Handle group names with encoded special characters #16998
Conversation
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1469589 Group names in the headers at index X-REMOTE-USER-GROUPS need to be decoded in order to handle special characters.
|
@miq-bot add_label bug |
|
@miq-bot add_label authentication |
|
@miq-bot add_label gaprindashvili/yes |
|
@miq-bot assign @abellotti |
|
@jntullo and @abellotti Please review. Thank you! JoeV |
|
LGTM! 👍 |
app/models/authenticator/httpd.rb
Outdated
| @@ -120,7 +120,7 @@ def user_details_from_headers(username, request) | |||
| :lastname => request.headers['X-REMOTE-USER-LASTNAME'], | |||
| :email => request.headers['X-REMOTE-USER-EMAIL'], | |||
| :domain => request.headers['X-REMOTE-USER-DOMAIN']} | |||
| [user_attrs, (request.headers['X-REMOTE-USER-GROUPS'] || '').split(/[;:,]/)] | |||
| [user_attrs, (CGI.unescape(request.headers['X-REMOTE-USER-GROUPS']) || '').split(/[;:,]/)] | |||
There was a problem hiding this comment.
we need to check that the request.headers['X-REMOTE-USER-GROUPS'] is present? first before we can do the CGI.unescape, otherwise, ugly stack trace.
There was a problem hiding this comment.
@abellotti Good catch. I had the check || '' on the wrong side of the )
I just posted the commit withe the fix and an additional test in the spec to
confirm the handling of nil groups.
Thannk you! JoeV
|
Checked commits jvlcek/manageiq@5963f38~...a023437 with ruby 2.3.3, rubocop 0.52.0, haml-lint 0.20.0, and yamllint 1.10.0 app/models/authenticator/httpd.rb
|
|
LGTM!! Thanks @jvlcek for doing the update. will merge when 🍏 |
Handle group names with encoded special characters (cherry picked from commit dfc9c90) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1552792
|
Gaprindashvili backport details: |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1469589
Group names in the headers at index X-REMOTE-USER-GROUPS need to
be decoded in order to handle special characters.
Steps for Testing/QA