Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FINE] Normalize the username entered at login to lowercase #15796

Merged
merged 1 commit into from
Aug 11, 2017
Merged

[FINE] Normalize the username entered at login to lowercase #15796

merged 1 commit into from
Aug 11, 2017

Conversation

jvlcek
Copy link
Member

@jvlcek jvlcek commented Aug 11, 2017

https://bugzilla.redhat.com/show_bug.cgi?id=1480654

This is a cherry pick from 88a312c
The cherry pick was not clean and had to be finished manually due to layout change of affected files.

LDAP does a case sensitive match of the user name but AD will
do a case insensitive match. By normalizing the userid to
lowercase when using external auth both backed to either
an LDAP directory or AD both will authenticate but only one DB
record, in all lowercase, will be created, even if the user
attempted to login with a mixed case username when backed to AD.

Upstream BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1448787

Steps for Testing/QA

Test the AD case:

  1. Configure an appliance to use authentication Mode: External (httpd) to an AD directory
  2. Attempt to login to an appliance with a valid username in mixed case, e.g.: tEsTuSeR1
  3. Confirm one user record, with the userid in lowercase, was created.
  4. Attempt to login again with a valid username in mixed case but different from step 1. e.g. TestUser1
  5. Repeat step 3 with the same username but varying which letters in the username are upper and which are lowercase
  6. Confirm the user can log in but only one DB record, with the userid in lowercase, is created.

Test the LDAP case:

  1. Configure an appliance to use authentication Mode: External (httpd) to an LDAP directory
  2. Attempt to login to an appliance with a valid username, the case must match what is in the LDAP directory because LDAP does a case sensitive lookup
  3. Confirm one user record, with the userid in lowercase, was created.
  4. Confirm attempts to login to the appliance with the case of the username not matching what is in LDAP fail

@jvlcek
Normalize the username entered at login to lowercase
344df3a 
https://bugzilla.redhat.com/show_bug.cgi?id=1480654

This is a cherry pick from 88a312c
The cherry pick was not clean and had to be finished manually due to layout change of affected files.

LDAP does a case sensitive match of the user name but AD will
do a case insensitive match. By normalizing the userid to
lowercase when using external auth both backed to either
an LDAP directory or AD both will authenticate but only one DB
record, in all lowercase, will be created, even if the user
attempted to login with a mixed case username when backed to AD.

https://bugzilla.redhat.com/show_bug.cgi?id=1448787
@jvlcek
Copy link
Member Author

jvlcek commented Aug 11, 2017

@simaishi and @gtanzillo Here is the Fine PR for #15716 (comment)

@jvlcek
Copy link
Member Author

jvlcek commented Aug 11, 2017

@miq-bot add_labels authentication, bug

@miq-bot miq-bot changed the title Normalize the username entered at login to lowercase [FINE] Normalize the username entered at login to lowercase Aug 11, 2017
@simaishi simaishi self-assigned this Aug 11, 2017
@miq-bot
Copy link
Member

miq-bot commented Aug 11, 2017

Checked commit jvlcek@344df3a with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
2 files checked, 1 offense detected

app/models/authenticator.rb

gtanzillo
gtanzillo approved these changes Aug 11, 2017
View reviewed changes
Copy link
Member

@gtanzillo gtanzillo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 LGTM. Thanks @jvlcek!

@simaishi simaishi merged commit 070c246 into ManageIQ:fine Aug 11, 2017
@simaishi simaishi added this to the Sprint 67 Ending Aug 21, 2017 milestone Aug 11, 2017
@simaishi simaishi mentioned this pull request Aug 11, 2017
Merged
@jvlcek jvlcek deleted the fine_bz1448787_dup_case branch November 10, 2017 19:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gtanzillo gtanzillo gtanzillo approved these changes

Assignees

@simaishi simaishi

Labels
bug core/authentication
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jvlcek @miq-bot @gtanzillo @simaishi