Catch potential SyntaxError in federation mapping
When using the 'groups' keyword in a federation mapping, the value passed in the assertion map be a simple string with a space. For example, "ALL USERS". This results in ast.literal_eval() raising a SyntaxError and not ValueError, which bubbles up to the API as an uncaught 500 Internal Server Error. Change-Id: I61f93a6c54b62ba8719d2603f93dc18c33b581ce Closes-Bug: #1629446
This commit is contained in:
parent
386726d7a6
commit
9e1e2c2156
@ -615,7 +615,7 @@ class RuleProcessor(object):
|
||||
try:
|
||||
group_names_list = ast.literal_eval(
|
||||
identity_value['groups'])
|
||||
except ValueError:
|
||||
except (ValueError, SyntaxError):
|
||||
group_names_list = [identity_value['groups']]
|
||||
domain = identity_value['domain']
|
||||
group_dicts = [{'name': name, 'domain': domain} for name in
|
||||
|
@ -682,6 +682,24 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
||||
rp.process,
|
||||
assertion)
|
||||
|
||||
def test_rule_engine_groups_mapping_only_one_group(self):
|
||||
"""Test mapping engine when groups is explicitly set.
|
||||
|
||||
If the groups list has only one group,
|
||||
test if the transformation is done correctly
|
||||
|
||||
"""
|
||||
mapping = mapping_fixtures.MAPPING_GROUPS_WITH_EMAIL
|
||||
assertion = mapping_fixtures.GROUPS_ASSERTION_ONLY_ONE_GROUP
|
||||
rp = mapping_utils.RuleProcessor(FAKE_MAPPING_ID, mapping['rules'])
|
||||
mapped_properties = rp.process(assertion)
|
||||
self.assertIsNotNone(mapped_properties)
|
||||
self.assertEqual('jsmith', mapped_properties['user']['name'])
|
||||
self.assertEqual('jill@example.com',
|
||||
mapped_properties['user']['email'])
|
||||
self.assertEqual('ALL USERS',
|
||||
mapped_properties['group_names'][0]['name'])
|
||||
|
||||
def test_rule_engine_group_ids_mapping_whitelist(self):
|
||||
"""Test mapping engine when group_ids is explicitly set.
|
||||
|
||||
|
@ -1401,6 +1401,38 @@ MAPPING_BAD_LOCAL_SETUP = {
|
||||
]
|
||||
}
|
||||
|
||||
MAPPING_GROUPS_WITH_EMAIL = {
|
||||
"rules": [
|
||||
{
|
||||
"remote": [
|
||||
{
|
||||
"type": "groups",
|
||||
},
|
||||
{
|
||||
"type": "userEmail",
|
||||
},
|
||||
{
|
||||
"type": "UserName"
|
||||
}
|
||||
],
|
||||
"local": [
|
||||
{
|
||||
"groups": "{0}",
|
||||
"domain": {
|
||||
"id": DEVELOPER_GROUP_DOMAIN_ID
|
||||
}
|
||||
},
|
||||
{
|
||||
"user": {
|
||||
"name": "{2}",
|
||||
"email": "{1}"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
EMPLOYEE_ASSERTION = {
|
||||
'Email': 'tim@example.com',
|
||||
'UserName': 'tbo',
|
||||
@ -1553,6 +1585,12 @@ UNICODE_NAME_ASSERTION = {
|
||||
'PFX_orgPersonType': 'Admin;Chief'
|
||||
}
|
||||
|
||||
GROUPS_ASSERTION_ONLY_ONE_GROUP = {
|
||||
'userEmail': 'jill@example.com',
|
||||
'UserName': 'jsmith',
|
||||
'groups': 'ALL USERS'
|
||||
}
|
||||
|
||||
MAPPING_UNICODE = {
|
||||
"rules": [
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user