Merge "handle unicode names for federated users"

This commit is contained in:
Jenkins 2016-02-19 17:47:49 +00:00 committed by Gerrit Code Review
commit 37999ec7f8
3 changed files with 107 additions and 2 deletions

View File

@ -402,8 +402,14 @@ def get_assertion_params_from_env(context):
LOG.debug('Environment variables: %s', context['environment'])
prefix = CONF.federation.assertion_prefix
for k, v in list(context['environment'].items()):
if k.startswith(prefix):
yield (k, v)
if not k.startswith(prefix):
continue
# These bytes may be decodable as ISO-8859-1 according to Section
# 3.2.4 of RFC 7230. Let's assume that our web server plugins are
# correctly encoding the data.
if not isinstance(v, six.text_type) and getattr(v, 'decode', False):
v = v.decode('ISO-8859-1')
yield (k, v)
class UserType(object):

View File

@ -12,6 +12,10 @@
import uuid
from oslo_config import cfg
from oslo_config import fixture as config_fixture
from oslo_serialization import jsonutils
from keystone.auth.plugins import mapped
from keystone import exception
from keystone.federation import utils as mapping_utils
@ -692,3 +696,52 @@ class MappingRuleEngineTests(unit.BaseTestCase):
self.assertListEqual([], mapped_properties['group_names'])
self.assertItemsEqual(['210mlk', '321cba'],
mapped_properties['group_ids'])
class TestUnicodeAssertionData(unit.BaseTestCase):
"""Ensure that unicode data in the assertion headers works.
Bug #1525250 reported that something was not getting correctly encoded
and/or decoded when assertion data contained non-ASCII characters.
This test class mimics what happens in a real HTTP request.
"""
def setUp(self):
super(TestUnicodeAssertionData, self).setUp()
self.config_fixture = self.useFixture(config_fixture.Config(cfg.CONF))
self.config_fixture.config(group='federation',
assertion_prefix='PFX')
def _pull_mapping_rules_from_the_database(self):
# NOTE(dstanek): In a live system. The rules are dumped into JSON bytes
# before being # stored in the database. Upon retrieval the bytes are
# loaded and the resulting dictionary is full of unicode text strings.
# Most of tests in this file incorrectly assume the mapping fixture
# dictionary is the same as what it would look like coming out of the
# database. The string, when coming out of the database, are all text.
return jsonutils.loads(jsonutils.dumps(
mapping_fixtures.MAPPING_UNICODE))
def _pull_assertion_from_the_request_headers(self):
# NOTE(dstanek): In a live system the bytes for the assertion are
# pulled from the HTTP headers. These bytes may be decodable as
# ISO-8859-1 according to Section 3.2.4 of RFC 7230. Let's assume
# that our web server plugins are correctly encoding the data.
context = dict(environment=mapping_fixtures.UNICODE_NAME_ASSERTION)
data = mapping_utils.get_assertion_params_from_env(context)
# NOTE(dstanek): keystone.auth.plugins.mapped
return dict(data)
def test_unicode(self):
mapping = self._pull_mapping_rules_from_the_database()
assertion = self._pull_assertion_from_the_request_headers()
rp = mapping_utils.RuleProcessor(FAKE_MAPPING_ID, mapping['rules'])
values = rp.process(assertion)
fn = assertion.get('PFX_FirstName')
ln = assertion.get('PFX_LastName')
full_name = '%s %s' % (fn, ln)
user_name = values.get('user', {}).get('name')
self.assertEqual(full_name, user_name)

View File

@ -1,3 +1,5 @@
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
@ -1438,3 +1440,47 @@ GROUP_IDS_ASSERTION_ONLY_ONE_GROUP = {
'group_ids': '321cba',
'group': '210mlk'
}
UNICODE_NAME_ASSERTION = {
'PFX_Email': 'jon@example.com',
'PFX_UserName': 'jonkare',
'PFX_FirstName': 'Jon Kåre',
'PFX_LastName': 'Hellån',
'PFX_orgPersonType': 'Admin;Chief'
}
MAPPING_UNICODE = {
"rules": [
{
"local": [
{
"user": {
"name": "{0} {1}",
"email": "{2}"
},
"group": {
"id": EMPLOYEE_GROUP_ID
}
}
],
"remote": [
{
"type": "PFX_FirstName"
},
{
"type": "PFX_LastName"
},
{
"type": "PFX_Email"
},
{
"type": "PFX_orgPersonType",
"any_one_of": [
"Admin",
"Big Cheese"
]
}
]
},
],
}