Limit permission and selfservice names to alphanumerics, -, _, space

The DN and ACI code doesn't always escape special characters properly. Rather than trying to fix it, this patch takes the easy way out and enforces that the names are safe. https://fedorahosted.org/freeipa/ticket/2585
2025-02-25 18:55:28 -06:00 · 2012-04-06 04:56:46 -04:00
parent 35f44a1aeb
commit 6e5c8b25bf
6 changed files with 46 additions and 14 deletions
--- a/tests/test_xmlrpc/test_selfservice_plugin.py
+++ b/tests/test_xmlrpc/test_selfservice_plugin.py
@@ -26,6 +26,7 @@ from tests.test_xmlrpc import objectclasses
 from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid

 selfservice1 = u'testself'
+invalid_selfservice1 = u'bad+name'

 class test_selfservice(Declarative):

@@ -270,4 +271,16 @@ class test_selfservice(Declarative):
            )
        ),

+        dict(
+            desc='Create invalid %r' % invalid_selfservice1,
+            command=(
+                'selfservice_add', [invalid_selfservice1], dict(
+                    attrs=[u'street', u'c', u'l', u'st', u'postalcode'],
+                    permissions=u'write',
+                )
+            ),
+            expected=errors.ValidationError(name='name',
+                error='May only contain letters, numbers, -, _, and space'),
+        ),
+
    ]