IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: more cases of case sensitive group membership in sso

Browse Source
This commit is contained in:
Neil Lalonde 2017-08-11 18:09:22 -04:00
parent c2016e2bc6
commit 9813f9f0f8
2 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/discourse_single_sign_on.rb
View File

@ -110,7 +110,7 @@ class DiscourseSingleSignOn < SingleSignOn
if add_groups if add_groups
split = add_groups.split(",").map(&:downcase) split = add_groups.split(",").map(&:downcase)
if split.length > 0 if split.length > 0
Group.where('name in (?) AND NOT automatic', split).pluck(:id).each do |id| Group.where('LOWER(name) in (?) AND NOT automatic', split).pluck(:id).each do |id|
unless GroupUser.where(group_id: id, user_id: user.id).exists? unless GroupUser.where(group_id: id, user_id: user.id).exists?
GroupUser.create(group_id: id, user_id: user.id) GroupUser.create(group_id: id, user_id: user.id)
end end
@ -119,11 +119,11 @@ class DiscourseSingleSignOn < SingleSignOn
end end
if remove_groups if remove_groups
split = remove_groups.split(",") split = remove_groups.split(",").map(&:downcase)
if split.length > 0 if split.length > 0
GroupUser GroupUser
.where(user_id: user.id) .where(user_id: user.id)
.where('group_id IN (SELECT id FROM groups WHERE name in (?))', split) .where('group_id IN (SELECT id FROM groups WHERE LOWER(name) in (?))', split)
.destroy_all .destroy_all
end end
end end

18
spec/models/discourse_single_sign_on_spec.rb
View File

@ -128,9 +128,13 @@ describe DiscourseSingleSignOn do
add_group1 = Fabricate(:group, name: 'group1') add_group1 = Fabricate(:group, name: 'group1')
add_group2 = Fabricate(:group, name: 'group2') add_group2 = Fabricate(:group, name: 'group2')
existing_group = Fabricate(:group, name: 'group3') existing_group = Fabricate(:group, name: 'group3')
add_group4 = Fabricate(:group, name: 'GROUP4')
existing_group2 = Fabricate(:group, name: 'GRoup5')
existing_group.add(user) [existing_group, existing_group2].each do |g|
existing_group.save! g.add(user)
g.save!
end
add_group1.add(user) add_group1.add(user)
existing_group.save! existing_group.save!
@ -141,19 +145,25 @@ describe DiscourseSingleSignOn do
sso.email = user.email sso.email = user.email
sso.external_id = "A" sso.external_id = "A"
sso.add_groups = "#{add_group1.name},#{add_group2.name.capitalize},badname" sso.add_groups = "#{add_group1.name},#{add_group2.name.capitalize},group4,badname"
sso.remove_groups = "#{existing_group.name},badname" sso.remove_groups = "#{existing_group.name},#{existing_group2.name.downcase},badname"
sso.lookup_or_create_user(ip_address) sso.lookup_or_create_user(ip_address)
existing_group.reload existing_group.reload
expect(existing_group.usernames).to eq("") expect(existing_group.usernames).to eq("")
existing_group2.reload
expect(existing_group2.usernames).to eq("")
add_group1.reload add_group1.reload
expect(add_group1.usernames).to eq(user.username) expect(add_group1.usernames).to eq(user.username)
add_group2.reload add_group2.reload
expect(add_group2.usernames).to eq(user.username) expect(add_group2.usernames).to eq(user.username)
add_group4.reload
expect(add_group4.usernames).to eq(user.username)
end end
it "can override name / email / username" do it "can override name / email / username" do