Force user_type to UPN when username is a UPN

lib/miq_ldap.rb

@@ -266,18 +266,24 @@ def normalize(dn)
     dn.split(",").collect { |i| i.downcase.strip }.join(",")
   end
 
-  def is_dn?(str)
+  def dn?(str)
     !!(str =~ /^([a-z|0-9|A-Z]+ *=[^,]+[,| ]*)+$/)
   end
 
+  def upn?(str)
+    !!(str =~ /^.+@.+$/)
+  end
+
   def domain_username?(str)
     !!(str =~ /^([a-zA-Z][a-zA-Z0-9.-]+)\\.+$/)
   end
 
   def fqusername(username)
-    return username if self.is_dn?(username) || self.domain_username?(username)
+    return username if dn?(username) || domain_username?(username)
 
     user_type = @user_type.split("-").first
+    return username if user_type != "mail" && upn?(username)
+
     user_prefix = @user_type.split("-").last
     user_prefix = "cn" if user_prefix == "dn"
     case user_type
@@ -286,13 +292,12 @@ def fqusername(username)
       return username
     when "upn", "userprincipalname"
       return username if @user_suffix.blank?
-      return username if username =~ /^.+@.+$/ # already qualified with user@domain
 
       return "#{username}@#{@user_suffix}"
     when "mail"
-      username = "#{username}@#{@user_suffix}" unless @user_suffix.blank? || username =~ /^.+@.+$/
+      username = "#{username}@#{@user_suffix}" unless @user_suffix.blank? || upn?(username)
       dbuser = User.find_by_email(username.downcase)
-      dbuser = User.find_by_userid(username.downcase) unless dbuser
+      dbuser ||= User.find_by_userid(username.downcase)
       return dbuser.userid if dbuser && dbuser.userid
 
       return username
@@ -303,7 +308,12 @@ def fqusername(username)
 
   def get_user_object(username, user_type = nil)
     user_type ||= @user_type.split("-").first
-    user_type = "dn" if self.is_dn?(username)
+    if dn?(username)
+      user_type = "dn"
+    elsif upn?(username)
+      user_type = "upn"
+    end
+
     begin
       search_opts = {:base => @basedn, :scope => :sub, :attributes => ["*", @group_attribute]}
 

spec/lib/miq_ldap_spec.rb

@@ -179,5 +179,74 @@
 
       ldap.get_user_object("myuserid@mycompany.com", "upn")
     end
+
+    it "searches for group membership when username is upn regardless of user_type" do
+      ldap = MiqLdap.new(:host => ["192.0.2.2"])
+      @opts[:attributes] = ["*", "memberof"]
+      expect(ldap).to receive(:search).with(@opts)
+
+      ldap.get_user_object("myuserid@mycompany.com", "bad_user_type")
+    end
+  end
+
+  context "#fqusername" do
+    before do
+      allow(TCPSocket).to receive(:new)
+      @opts = {:host => ["192.0.2.2"], :user_suffix => 'mycompany.com', :domain_prefix => 'my\domain'}
+    end
+
+    it "returns username when username is already a dn" do
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername("cn=myuser,ou=people,ou=prod,dc=example,dc=com")).to eq("cn=myuser,ou=people,ou=prod,dc=example,dc=com")
+    end
+
+    it "returns username when username is a dn with an @ in the dn" do
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername("cn=my@user,ou=people,ou=prod,dc=example,dc=com")).to eq("cn=my@user,ou=people,ou=prod,dc=example,dc=com")
+    end
+
+    it "returns a constructed dn when user type is a dn" do
+      @opts[:user_type] = 'dn'
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername("myuser")).to eq("cn=myuser,mycompany.com")
+    end
+
+    it "returns username when username is already a upn" do
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername("myuserid@mycompany.com")).to eq("myuserid@mycompany.com")
+    end
+
+    it "returns username when username is already a domain username" do
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername('my\domain\myuserid')).to eq('my\domain\myuserid')
+    end
+
+    it "returns username when username is already a upn even if user_type is samaccountname" do
+      @opts[:user_type]   = 'samaccountname'
+      @opts[:user_suffix] = 'not_mycompany.com'
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername("myuserid@mycompany.com")).to eq("myuserid@mycompany.com")
+    end
+
+    it "returns upn when user_type is upn" do
+      @opts[:user_type]   = 'userprincipalname'
+      @opts[:user_suffix] = 'mycompany.com'
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername("myuserid")).to eq("myuserid@mycompany.com")
+    end
+
+    it "returns samaccountname when user_type is samaccountname" do
+      @opts[:user_type] = 'samaccountname'
+      ldap = MiqLdap.new(@opts)
+      expect(ldap.fqusername('myuserid')).to eq('my\domain\myuserid')
+    end
+
+    it "searches for username when user_type is mail even when username is UPN" do
+      @opts[:user_type] = 'mail'
+      ldap = MiqLdap.new(@opts)
+      expect(User).to receive(:find_by_email)
+      expect(User).to receive(:find_by_userid)
+      expect(ldap.fqusername('myuserid@mycompany.com')).to eq('myuserid@mycompany.com')
+    end
   end
 end