diff --git a/allauth_ens/tests.py b/allauth_ens/tests.py index b902d81..f8bf5c0 100644 --- a/allauth_ens/tests.py +++ b/allauth_ens/tests.py @@ -9,6 +9,7 @@ from django.core import mail from django.test import TestCase, override_settings from allauth.socialaccount.models import SocialAccount +from allauth_ens.utils import get_ldap_infos import six from allauth_cas.test.testcases import CASTestCase @@ -367,3 +368,11 @@ class LongTermClipperTests(CASTestCase): self.assertEqual(nu0, nu1) self.assertEqual(nsa0, nsa1) ldap_patcher.start() + + def test_invalid_uid(self): + self._setup_ldap(12, "test") + uids = [" test", "test ", "\\test", "test)"] + for uid in uids: + with self.assertRaises(ValueError) as cm: + get_ldap_infos(uid) + self.assertIn(uid, cm.exception.message) diff --git a/allauth_ens/utils.py b/allauth_ens/utils.py index afd29a9..02d4c10 100644 --- a/allauth_ens/utils.py +++ b/allauth_ens/utils.py @@ -69,7 +69,11 @@ def extract_infos_from_ldap(infos): def get_ldap_infos(clipper_uid): - assert clipper_uid.isalnum() + if not clipper_uid.isalnum(): + raise ValueError( + 'Invalid uid "{}": contains non-alphanumeric characters' + .format(clipper_uid) + ) data = {} try: ldap_connection = init_ldap()