safaacar / rubycas-server

Automatically exported from code.google.com/p/rubycas-server
GNU Lesser General Public License v2.1
0 stars 0 forks source link

Unable to use Whitespace as a password for LDAP login #110

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Setup RubyCAS and ActiveDirectory  LDAP
2. Create a user using Active Directory with a character password {space}
3. Try logging in.

*Note: if a user has a preceding {space} like ' my password' (without quotes), 
password cannot go through. Microsoft AD cannot prevent such password from 
created as well. Hence I provided a workaround below.

What version of RubyCAS-Server are you using? How is it installed (rubygem,
manual install)? How are you running it (webrick, mongrel, passenger,
etc.)?

Installed using rubygem and running webrick.

Please provide any additional information below.
blank?()

Workaround: 
C:\Ruby\lib\ruby\gems\1.8\gems\rubycas-server-0.7.999999.20100202\lib\casserver\
authenticators\ldap.rb

Look for   
{{{
def validate(credentials)
    read_standard_credentials(credentials)

    return false if @password.blank?
}}}

change the word blank to empty like this:
{{{
    return false if @password.empty?
}}}

From ruby on rails:
An object is blank if it’s false, empty, or a whitespace string. For example, 
“”, “ “, nil, [], and {} are blank. 

Original issue reported on code.google.com by hansheng...@gmail.com on 31 Dec 2010 at 7:25