From d5e6a9e443d57346ad297216307d7ed7ff5bc8fd Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Fri, 17 Jul 2020 19:16:33 +0200
Subject: [PATCH] sanitize ldap for groups as well

---
 uffd/user/models.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/uffd/user/models.py b/uffd/user/models.py
index f55ffe66..c666e14a 100644
--- a/uffd/user/models.py
+++ b/uffd/user/models.py
@@ -115,19 +115,27 @@ class Group():
 	def __init__(self, gid=None, name='', members=None, description=''):
 		self.gid = gid
 		self.name = name
-		if isinstance(members, str):
-			members = [members]
 		self.members_ldap = members
 		self._members = None
 		self.description = description
 
 	@classmethod
 	def from_ldap(cls, ldapobject):
+		if 'description' in ldapobject:
+			description = ldapobject['description'].value
+		else:
+			description = ''
+		# if a group has no members, "uniqueMember" attribute does not exist
+		# if a group has exactly one member, ldap returns a string not an array with one element
+		# we sanitize this to always be an array
+		sanitized_members = ldapobject['uniqueMember']
+		if isinstance(sanitized_members, str):
+			sanitized_members = [sanitized_members]
 		return Group(
 				gid=ldapobject['gidNumber'].value,
 				name=ldapobject['cn'].value,
-				members=ldapobject['uniqueMember'],
-				description=ldapobject['description'].value if 'description' in ldapobject else '',
+				members=sanitized_members,
+				description=description,
 			)
 
 	@classmethod
-- 
GitLab