Fix support for None username in credentials (#119)

itziakos · web-flow · commit 798a9d0d6ce9 · 2023-04-01T15:36:44.000+01:00
* Update testing to check for bug #99 * Fix cffi credential backend to correctly manage None as UserName * Augment tests for credentials with none username
diff --git a/win32ctypes/core/cffi/_authentication.py b/win32ctypes/core/cffi/_authentication.py
@@ -88,23 +88,24 @@ def fromdict(cls, credential, flag=0):
         c_creds = factory()
         # values to ref and make sure that they will not go away
         values = []
-        for key in SUPPORTED_CREDKEYS:
-            if key in credential:
-                if key == u'CredentialBlob':
-                    blob = make_unicode(credential['CredentialBlob'])
-                    blob_data = ffi.new('wchar_t[]', blob)
-                    # new adds a NULL at the end that we do not want.
-                    c_creds.CredentialBlobSize = \
-                        ffi.sizeof(blob_data) - ffi.sizeof('wchar_t')
-                    c_creds.CredentialBlob = ffi.cast('LPBYTE', blob_data)
-                    values.append(blob_data)
-                elif key in (u'Type', u'Persist'):
-                    setattr(c_creds, key, credential[key])
-                else:
-                    blob = make_unicode(credential[key])
-                    value = ffi.new('wchar_t[]', blob)
-                    values.append(value)
-                    setattr(c_creds, key, ffi.cast('LPTSTR', value))
+        for key, value in credential.items():
+            if key == u'CredentialBlob':
+                blob = make_unicode(value)
+                blob_data = ffi.new('wchar_t[]', blob)
+                # new adds a NULL at the end that we do not want.
+                c_creds.CredentialBlobSize = \
+                    ffi.sizeof(blob_data) - ffi.sizeof('wchar_t')
+                c_creds.CredentialBlob = ffi.cast('LPBYTE', blob_data)
+                values.append(blob_data)
+            elif key in (u'Type', u'Persist'):
+                setattr(c_creds, key, value)
+            elif value is None:
+                setattr(c_creds, key, ffi.NULL)
+            else:
+                blob = make_unicode(value)
+                pblob = ffi.new('wchar_t[]', blob)
+                values.append(pblob)
+                setattr(c_creds, key, ffi.cast('LPTSTR', pblob))
         # keep values alive until c_creds goes away.
         _keep_alive[c_creds] = tuple(values)
         return c_creds
@@ -136,7 +137,7 @@ def credential2dict(pc_creds):
         else:
             string_pointer = getattr(pc_creds, key)
             if string_pointer == ffi.NULL:
-                data = u''
+                data = None
             else:
                 data = ffi.string(string_pointer)
         credentials[key] = data
diff --git a/win32ctypes/tests/test_win32cred.py b/win32ctypes/tests/test_win32cred.py
@@ -38,11 +38,11 @@ def setUp(self):
         except error:
             pass
 
-    def _demo_credentials(self):
+    def _demo_credentials(self, UserName=u'jone'):
         return {
             "Type": CRED_TYPE_GENERIC,
             "TargetName": u'jone@doe',
-            "UserName": u'jone',
+            "UserName": UserName,
             "CredentialBlob": u"doefsajfsakfj",
             "Comment": u"Created by MiniPyWin32Cred test suite",
             "Persist": CRED_PERSIST_ENTERPRISE}
@@ -66,6 +66,9 @@ def test_write_to_pywin32(self):
         self.assertEqual(credentials["TargetName"], u'jone@doe')
         self.assertEqual(
             credentials["Comment"], u"Created by MiniPyWin32Cred test suite")
+        # XXX: the fact that we have to decode the password when reading, but
+        # not encode when writing is a bit strange, but that's what pywin32
+        # seems to do and we try to be backward compatible here.
         self.assertEqual(
             credentials["CredentialBlob"].decode('utf-16'), u"doefsajfsakfj")
 
