Fix on Username/Password trailling whitespace

added some logic to remove tralling whitespace on username/password before got validated Change-Id: I910b5380052ccd1fd9ea7810be4f195930965414
2016-02-19 12:32:41 -03:00 · 2016-02-19 12:32:41 -03:00 · e6b1bdc248
commit e6b1bdc248
parent 3610cd0f2e
6 changed files with 95 additions and 15 deletions
--- a/app/controllers/openid/UserController.php
+++ b/app/controllers/openid/UserController.php
@ -196,6 +196,12 @@ class UserController extends OpenIdController
        {
            $max_login_attempts_2_show_captcha = $this->server_configuration_service->getConfigValue("MaxFailed.LoginAttempts.2ShowCaptcha");
            $data = Input::all();
+
+            if(isset($data['username']))
+                $data['username'] = trim($data['username']);
+            if(isset($data['password']))
+                $data['password'] = trim($data['password']);
+
            $login_attempts = intval(Input::get('login_attempts'));
            // Build the validation constraint set.
            $rules = array
@ -212,8 +218,8 @@ class UserController extends OpenIdController

            if ($validator->passes())
            {
-                $username = Input::get("username");
-                $password = Input::get("password");
+                $username = $data['username'];
+                $password = $data['password'];
                $remember = Input::get("remember");

                $remember = !is_null($remember);
@ -235,13 +241,20 @@ class UserController extends OpenIdController
                        'max_login_attempts_2_show_captcha' => $max_login_attempts_2_show_captcha,
                        'login_attempts'                    => $login_attempts,
                        'username'                          => $username,
-                        'error_message'                     => '"We\'re sorry, your username or password does not match an existing record."'
+                        'error_message'                     => "We\'re sorry, your username or password does not match an existing record."
                    )
                );
            }
-
-            return Redirect::action('UserController@getLogin')
-                ->withErrors($validator);
+            // validator errors
+            return $this->login_strategy->errorLogin
+            (
+                array
+                (
+                    'max_login_attempts_2_show_captcha' => $max_login_attempts_2_show_captcha,
+                    'login_attempts'                    => $login_attempts,
+                    'validator'                         => $validator
+                )
+            );
        }
        catch (Exception $ex)
        {
--- a/app/libs/oauth2/requests/OAuth2Request.php
+++ b/app/libs/oauth2/requests/OAuth2Request.php
@ -36,7 +36,7 @@ abstract class OAuth2Request {
    public function getParam($param)
    {
        $value =  $this->message->getParam($param);
-        if(!empty($value)) $value = urldecode($value);
+        if(!empty($value)) $value = trim(urldecode($value));
        return $value;
    }

--- a/app/strategies/DefaultLoginStrategy.php
+++ b/app/strategies/DefaultLoginStrategy.php
@ -61,10 +61,15 @@ class DefaultLoginStrategy implements ILoginStrategy
     */
    public function errorLogin(array $params)
    {
-        return Redirect::action('UserController@getLogin')
+        $response = Redirect::action('UserController@getLogin')
            ->with('max_login_attempts_2_show_captcha', $params['max_login_attempts_2_show_captcha'])
-            ->with('login_attempts', $params['login_attempts'])
-            ->with('username', $params['username'])
-            ->with('flash_notice', $params['error_message']);
+            ->with('login_attempts', $params['login_attempts']);
+        if(isset($params['username']))
+            $response= $response->with('username', $params['username']);
+        if(isset($params['error_message']))
+            $response = $response->with('flash_notice', $params['error_message']);
+        if(isset($params['validator']))
+            $response = $response->withErrors($params['validator']);
+        return $response;
    }
 }
--- a/app/strategies/DisplayResponseJsonStrategy.php
+++ b/app/strategies/DisplayResponseJsonStrategy.php
@ -14,6 +14,7 @@

 namespace strategies;

+use Illuminate\Support\Contracts\MessageProviderInterface;
 use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
 use Illuminate\Support\Facades\Response;
 use Redirect;
@ -83,6 +84,17 @@ class DisplayResponseJsonStrategy implements IDisplayResponseStrategy
     */
    public function getLoginErrorResponse(array $data = array())
    {
+        if(isset($data['validator']) && $data['validator'] instanceof MessageProviderInterface )
+        {
+            $validator = $data['validator'];
+            unset($data['validator']);
+            $data['error_message'] = array();
+            $errors = $validator->getMessageBag()->getMessages();
+            foreach($errors as $e)
+            {
+                array_push($data['error_message'],$e[0]);
+            }
+        }
        return Response::json($data, 412);
    }
 }
--- a/app/strategies/DisplayResponseUserAgentStrategy.php
+++ b/app/strategies/DisplayResponseUserAgentStrategy.php
@ -49,10 +49,17 @@ class DisplayResponseUserAgentStrategy implements IDisplayResponseStrategy
     */
    public function getLoginErrorResponse(array $data = array())
    {
-        return Redirect::action('UserController@getLogin')
+        $response =  Redirect::action('UserController@getLogin')
            ->with('max_login_attempts_2_show_captcha', $data['max_login_attempts_2_show_captcha'])
-            ->with('login_attempts', $data['login_attempts'])
-            ->with('username', $data['username'])
-            ->with('flash_notice', $data['error_message']);
+            ->with('login_attempts', $data['login_attempts']);
+
+        if(isset($params['username']))
+            $response= $response->with('username', $params['username']);
+        if(isset($params['error_message']))
+            $response = $response->with('flash_notice', $params['error_message']);
+        if(isset($params['validator']))
+            $response = $response->withErrors($params['validator']);
+
+        return $response;
    }
 }
--- a/app/tests/OIDCProtocolTest.php
+++ b/app/tests/OIDCProtocolTest.php
@ -88,6 +88,49 @@ class OIDCProtocolTest extends OpenStackIDBaseTest

    }

+    public function testLoginWithTralingSpace()
+    {
+        $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwTlfSyQ3x.openstack.client';
+
+        $params = array
+        (
+            'client_id' => $client_id,
+            'redirect_uri' => 'https://www.test.com/oauth2',
+            'response_type' => 'code',
+            'scope' => 'openid profile email',
+            OAuth2Protocol::OAuth2Protocol_LoginHint => ' sebastian@tipit.net ',
+            OAuth2Protocol::OAuth2Protocol_MaxAge    => 3200,
+            OAuth2Protocol::OAuth2Protocol_Prompt    => OAuth2Protocol::OAuth2Protocol_Prompt_Consent,
+            OAuth2Protocol::OAuth2Protocol_Display   => OAuth2Protocol::OAuth2Protocol_Display_Native
+        );
+
+        $response = $this->action("POST", "OAuth2ProviderController@authorize",
+            $params,
+            array(),
+            array(),
+            array());
+
+        $this->assertResponseStatus(302);
+
+        $url = $response->getTargetUrl();
+
+        $response = $this->call('GET', $url);
+
+        $this->assertResponseStatus(412);
+
+        // do login
+        $response = $this->action('POST', "UserController@postLogin",
+            array
+            (
+                'username' => ' sebastian@tipit.net ',
+                'password' => ' 1qaz2wsx ',
+                '_token' => Session::token()
+            )
+        );
+
+        $this->assertResponseStatus(302);
+    }
+
    public function testConsentPrompt()
    {
        $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwTlfSyQ3x.openstack.client';