From 72e5449a4fed024db673a3dd9ee42b7109565612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergiusz=20=27q3k=27=20Baza=C5=84ski?= Date: Sat, 11 Oct 2014 14:02:15 +0200 Subject: [PATCH] quick hack to not allow duplicate usernames with spaces --- auth.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/auth.py b/auth.py index cdbe5b2..e7e94f5 100644 --- a/auth.py +++ b/auth.py @@ -21,6 +21,10 @@ def login(): conn = ldap.initialize(app.config['LDAP_URL']) conn.start_tls_s() res,code = 'OK', 200 + # hack! + if ' ' in request.form['login']: + res, code = 'ERROR', 401 + return make_response(res, code, { 'Content-Type': 'text/plain' }) try: conn.simple_bind_s(app.config['DN_STRING'] % request.form['login'], request.form.get('password', ''))