diff --git a/docs/conf.py b/docs/conf.py
index 1ac53a28141aecb7d72f3ec6ec0cbf9f1fdfcb33..1106fb9accfedbca3071c6cfc62bd01c79c1db16 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -63,9 +63,9 @@ copyright = u'2014, Alexandre Ferland'
# built documents.
#
# The short X.Y version.
-version = '0.2.1'
+version = '0.3.0'
# The full version, including alpha/beta/rc tags.
-release = '0.2.1'
+release = '0.3.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/docs/index.rst b/docs/index.rst
index bdb1b2d29d9a3ff3ab5f1c28d769c4cffbbfa50c..8e64674c0dd03f84ffd42de0d50c75ddaea1c03b 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -108,11 +108,14 @@ History
Changes:
-- 0.2.1: January 6, 2015
+- 0.3.0: January 21, 2015
- Fix Github issue `#10 <https://github.com/admiralobvious/flask-simpleldap/issues/10>`_,
Redirect users back to the page they originally requested after authenticating
+ - Fix GitHub issue `#12 <https://github.com/admiralobvious/flask-simpleldap/issues/12>`_,
+ Only trust .bind_user() with a non-empty password
+
- 0.2.0: December 7, 2014
- Added HTTP Basic Authentication. Thanks to OptiverTimAll on GitHub.
diff --git a/examples/groups/app.py b/examples/groups/app.py
index ceeb1cffb55d35d249c3f09933e2804cabb840ab..b074e6093cd6ba1e2e6e64346afff7cf54a3b4c6 100644
--- a/examples/groups/app.py
+++ b/examples/groups/app.py
@@ -36,7 +36,7 @@ def login():
user = request.form['user']
passwd = request.form['passwd']
test = ldap.bind_user(user, passwd)
- if test is None or passwd = '':
+ if test is None or passwd == '':
return 'Invalid credentials'
else:
session['user_id'] = request.form['user']
diff --git a/flask_simpleldap/__init__.py b/flask_simpleldap/__init__.py
index 9cfa8af9133dc427a929052d28a7ebff49a5ed0e..3c84e8242be40267d6de7f8f2cd24aa138bf0c1a 100644
--- a/flask_simpleldap/__init__.py
+++ b/flask_simpleldap/__init__.py
@@ -2,10 +2,12 @@
__all__ = ['LDAP']
import re
+from functools import wraps
+
import ldap
import ldap.filter
-from functools import wraps
-from flask import abort, current_app, g, make_response, redirect, url_for, request
+from flask import abort, current_app, g, make_response, redirect, url_for, \
+ request
try:
from flask import _app_ctx_stack as stack
@@ -202,8 +204,8 @@ class LDAP(object):
[current_app.config['LDAP_USER_GROUPS_FIELD']])
conn.unbind_s()
if records:
- if current_app.config['LDAP_USER_GROUPS_FIELD'] in records[0][
- 1]:
+ if current_app.config['LDAP_USER_GROUPS_FIELD'] in \
+ records[0][1]:
groups = records[0][1][
current_app.config['LDAP_USER_GROUPS_FIELD']]
result = [re.findall('(?:cn=|CN=)(.*?),', group)[0] for
@@ -259,7 +261,8 @@ class LDAP(object):
@wraps(func)
def wrapped(*args, **kwargs):
if g.user is None:
- return redirect(url_for(current_app.config['LDAP_LOGIN_VIEW'], next=request.path))
+ return redirect(url_for(current_app.config['LDAP_LOGIN_VIEW'],
+ next=request.path))
return func(*args, **kwargs)
return wrapped
@@ -272,7 +275,7 @@ class LDAP(object):
The login view is responsible for asking for credentials, checking
them, and setting ``flask.g.user`` to the name of the authenticated
- user and ``flask.g.ldap_groups`` to the authenticated's user's groups
+ user and ``flask.g.ldap_groups`` to the authenticated user's groups
if the credentials are acceptable.
:param list groups: List of groups that should be able to access the
@@ -284,7 +287,8 @@ class LDAP(object):
def wrapped(*args, **kwargs):
if g.user is None:
return redirect(
- url_for(current_app.config['LDAP_LOGIN_VIEW'], next=request.path))
+ url_for(current_app.config['LDAP_LOGIN_VIEW'],
+ next=request.path))
match = [group for group in groups if group in g.ldap_groups]
if not match:
diff --git a/setup.py b/setup.py
index 29fd6aba5419c51d3528887daadb553fe464aedb..90b2c4a28a89f93bd56458521f72be70ca1e3ddd 100644
--- a/setup.py
+++ b/setup.py
@@ -9,7 +9,7 @@ from setuptools import setup
setup(
name='Flask-SimpleLDAP',
- version='0.2.1',
+ version='0.3.0',
url='https://github.com/admiralobvious/flask-simpleldap',
license='MIT',
author='Alexandre Ferland',