From e091580e02cf6e92dcd905d75dba48f718e1774d Mon Sep 17 00:00:00 2001
From: hawkspar <quentin.chevalier@polytechnique.edu>
Date: Tue, 15 Jan 2019 21:18:35 +0100
Subject: [PATCH] userData and groupData to classes, clean search, escape
 filter in Tools not Basics

---
 src/ldap/internal/basics.ts | 7 +------
 src/ldap/internal/tools.ts  | 5 +++++
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/ldap/internal/basics.ts b/src/ldap/internal/basics.ts
index c14dbb9..10dfabe 100644
--- a/src/ldap/internal/basics.ts
+++ b/src/ldap/internal/basics.ts
@@ -105,10 +105,6 @@ export class Basics {
         if (domain == "gr") { dn+=ldapConfig.dn_groups; }
         else                { dn+=ldapConfig.dn_users; }
         // Interrogation LDAP selon filter
-        console.log(dn);
-        //filter = ldapEscape.filter("${txt}", { txt: filter });
-        console.log(filter);
-
         let promise = new Promise<void>(function(resolve, reject) {
             client.search(dn, {            // Must be escaped in case of a malignious false id
                 "scope": "sub",
@@ -147,7 +143,7 @@ export class Basics {
      */
     static async searchSingle(domain: 'gr'|'us', attribute: string, id: string=null, filter: string="(objectClass=*)") : Promise<string[]> {
         let vals=[];
-        Basics.search(domain, [attribute], id, filter,  entry => {
+        await Basics.search(domain, [attribute], id, filter,  entry => {
             // Cas un seul attribut oÃ¹ le rÃ©sultat est une liste directement
             vals.push(entry.object[attribute]);
         });
@@ -172,7 +168,6 @@ export class Basics {
         let vals=[];
         await Basics.search(domain, attributes, id, filter,  entry => {
             // Cas plusieurs attributs donc rÃ©sultat dictionnaire
-            console.log("Found entry!!");
             vals.push({});
             attributes.forEach(attribute => {
                 vals.slice(-1)[0][attribute]=entry.object[attribute];
diff --git a/src/ldap/internal/tools.ts b/src/ldap/internal/tools.ts
index d22325a..5ee4b03 100644
--- a/src/ldap/internal/tools.ts
+++ b/src/ldap/internal/tools.ts
@@ -3,6 +3,9 @@
  * @author hawkspar
  */
 
+// Toutes les entrÃ©es utilisateur sont escapÃ©es par sÃ©curitÃ©
+import ldapEscape from 'ldap-escape';
+// Imports internes
 import {ldapConfig} from './config';
 import {Basics} from './basics';
 import {userData} from '../export/user';
@@ -82,6 +85,8 @@ export class Tools {
                     let attribute = "";
                     if (domain="us")    { attribute = ldapConfig.user[key]; }
                     else                { attribute = ldapConfig.group[key]; }
+                    // Escape user input
+                    val = ldapEscape.dn("${fil}", { fil: val});
                     // Creation incrÃ©mentale du filtre
                     filter="(&"+filter+ "(|("+attribute+"="+ val+")"+      // On cherche la valeur exacte
                                         "(|("+attribute+"=*"+val+")"+      // La valeur finale avec des trucs avant ; wildcard * (MEF la wildcart ne marche pas pour tous les attributs)
-- 
GitLab