@@ -79,16 +82,45 @@ def test_read_from_pywin32(self):
         credentials = CredRead(target, CRED_TYPE_GENERIC)
 
         # then
-        # XXX: the fact that we have to decode the password when reading, but
-        # not encode when writing is a bit strange, but that's what pywin32
-        # seems to do as well, and we try to be backward compatible here.
         self.assertEqual(credentials["UserName"], u"jone")
         self.assertEqual(credentials["TargetName"], u'jone@doe')
         self.assertEqual(
             credentials["Comment"], u"Created by MiniPyWin32Cred test suite")
         self.assertEqual(
             credentials["CredentialBlob"].decode('utf-16'), u"doefsajfsakfj")
 
+    def test_read_from_pywin32_with_none_usename(self):
+        # given
+        target = u'jone@doe'
+        r_credentials = self._demo_credentials(None)
+        win32cred.CredWrite(r_credentials)
+
+        # when
+        credentials = CredRead(target, CRED_TYPE_GENERIC)
+
+        self.assertEqual(credentials["UserName"], None)
+        self.assertEqual(credentials["TargetName"], u'jone@doe')
+        self.assertEqual(
+            credentials["Comment"], u"Created by MiniPyWin32Cred test suite")
+        self.assertEqual(
+            credentials["CredentialBlob"].decode('utf-16'), u"doefsajfsakfj")
+
+    def test_write_to_pywin32_with_none_usename(self):
+        # given
+        target = u'jone@doe'
+        r_credentials = self._demo_credentials(None)
+        CredWrite(r_credentials)
+
+        # when
+        credentials = win32cred.CredRead(target, CRED_TYPE_GENERIC)
+
+        self.assertEqual(credentials["UserName"], None)
+        self.assertEqual(credentials["TargetName"], u'jone@doe')
+        self.assertEqual(
+            credentials["Comment"], u"Created by MiniPyWin32Cred test suite")
+        self.assertEqual(
+            credentials["CredentialBlob"].decode('utf-16'), u"doefsajfsakfj")
+
     def test_read_write(self):
         # given
         target = u'jone@doe'
@@ -98,17 +130,30 @@ def test_read_write(self):
         CredWrite(r_credentials)
         credentials = CredRead(target, CRED_TYPE_GENERIC)
 
-        # then
-        # XXX: the fact that we have to decode the password when reading, but
-        # not encode when writing is a bit strange, but that's what pywin32
-        # seems to do as well, and we try to be backward compatible here.
         self.assertEqual(credentials["UserName"], u"jone")
         self.assertEqual(credentials["TargetName"], u'jone@doe')
         self.assertEqual(
             credentials["Comment"], u"Created by MiniPyWin32Cred test suite")
         self.assertEqual(
             credentials["CredentialBlob"].decode('utf-16'), u"doefsajfsakfj")
 
+    def test_read_write_with_none_username(self):
+        # given
+        target = u'jone@doe'
+        r_credentials = self._demo_credentials(None)
+
+        # when
+        CredWrite(r_credentials)
+        credentials = CredRead(target, CRED_TYPE_GENERIC)
+
+        # then
+        self.assertEqual(credentials["UserName"], None)
+        self.assertEqual(credentials["TargetName"], u'jone@doe')
+        self.assertEqual(
+            credentials["Comment"], u"Created by MiniPyWin32Cred test suite")
+        self.assertEqual(
+            credentials["CredentialBlob"].decode('utf-16'), u"doefsajfsakfj")
+
     def test_enumerate_filter(self):
         # given
         r_credentials = self._demo_credentials()
@@ -118,9 +163,6 @@ def test_enumerate_filter(self):
         credentials = CredEnumerate('jone*')[0]
 
         # then
-        # XXX: the fact that we have to decode the password when reading, but
-        # not encode when writing is a bit strange, but that's what pywin32
-        # seems to do as well, and we try to be backward compatible here.
         self.assertEqual(credentials["UserName"], u"jone")
         self.assertEqual(credentials["TargetName"], u'jone@doe')
         self.assertEqual(
