# HG changeset patch # User Philippe Pepiot # Date 1582667142 -3600 # Node ID 1206b6fa11737de921fef696d8f34fc11be84c34 # Parent 2233a2ee658f59d2d33f2f272c64d507e7548a3f [ldapfeed] use LDAP_SCOPES to find user-scope We already have LDAP_SCOPES dict defining possible scopes, this avoid possible code injection from config... Thus we can drop global variables already defined in LDAP_SCOPES since they are not used directly anymore. diff -r 2233a2ee658f -r 1206b6fa1173 cubicweb/server/sources/ldapfeed.py --- a/cubicweb/server/sources/ldapfeed.py Thu Feb 13 13:56:43 2020 +0100 +++ b/cubicweb/server/sources/ldapfeed.py Tue Feb 25 22:45:42 2020 +0100 @@ -34,12 +34,10 @@ from cubicweb import _ # search scopes -BASE = ldap3.SEARCH_SCOPE_BASE_OBJECT -ONELEVEL = ldap3.SEARCH_SCOPE_SINGLE_LEVEL -SUBTREE = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE -LDAP_SCOPES = {'BASE': BASE, - 'ONELEVEL': ONELEVEL, - 'SUBTREE': SUBTREE} +LDAP_SCOPES = {'BASE': ldap3.SEARCH_SCOPE_BASE_OBJECT, + 'ONELEVEL': ldap3.SEARCH_SCOPE_SINGLE_LEVEL, + 'SUBTREE': ldap3.SEARCH_SCOPE_WHOLE_SUBTREE} + # map ldap protocol to their standard port PROTO_PORT = {'ldap': 389, @@ -199,7 +197,7 @@ self.cnx_dn = typedconfig['data-cnx-dn'] self.cnx_pwd = typedconfig['data-cnx-password'] self.user_base_dn = str(typedconfig['user-base-dn']) - self.user_base_scope = globals()[typedconfig['user-scope']] + self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']] self.user_login_attr = typedconfig['user-login-attr'] self.user_default_groups = typedconfig['user-default-group'] self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'}