From 5884ee086f21133cf97d18deee52cf9c6ae071a4 Mon Sep 17 00:00:00 2001
From: Andrea Callia D'Iddio <ac4014@ic.ac.uk>
Date: Wed, 9 Nov 2022 10:39:27 +0000
Subject: [PATCH] Fix: set username from the returned LDAP attributes, which
 prevents any issue with special operators used when specifying the username -
 e.g. impersonation operator without the need to handle the impersonation
 logic here.

---
 app/views/auth.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/views/auth.py b/app/views/auth.py
index f40d624..7cd0cfb 100644
--- a/app/views/auth.py
+++ b/app/views/auth.py
@@ -43,6 +43,7 @@ def login():
         if attributes is None:
             flash(messages.LOGIN_UNSUCCESSFUL_ERROR)
             return render_template("pages/login.html", form=form)
+        username = attributes["name"]
         user = AuthenticatedUser.query.filter_by(username=username).first()
         if not user:
             user = AuthenticatedUser(
-- 
GitLab