Bug 30342 - udm users/user returns broken jpegPhoto data (double base64 encoded)
udm users/user returns broken jpegPhoto data (double base64 encoded)
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 3.1
Other Linux
: P4 minor (vote)
: UCS 3.2
Assigned To: Lukas Walter
Erik Damrose
: interim-2
Depends on:
  Show dependency treegraph
Reported: 2013-02-07 12:34 CET by Arvid Requate
Modified: 2013-11-19 06:43 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

avoid broken jpegPhoto syntax (1.27 KB, text/plain)
2013-02-07 12:35 CET, Arvid Requate
fixBase64Syntax and jpegPhoto (11.45 KB, patch)
2013-09-11 13:54 CEST, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2013-02-07 12:34:50 CET
udm users/user returns broken jpegPhoto data:

  jpegPhoto: Lw==

This is caused by double base64 encoding (unmapBase64 + syntax.jpegPhoto).
Comment 1 Arvid Requate univentionstaff 2013-02-07 12:35:30 CET
Created attachment 5057 [details]
avoid broken jpegPhoto syntax
Comment 2 Alexander Kläser univentionstaff 2013-02-13 10:10:04 CET
How did the problem happen? Via the CLI? An even better syntax choice would be Base64Upload (as it is used for userCertificate).
Comment 3 Arvid Requate univentionstaff 2013-09-11 13:54:41 CEST
Created attachment 5422 [details]
fixBase64Syntax and jpegPhoto

@Alex: you are right. For another case I implemented a specialized GzipBase64Upload syntax, maybe its a good idea to define a similar thing here which uses e.g. the builtin imghdr python module to do basic content validation.

Looking at this stuff again, I think the base64 en/decoding should be done in univention.admin.syntax only and removed from univention.admin.mapping. It's useless to parse the input in univention.admin.syntax and then throw the result away just to do the same again in the mapping part on the way to LDAP. The mapping was introduced for users/user jpegPhoto and userCertificate only. The attached patch fixes this , so base64 handling is done in the syntax.parse/tostring part exclusively.
Comment 4 Lukas Walter univentionstaff 2013-09-11 16:38:53 CEST
I simply corrected the jpegPhoto syntax.

Though, it would be a good idea to think about the mapping concept in general. Everything the mappings do right now could be moved to the syntax classes as well: Bug #32564.

svn 43912
Comment 5 Arvid Requate univentionstaff 2013-09-11 18:54:37 CEST
Checking for text[0] does not make to much sense, does it?
Comment 6 Arvid Requate univentionstaff 2013-09-11 19:00:56 CEST
Also, as noted above, I would recommend the inclusion of a parse method, which does

  def parse(self, text):
      assert imghdr.what(None, value) == 'jpeg'
       raise uexceptions.valueError('Value must be Base64 encoded jpeg')

Otherwise the syntax is not very useful at all.
Comment 7 Arvid Requate univentionstaff 2013-09-11 19:02:20 CEST
Should use base64.b64encode  and  base64.b64decode  to avoid line wrapping.
Comment 8 Lukas Walter univentionstaff 2013-09-13 15:44:29 CEST
Comment 9 Erik Damrose univentionstaff 2013-09-27 16:04:04 CEST
code still uses base64.encodestring
Comment 10 Lukas Walter univentionstaff 2013-10-01 12:21:34 CEST
(In reply to Erik Damrose from comment #9)
> code still uses base64.encodestring


univention-directory-manager-modules (9.0.41-1)
svn r44622
Comment 11 Erik Damrose univentionstaff 2013-10-08 10:46:00 CEST
Code + Changelog OK
-> Verified
Comment 12 Stefan Gohmann univentionstaff 2013-11-19 06:43:29 CET
UCS 3.2 has been released:

If this error occurs again, please use "Clone This Bug".