Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Normalize the username entered at login to lowercase #15716

Merged
merged 2 commits into from
Aug 7, 2017
Merged

Normalize the username entered at login to lowercase #15716

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
88a312c
Normalize the username entered at login to lowercase
jvlcek Aug 2, 2017
ce0513c
Handle no all lowercase userid record found
jvlcek Aug 4, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions app/models/authenticator/base.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ def authorize(taskid, username, *args)

matching_groups = match_groups(groups_for(identity))
userid = userid_for(identity, username)
user = User.in_my_region.find_or_initialize_by(:userid => userid)
user = find_or_initialize_user(userid)
update_user_attributes(user, username, identity)
user.miq_groups = matching_groups

Expand Down Expand Up @@ -148,6 +148,12 @@ def authorize(taskid, username, *args)
end
end

def find_or_initialize_user(userid)
user = User.find_by_userid(userid)
user ||= User.in_my_region.where('lower(userid) = ?', userid).order(:lastlogon).last
user || User.new(:userid => userid)
end

def authenticate_with_http_basic(username, password, request = nil, options = {})
options[:require_user] ||= false
user, username = find_by_principalname(username)
Expand Down Expand Up @@ -270,7 +276,7 @@ def autocreate_user(_username)
end

def normalize_username(username)
username
username.downcase
end
end
end
44 changes: 36 additions & 8 deletions spec/models/authenticator/httpd_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,8 +190,8 @@ def authenticate
end
end

context "with unknown username" do
let(:username) { 'bob' }
context "with unknown username in mixed case" do
let(:username) { 'bOb' }
let(:headers) do
super().merge('X-Remote-User-FullName' => 'Bob Builderson',
'X-Remote-User-Email' => 'bob@example.com')
Expand All @@ -205,12 +205,12 @@ def authenticate
it "records one successful and one failing audit entry" do
expect(AuditEvent).to receive(:success).with(
:event => 'authenticate_httpd',
:userid => 'bob',
:userid => 'bOb',
:message => "User bob successfully validated by External httpd",
)
expect(AuditEvent).to receive(:failure).with(
:event => 'authenticate_httpd',
:userid => 'bob',
:userid => 'bOb',
:message => "User bob authenticated but not defined in EVM",
)
authenticate rescue nil
Expand All @@ -233,12 +233,12 @@ def authenticate
it "records two successful audit entries" do
expect(AuditEvent).to receive(:success).with(
:event => 'authenticate_httpd',
:userid => 'bob',
:userid => 'bOb',
:message => "User bob successfully validated by External httpd",
)
expect(AuditEvent).to receive(:success).with(
:event => 'authenticate_httpd',
:userid => 'bob',
:userid => 'bOb',
:message => "Authentication successful for user bob",
)
expect(AuditEvent).not_to receive(:failure)
Expand Down Expand Up @@ -268,12 +268,12 @@ def authenticate
it "records two successful audit entries plus one failure" do
expect(AuditEvent).to receive(:success).with(
:event => 'authenticate_httpd',
:userid => 'bob',
:userid => 'bOb',
:message => "User bob successfully validated by External httpd",
)
expect(AuditEvent).to receive(:success).with(
:event => 'authenticate_httpd',
:userid => 'bob',
:userid => 'bOb',
:message => "Authentication successful for user bob",
)
expect(AuditEvent).to receive(:failure).with(
Expand Down Expand Up @@ -363,5 +363,33 @@ def authenticate
end
end
end

context "with a userid record in mixed case" do
let!(:testuser_mixedcase) { FactoryGirl.create(:user, :userid => 'TestUser') }
let(:username) { 'testuser' }
let(:headers) do
super().merge('X-Remote-User-FullName' => 'Test User',
'X-Remote-User-Email' => 'testuser@example.com')
end

context "using external authorization" do
let(:config) { {:httpd_role => true} }

it "records two successful audit entries" do
expect(AuditEvent).to receive(:success).with(
:event => 'authenticate_httpd',
:userid => 'testuser',
:message => "User testuser successfully validated by External httpd",
)
expect(AuditEvent).to receive(:success).with(
:event => 'authenticate_httpd',
:userid => 'testuser',
:message => "Authentication successful for user testuser",
)
expect(AuditEvent).not_to receive(:failure)
authenticate
end
end
end
end
end