Revision 2ef6f4da
Added by Daniel Lobato Garcia over 8 years ago
app/models/user.rb | ||
---|---|---|
logger.debug("Updating user #{user.login} attributes from auth source: #{attrs.keys}")
|
||
user.update_attributes(valid_attrs)
|
||
end
|
||
user.auth_source.update_usergroups(login)
|
||
user.auth_source.update_usergroups(user.login)
|
||
end
|
||
|
||
# clean up old avatar if it exists and the image isn't in use by anyone else
|
||
... | ... | |
if (attrs = AuthSource.authenticate(login, password))
|
||
attrs.delete(:dn)
|
||
user = new(attrs)
|
||
user.login = login
|
||
# The default user can't auto create users, we need to change to Admin for this to work
|
||
User.as_anonymous_admin do
|
||
if user.save
|
||
AuthSource.find(attrs[:auth_source_id]).update_usergroups(login)
|
||
AuthSource.find(attrs[:auth_source_id]).update_usergroups(user.login)
|
||
logger.info "User '#{user.login}' auto-created from #{user.auth_source}"
|
||
else
|
||
logger.info "Failed to save User '#{user.login}' #{user.errors.full_messages}"
|
Also available in: Unified diff
Fixes #11407 - Uppercase logins from LDAP break external user group sync
On LDAP the login can contain uppercase chars, for instance, "FOO". However
when we log in Foreman for the first time and have that account auto-created,
we can login using "foo". After that, our login will be saved as "foo" on
Foreman.
When a user group that contains said group is refreshed, we pull the names
from LDAP, auth_source.users_in_group(name). This will return an array
containing "FOO". After that, we will call usergroup.add_users(["FOO"])
which in turn calls User.where(:login => ["FOO"]). This will be empty since
our login in the database is "foo".
This commit fixes this issue in two places:
One, by saving the login as it comes from LDAP (case aware), so that
in the previous example 'FOO' would've been saved even if the user had
try to login as 'foo'.