Merge pull request #12752 from jvlcek/bz1394425_domain

Remove the FQDN from group names for ext auth. (cherry picked from commit 2f64834) https://bugzilla.redhat.com/show_bug.cgi?id=1394425
ManageIQ · Nov 21, 2016 · 0323f78 · 0323f78
1 parent 350db01
commit 0323f78
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 3 deletions.
diff --git a/app/models/authenticator/httpd.rb b/app/models/authenticator/httpd.rb
@@ -36,7 +36,7 @@ def find_external_identity(_username, user_attrs, membership_list)
 
     def groups_for(identity)
       _user_attrs, membership_list = identity
-      membership_list
+      MiqGroup.strip_group_domains(membership_list)
     end
 
     def update_user_attributes(user, _username, identity)

diff --git a/app/models/miq_group.rb b/app/models/miq_group.rb
@@ -93,6 +93,10 @@ def self.seed
     end
   end
 
+  def self.strip_group_domains(group_list)
+    group_list.collect { |group| group.gsub(/@.*/, '') }
+  end
+
   def self.get_ldap_groups_by_user(user, bind_dn, bind_pwd)
     auth = VMDB::Config.new("vmdb").config[:authentication]
     auth[:group_memberships_max_depth] ||= User::DEFAULT_GROUP_MEMBERSHIPS_MAX_DEPTH
@@ -124,7 +128,7 @@ def self.get_httpd_groups_by_user(user)
     rescue => err
       raise _("Unable to get groups for user %{user_name} - %{error}") % {:user_name => username, :error => err}
     end
-    user_groups.first
+    strip_group_domains(user_groups.first)
   end
 
   def get_filters(type = nil)

diff --git a/spec/models/authenticator/httpd_spec.rb b/spec/models/authenticator/httpd_spec.rb
@@ -64,7 +64,7 @@ def authenticate
     end
 
     let(:username) { 'alice' }
-    let(:user_groups) { 'wibble:bubble' }
+    let(:user_groups) { 'wibble@fqdn:bubble@fqdn' }
 
     context "with user details" do
       context "using local authorization" do

diff --git a/spec/models/miq_group_spec.rb b/spec/models/miq_group_spec.rb
@@ -82,6 +82,15 @@
 
       expect(MiqGroup.get_httpd_groups_by_user('user')).to eq(memberships.first)
     end
+
+    it "should remove FQDN from the groups by user name with external authentication" do
+      ifp_memberships = [%w(foo@fqdn bar@fqdn)]
+      memberships = [%w(foo bar)]
+
+      allow(@ifp_interface).to receive(:GetUserGroups).with('user').and_return(ifp_memberships)
+
+      expect(MiqGroup.get_httpd_groups_by_user('user')).to eq(memberships.first)
+    end
   end
 
   describe "#get_ldap_groups_by_user" do