Ignore case of the userid when validating it.

[jvlcek]

The authentication code ignores the case of the userid. The PR ensures the API user validation
code does also.

All userids are created by the authentication code in lowercase. Users can be manually created with the UI in mixed case. However the UI will not allow a second user to be created with a mismatching case.

If User exists and one attempts to create user the UI will report: Userid is not unique

To test:

1. Set authentication mode to: Database
2. From the UI create a new user with at least one uppercase letter in Username. e.g.: User
3. Try to login with this user.

Note: The case of the value specified for Username on the login screen is ignored. So if User was create one could log in with User or user

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1590398

[jvlcek]

@miq-bot assign @gtanzillo

[jvlcek]

@miq-bot add_label bug

[jvlcek]

@miq-bot add_label gaprindashvili/yes

[jvlcek]

@h-kataria Just FYI. Thank you for the help.

[jvlcek]

@gtanzillo I had considered using User.in_my_region.where but this Api code never limited the check to the current region and I felt that doing so might introduce failures elsewhere. When the backend authenticates it does limit the check to the current region so that case is covered.

Let me know if you feel I should use: User.in_my_region.where

Thank you, JoeV

[gtanzillo]

@jvlcek You should add the region scoping here. I think it was missed wth the original code and is a bug waiting to happen. We should only allow users that are defined in the current region to log in.

[jvlcek]

@gtanzillo Wildo. Thank you.

[jvlcek]

@skateman Please review to ensure the specS that I am removing from file spec/requests/service_dialogs_spec.rb align with the PR 17550 that you made to remove dialog_edit and dialog_new. Thanks man!

[jvlcek]

@gtanzillo @abellotti

This PR makes a 1 line code change in lib/services/api/user_token_service.rb and updated
to the related spec to exercise this change.

However Travis builds failed for 2 specs due to PR: ManageIQ/manageiq#17550,
that has removed 2 product features, dialog_new and dialog_edit

The updates to files config/api.yml and spec/requests/service_dialogs_spec.rb were
necessary to compensate for the changes made in PR: ManageIQ/manageiq#17550

Please review. Thank you! JoeV

[gtanzillo]

This all looks ok to me but I'd like to have @abellotti give it a look before I merge.

[himdel]

The test fixes look good, if they get merged here, we can close #395 :)

EDIT: actually, sorry, no, this is removing features...

[skateman]

@jvlcek I am okay with this, however, I'm starting to feel that I deleted an API feature by dropping those featurs 😞 so I think this is more @abellotti's call than mine.

[himdel]

Please use #395 instead to fix the tests.
(as soon as @skateman reviews)

EDIT: the changes are coming here

[skateman]

@romanblanco can you please verify that this doesn't break your dialog editor?

[miq-bot]

Checked commits jvlcek/manageiq-api@2ef3d85~...4349932 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0
2 files checked, 0 offenses detected
Everything looks fine. ⭐

[jvlcek]

I'm pretty sure we have this correctly updated to align with the changes to the dialogs in manageiq.

@himdel @skateman @gtanzillo and @abellotti can each of you please take a quick look?

Thank you! JoeV

[romanblanco]

@skateman tested, Dialog Editor seems to work correctly 👍

[abellotti]

LGTM!! Thanks @jvlcek for fixing this. 👍

[simaishi]

Skipped backport of spec file (which doesn't exist in G branch) as per discussion with @jvlcek

Gaprindashvili backport details:

$ git log -1
commit e1c46824d09267eb9241e9af019bebc8887e181f
Author: Alberto Bellotti <abellotti@users.noreply.github.com>
Date:   Thu Jun 21 11:38:03 2018 -0400

    Merge pull request #396 from jvlcek/bz1590398_mixed_case_userid
    
    Ignore case of the userid when validating it.
    
    (cherry picked from commit 956c0d571a16bc36e2df271ae4cf6a8e802f316c)
    
    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1638501