internal/ldap: fix panic when parsing lists with mixed types

closes #2355 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-22 19:56:50 +01:00
parent 6d3a94f24f
commit fb33906637
2 changed files with 75 additions and 1 deletions
--- a/internal/outpost/ldap/utils/utils.go
+++ b/internal/outpost/ldap/utils/utils.go
@ -51,7 +51,9 @@ func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
 			entry.Values = make([]string, len(t))
 			for idx, v := range t {
 				v := ldapResolveTypeSingle(v)
-				entry.Values[idx] = *v
+				if v != nil {
+					entry.Values[idx] = *v
+				}
 			}
 		default:
 			v := ldapResolveTypeSingle(t)
--- a/internal/outpost/ldap/utils/utils_test.go
+++ b/internal/outpost/ldap/utils/utils_test.go
@ -0,0 +1,72 @@
+package utils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"goauthentik.io/api"
+)
+
+func TestAKAttrsToLDAP_String(t *testing.T) {
+	var d *map[string]interface{}
+
+	// normal string
+	d = &map[string]interface{}{
+		"foo": "bar",
+	}
+	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+	// pointer string
+	d = &map[string]interface{}{
+		"foo": api.PtrString("bar"),
+	}
+	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+}
+
+func TestAKAttrsToLDAP_String_List(t *testing.T) {
+	var d *map[string]interface{}
+	// string list
+	d = &map[string]interface{}{
+		"foo": []string{"bar"},
+	}
+	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+	// pointer string list
+	d = &map[string]interface{}{
+		"foo": &[]string{"bar"},
+	}
+	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+}
+
+func TestAKAttrsToLDAP_Dict(t *testing.T) {
+	// dict
+	d := &map[string]interface{}{
+		"foo": map[string]string{
+			"foo": "bar",
+		},
+	}
+	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
+	// Dicts are currently unsupported, but make sure we don't crash
+	// assert.Equal(t, []string{nil}, AKAttrsToLDAP(d)[0].Values)
+}
+
+func TestAKAttrsToLDAP_Mixed(t *testing.T) {
+	// dict
+	d := &map[string]interface{}{
+		"foo": []interface{}{
+			"foo",
+			6,
+		},
+	}
+	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
+	// Dicts are currently unsupported, but make sure we don't crash
+	// assert.Equal(t, []string{nil}, AKAttrsToLDAP(d)[0].Values)
+}