Ensure user name is set even when common LDAP attributes are missing.

[jvlcek]

Addresses:
https://bugzilla.redhat.com/show_bug.cgi?id=1400567

Description of problem:

Currently, if an administrator has configured users in LDAP without the common
but not required attribute displayName, login to MiQ fails for those users.

This PR adds functionality to set the user name to something other than displayName
when it is missing. The user name is used by MiQ to display a header with the name
of the logged in user.

Two attempts to set the user name are made.
The first attempt will try to use the LDAP attributes for first and last name. Which are readable but also optional. Failing that the second attempt will use the userid, which is less attractive
but more foolproof.

Description of solution implementation:

This could have been solved by adjusting for an empty user name in the single app/models/authenticator.rb. However this resulted in other authentication
mechanisms exercising code that is limited to ldap and httpd authenticators.

The solution presented solves the problem in both the ldap and httpd authenticators.
Because the ldap authenticator code is being EOLed the end result will, in the near
future, have the solution in a single place, the httpd authenticators.

Steps for Testing/QA

Test 1:
Attempt to log in to MiQ with an LDAP user who's displayName attribute has been deleted.

Test 2:
Attempt to log in to MiQ with an LDAP user who's displayName, sn and givenName attributes have been deleted.

These test should be repeated using both the MiQLdap client and External Auth

[jvlcek]

@abellotti and @kbrock Please review.

@abellotti After consideration I have decided that your initial idea of solving this in both the ldap and httpd authenticators is the better way to go. Please see my description above.

Thank you! JoeV

[miq-bot]

Checked commit jvlcek@52f02f5 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
4 files checked, 0 offenses detected
Everything looks good. 🏆

[kbrock]

Like where you put the code and how the tests turned out.

Like how each authenticator fully owns populating the user record for their own domain

[kbrock]

I like how test tests turned out joe

[Fryguy]

LGTM

[abellotti]

Nice Enhancement @jvlcek LGTM!! 👍

[gtanzillo]

👍 Thanks @jvlcek!

[yada]

FYI : work for us, tested using ldap only.
Using an empty DisplayName, audit.log report 👍
[----] I, [2017-03-03T17:13:46.226748 #127921:112faec] INFO -- Success: MIQ(Authenticator.authenticate) userid: [TestRHELFixRN] - User testrhelfixrn@domain successfully validated by LDAP
[----] I, [2017-03-03T17:13:46.561999 #127921:112faec] INFO -- Success: MIQ(Authenticator.authenticate) userid: [TestRHELFixRN] - Authentication successful for user testrhelfixrn@domain
[----] I, [2017-03-03T17:13:46.866443 #127896:113bae0] INFO -- Success: MIQ(Authenticator.authenticate) userid: [TestRHELFixRN] - User testrhelfixrn@domain successfully validated by LDAP
[----] I, [2017-03-03T17:13:47.036887 #127896:113bae0] INFO -- Success: MIQ(Authenticator.authenticate) userid: [TestRHELFixRN] - Authentication successful for user testrhelfixrn@domain

[abellotti]

Thanks @yada for testing it out.

[jvlcek]

Yes, Thank you @yada !

[simaishi]

Euwe backport details:

$ git log -1
commit 38ee936ca7613f501f0bb0d9283229a30ff2ab5f
Author: Alberto Bellotti <abellotti@users.noreply.github.com>
Date:   Thu Mar 2 17:34:53 2017 -0500

    Merge pull request #14142 from jvlcek/bz1400567_RFE_LDAP_no_displayname
    
    Ensure user name is set even when common LDAP attributes are missing.
    (cherry picked from commit b502d512dcb37ea6c34f8d0bcd84e5b489a6b311)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1428859