Revision 2ef6f4da
Added by Daniel Lobato Garcia over 8 years ago
test/unit/user_test.rb | ||
---|---|---|
end
|
||
end
|
||
|
||
test ".try_to_login if password is empty should return nil" do
|
||
assert_nil User.try_to_login("anything", "")
|
||
end
|
||
|
||
context "try to login" do
|
||
test "when password is empty should return nil" do
|
||
assert_nil User.try_to_login("anything", "")
|
||
... | ... | |
|
||
context 'auto create users' do
|
||
setup do
|
||
ldap_attrs = { :firstname => "Foo", :lastname => "Bar", :mail => "baz@qux.com" }
|
||
AuthSourceLdap.any_instance.stubs(:authenticate).
|
||
returns(ldap_attrs)
|
||
ldap_attrs = { :firstname => "Foo", :lastname => "Bar", :mail => "baz@qux.com",
|
||
:login => 'FoOBaR' }
|
||
AuthSourceLdap.any_instance.stubs(:authenticate).returns(ldap_attrs)
|
||
@ldap_server = AuthSource.find_by_name("ldap-server")
|
||
end
|
||
|
||
test "enabled on-the-fly registration" do
|
||
AuthSourceLdap.any_instance.expects(:update_usergroups).
|
||
with('fakeuser').returns(true)
|
||
with('FoOBaR').returns(true)
|
||
@ldap_server.update_attribute(:onthefly_register, true)
|
||
assert_difference("User.count", 1) do
|
||
assert User.try_to_auto_create_user('fakeuser','fakepass')
|
||
assert User.try_to_auto_create_user('foobar','fakepass')
|
||
end
|
||
end
|
||
|
||
test "disabled on-the-fly registration" do
|
||
@ldap_server.update_attribute(:onthefly_register, false)
|
||
assert_difference("User.count", 0) do
|
||
refute User.try_to_auto_create_user('fakeuser','fakepass')
|
||
refute User.try_to_auto_create_user('foobar','fakepass')
|
||
end
|
||
end
|
||
|
||
test "use LDAP login attribute as login" do
|
||
AuthSourceLdap.any_instance.expects(:update_usergroups).
|
||
with('FoOBaR').returns(true)
|
||
created_user = User.try_to_auto_create_user('foobar','fakepass')
|
||
assert_equal created_user.login, "FoOBaR"
|
||
end
|
||
end
|
||
|
||
context "editing self?" do
|
Also available in: Unified diff
Fixes #11407 - Uppercase logins from LDAP break external user group sync
On LDAP the login can contain uppercase chars, for instance, "FOO". However
when we log in Foreman for the first time and have that account auto-created,
we can login using "foo". After that, our login will be saved as "foo" on
Foreman.
When a user group that contains said group is refreshed, we pull the names
from LDAP, auth_source.users_in_group(name). This will return an array
containing "FOO". After that, we will call usergroup.add_users(["FOO"])
which in turn calls User.where(:login => ["FOO"]). This will be empty since
our login in the database is "foo".
This commit fixes this issue in two places:
One, by saving the login as it comes from LDAP (case aware), so that
in the previous example 'FOO' would've been saved even if the user had
try to login as 'foo'.