Up version to 0.3.0

Merged PRs: #11 and #13. Fixed some PEP 8 issues and typos.

docs/conf.py

@@ -63,9 +63,9 @@ copyright = u'2014, Alexandre Ferland'
 # built documents.
 #
 # The short X.Y version.
-version = '0.2.1'
+version = '0.3.0'
 # The full version, including alpha/beta/rc tags.
-release = '0.2.1'
+release = '0.3.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/index.rst

@@ -108,11 +108,14 @@ History
 
 Changes:
 
-- 0.2.1: January 6, 2015
+- 0.3.0: January 21, 2015
 
   - Fix Github issue `#10 <https://github.com/admiralobvious/flask-simpleldap/issues/10>`_,
     Redirect users back to the page they originally requested after authenticating
 
+  - Fix GitHub issue `#12 <https://github.com/admiralobvious/flask-simpleldap/issues/12>`_,
+    Only trust .bind_user() with a non-empty password
+
 - 0.2.0: December 7, 2014
 
   - Added HTTP Basic Authentication. Thanks to OptiverTimAll on GitHub.

examples/groups/app.py

@@ -36,7 +36,7 @@ def login():
         user = request.form['user']
         passwd = request.form['passwd']
         test = ldap.bind_user(user, passwd)
-        if test is None or passwd = '':
+        if test is None or passwd == '':
             return 'Invalid credentials'
         else:
             session['user_id'] = request.form['user']

flask_simpleldap/__init__.py

@@ -2,10 +2,12 @@
 __all__ = ['LDAP']
 
 import re
+from functools import wraps
+
 import ldap
 import ldap.filter
-from functools import wraps
-from flask import abort, current_app, g, make_response, redirect, url_for, request
+from flask import abort, current_app, g, make_response, redirect, url_for, \
+    request
 
 try:
     from flask import _app_ctx_stack as stack
@@ -202,8 +204,8 @@ class LDAP(object):
                 [current_app.config['LDAP_USER_GROUPS_FIELD']])
             conn.unbind_s()
             if records:
-                if current_app.config['LDAP_USER_GROUPS_FIELD'] in records[0][
-                    1]:
+                if current_app.config['LDAP_USER_GROUPS_FIELD'] in \
+                        records[0][1]:
                     groups = records[0][1][
                         current_app.config['LDAP_USER_GROUPS_FIELD']]
                     result = [re.findall('(?:cn=|CN=)(.*?),', group)[0] for
@@ -259,7 +261,8 @@ class LDAP(object):
         @wraps(func)
         def wrapped(*args, **kwargs):
             if g.user is None:
-                return redirect(url_for(current_app.config['LDAP_LOGIN_VIEW'], next=request.path))
+                return redirect(url_for(current_app.config['LDAP_LOGIN_VIEW'],
+                                        next=request.path))
             return func(*args, **kwargs)
 
         return wrapped
@@ -272,7 +275,7 @@ class LDAP(object):
 
         The login view is responsible for asking for credentials, checking
         them, and setting ``flask.g.user`` to the name of the authenticated
-        user and ``flask.g.ldap_groups`` to the authenticated's user's groups
+        user and ``flask.g.ldap_groups`` to the authenticated user's groups
         if the credentials are acceptable.
 
         :param list groups: List of groups that should be able to access the
@@ -284,7 +287,8 @@ class LDAP(object):
             def wrapped(*args, **kwargs):
                 if g.user is None:
                     return redirect(
-                        url_for(current_app.config['LDAP_LOGIN_VIEW'], next=request.path))
+                        url_for(current_app.config['LDAP_LOGIN_VIEW'],
+                                next=request.path))
 
                 match = [group for group in groups if group in g.ldap_groups]
                 if not match:

setup.py

@@ -9,7 +9,7 @@ from setuptools import setup
 
 setup(
     name='Flask-SimpleLDAP',
-    version='0.2.1',
+    version='0.3.0',
     url='https://github.com/admiralobvious/flask-simpleldap',
     license='MIT',
     author='Alexandre Ferland',