Merge "handle unicode names for federated users"
This commit is contained in:
commit
37999ec7f8
|
@ -402,8 +402,14 @@ def get_assertion_params_from_env(context):
|
|||
LOG.debug('Environment variables: %s', context['environment'])
|
||||
prefix = CONF.federation.assertion_prefix
|
||||
for k, v in list(context['environment'].items()):
|
||||
if k.startswith(prefix):
|
||||
yield (k, v)
|
||||
if not k.startswith(prefix):
|
||||
continue
|
||||
# These bytes may be decodable as ISO-8859-1 according to Section
|
||||
# 3.2.4 of RFC 7230. Let's assume that our web server plugins are
|
||||
# correctly encoding the data.
|
||||
if not isinstance(v, six.text_type) and getattr(v, 'decode', False):
|
||||
v = v.decode('ISO-8859-1')
|
||||
yield (k, v)
|
||||
|
||||
|
||||
class UserType(object):
|
||||
|
|
|
@ -12,6 +12,10 @@
|
|||
|
||||
import uuid
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_config import fixture as config_fixture
|
||||
from oslo_serialization import jsonutils
|
||||
|
||||
from keystone.auth.plugins import mapped
|
||||
from keystone import exception
|
||||
from keystone.federation import utils as mapping_utils
|
||||
|
@ -692,3 +696,52 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||
self.assertListEqual([], mapped_properties['group_names'])
|
||||
self.assertItemsEqual(['210mlk', '321cba'],
|
||||
mapped_properties['group_ids'])
|
||||
|
||||
|
||||
class TestUnicodeAssertionData(unit.BaseTestCase):
|
||||
"""Ensure that unicode data in the assertion headers works.
|
||||
|
||||
Bug #1525250 reported that something was not getting correctly encoded
|
||||
and/or decoded when assertion data contained non-ASCII characters.
|
||||
|
||||
This test class mimics what happens in a real HTTP request.
|
||||
"""
|
||||
|
||||
def setUp(self):
|
||||
super(TestUnicodeAssertionData, self).setUp()
|
||||
self.config_fixture = self.useFixture(config_fixture.Config(cfg.CONF))
|
||||
self.config_fixture.config(group='federation',
|
||||
assertion_prefix='PFX')
|
||||
|
||||
def _pull_mapping_rules_from_the_database(self):
|
||||
# NOTE(dstanek): In a live system. The rules are dumped into JSON bytes
|
||||
# before being # stored in the database. Upon retrieval the bytes are
|
||||
# loaded and the resulting dictionary is full of unicode text strings.
|
||||
# Most of tests in this file incorrectly assume the mapping fixture
|
||||
# dictionary is the same as what it would look like coming out of the
|
||||
# database. The string, when coming out of the database, are all text.
|
||||
return jsonutils.loads(jsonutils.dumps(
|
||||
mapping_fixtures.MAPPING_UNICODE))
|
||||
|
||||
def _pull_assertion_from_the_request_headers(self):
|
||||
# NOTE(dstanek): In a live system the bytes for the assertion are
|
||||
# pulled from the HTTP headers. These bytes may be decodable as
|
||||
# ISO-8859-1 according to Section 3.2.4 of RFC 7230. Let's assume
|
||||
# that our web server plugins are correctly encoding the data.
|
||||
context = dict(environment=mapping_fixtures.UNICODE_NAME_ASSERTION)
|
||||
data = mapping_utils.get_assertion_params_from_env(context)
|
||||
# NOTE(dstanek): keystone.auth.plugins.mapped
|
||||
return dict(data)
|
||||
|
||||
def test_unicode(self):
|
||||
mapping = self._pull_mapping_rules_from_the_database()
|
||||
assertion = self._pull_assertion_from_the_request_headers()
|
||||
|
||||
rp = mapping_utils.RuleProcessor(FAKE_MAPPING_ID, mapping['rules'])
|
||||
values = rp.process(assertion)
|
||||
|
||||
fn = assertion.get('PFX_FirstName')
|
||||
ln = assertion.get('PFX_LastName')
|
||||
full_name = '%s %s' % (fn, ln)
|
||||
user_name = values.get('user', {}).get('name')
|
||||
self.assertEqual(full_name, user_name)
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
|
@ -1438,3 +1440,47 @@ GROUP_IDS_ASSERTION_ONLY_ONE_GROUP = {
|
|||
'group_ids': '321cba',
|
||||
'group': '210mlk'
|
||||
}
|
||||
|
||||
UNICODE_NAME_ASSERTION = {
|
||||
'PFX_Email': 'jon@example.com',
|
||||
'PFX_UserName': 'jonkare',
|
||||
'PFX_FirstName': 'Jon Kåre',
|
||||
'PFX_LastName': 'Hellån',
|
||||
'PFX_orgPersonType': 'Admin;Chief'
|
||||
}
|
||||
|
||||
MAPPING_UNICODE = {
|
||||
"rules": [
|
||||
{
|
||||
"local": [
|
||||
{
|
||||
"user": {
|
||||
"name": "{0} {1}",
|
||||
"email": "{2}"
|
||||
},
|
||||
"group": {
|
||||
"id": EMPLOYEE_GROUP_ID
|
||||
}
|
||||
}
|
||||
],
|
||||
"remote": [
|
||||
{
|
||||
"type": "PFX_FirstName"
|
||||
},
|
||||
{
|
||||
"type": "PFX_LastName"
|
||||
},
|
||||
{
|
||||
"type": "PFX_Email"
|
||||
},
|
||||
{
|
||||
"type": "PFX_orgPersonType",
|
||||
"any_one_of": [
|
||||
"Admin",
|
||||
"Big Cheese"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
],
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue