search

ansibleguy76 / ansibleforms

A webapplication to create pretty advanced forms to run ansible playbooks or awx templates.
https://ansibleforms.com/
GNU General Public License v3.0
66 stars 10 forks source link

Issues with Users that have a "Umlaut" eg. Ö or ß #142

Closed janhoelscher closed 7 months ago

janhoelscher commented 7 months ago

Describe the bug I have configured authentication via an Active Directory Server. Users without a german "Umlaut" can login without any problems. But users with an "Umlaut" in there CN getting "Ldap: Invalid Credentials" as a response on the login page. It has been double checked with two users having this issue.

To Reproduce Steps to reproduce the behavior:

  1. Configuring Active Directory Server in Ldap Config
  2. Try to login as a user which have an "Umlaut" in their CN
  3. Getting error message on login page

Expected behavior User should login without any errors.

Version ansibleforms v5.0.0

Deployment Deployed ansibleforms with :

Additional context Logs only shows error: Error connecting to ldap : Invalid Credentials but credentials are correct.

Full DN from user account look similar than this CN=<here is sAMAccountName>_(<forename>_<surname>),OU=user,OU=<censored>,DC=<censored>,DC=<censored>,DC=de as <surname> contains an "Ö"

ansibleguy76 commented 7 months ago

I have investigated. Basic authentication was not handling utf8 characters, that will be fixed in 5.0.1 The user now arrives correctly at the server end, unfortunately, I haven't found a correct way to encode the username so ldap is happy. I tried hex encoding, for example "\00\FC" => ü, but that didn't work. So for the moment I don't know how to fix it. I'm using the ldapjs library which is up to date. Maybe I need to encode the username when sending to ldap, but need to find how and then I can fix this. TBC

ansibleguy76 commented 7 months ago

found it... and fixed in 5.0.1

ansibleguy76 commented 7 months ago

building 5.0.1 beta now

ansibleguy76 commented 7 months ago

Maybe I need to encode the username when sending to ldap, but need to find how and then I can fix this.

I had to decode instead, ldap return encoded Distinguished name and to bind ldap, I must send utf8, so had to build an unescape function.

(https://github.com/ldapjs/node-ldapjs/issues/968)

qfdk commented 2 months ago

Hello @ansibleguy76

Thanks for your workaround, but it doesn't work for these cases

\e2\82\a0 => ₠ \f0\9f\98\80 => 😀

I have read the test file available here: https://github.com/ldapjs/dn/blob/master/lib/utils/escape-value.test.js

I have written a simple version, which I will share with you here

const unescapeLdapDnString = input => {
    // Convert \\xXX to %XX
    const convertedStr = input.replace(/\\([0-9A-Fa-f]{2})/g, (_, hex) => '%' + hex);
    return decodeURIComponent(convertedStr);
};

Have a nice day, qfdk