and-what-s-bytes Due to a missing conversion from bytes to unicode for the attribute values obtained from LDAP, storing the values in a unicode field in the database would fail. It would apparently either store a repr of the bytes or store them in some other way. Upon user login, SQLAlchemy warned about this: .../sqlalchemy/sql/sqltypes.py:269: SAWarning: Unicode type received non-unicode bind param value b'John'. (this warning may be suppressed after 10 occurrences) .../sqlalchemy/sql/sqltypes.py:269: SAWarning: Unicode type received non-unicode bind param value b'Doe'. (this warning may be suppressed after 10 occurrences) In PostgreSQL, this would result in 'weird' values for first name, last name, and email fields, both in the database and the web UI, e.g. firstname: \x4a6f686e lastname: \x446f65 email: \x6a6f686e406578616d706c652e636f6d These values represent the actual values in hexadecimal, e.g. \x4a6f686e = 0x4a 0x6f 0x68 0x6e = J o h n In SQLite, the problem initially shows differently, as an exception in gravatar_url(): File "_base_root_html", line 207, in render_body File "_index_html", line 78, in render_header_menu File "_base_base_html", line 479, in render_menu File ".../kallithea/lib/helpers.py", line 908, in gravatar_div gravatar(email_address, cls=cls, size=size))) File ".../kallithea/lib/helpers.py", line 923, in gravatar src = gravatar_url(email_address, size * 2) File ".../kallithea/lib/helpers.py", line 956, in gravatar_url .replace('{email}', email_address) \ TypeError: replace() argument 2 must be str, not bytes but nevertheless the root cause of the problem is the same. Fix the problem by converting the LDAP attributes from bytes to strings. diff -r 7a939ea3510a -r 6f9970a36190 kallithea/lib/auth_modules/auth_ldap.py --- a/kallithea/lib/auth_modules/auth_ldap.py Tue Mar 17 17:29:57 2020 +0100 +++ b/kallithea/lib/auth_modules/auth_ldap.py Sun Mar 22 21:22:23 2020 +0100 @@ -31,6 +31,7 @@ from kallithea.lib import auth_modules from kallithea.lib.compat import hybrid_property from kallithea.lib.exceptions import LdapConnectionError, LdapImportError, LdapPasswordError, LdapUsernameError +from kallithea.lib.utils2 import safe_str log = logging.getLogger(__name__) @@ -328,7 +329,7 @@ log.debug('Got ldap DN response %s', user_dn) def get_ldap_attr(k): - return ldap_attrs.get(settings.get(k), [''])[0] + return safe_str(ldap_attrs.get(settings.get(k), [b''])[0]) # old attrs fetched from Kallithea database admin = getattr(userobj, 'admin', False)