[Rt-commit] rt branch, 4.4/canonicalize-user-info-skip-empty-search-values, created. rt-4.4.3-59-g745066ab7

Tue Oct 9 17:18:07 EDT 2018

The branch, 4.4/canonicalize-user-info-skip-empty-search-values has been created
        at  745066ab79ba263d18a31f9b8f3b87653b50f670 (commit)

- Log -----------------------------------------------------------------
commit 344991a46f2fc3ef3d860754a7f19afec1a6097a
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Oct 9 21:59:47 2018 +0800

    Don't search empty attribute values in CanonicalizeUserInfoFromExternalAuth
    
    We want to get user info via real key/value pairs. Empty values are not
    just useless, but also could be harmful, e.g. it could cause LDAP
    external source to return all the user entries.

diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index ca47377cf..daae994e7 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -763,7 +763,7 @@ sub CanonicalizeUserInfoFromExternalAuth {
         foreach my $rt_attr (@{$config->{'attr_match_list'}}) {
             # Jump to the next attr in $args if this one isn't in the attr_match_list
             $RT::Logger->debug( "Attempting to use this canonicalization key:",$rt_attr);
-            unless(defined($args->{$rt_attr})) {
+            unless( ($args->{$rt_attr} // '') =~ /\S/ ) {
                 $RT::Logger->debug("This attribute (",
                                     $rt_attr,
                                     ") is null or incorrectly defined in the attr_map for this service (",

commit 745066ab79ba263d18a31f9b8f3b87653b50f670
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Oct 9 22:42:49 2018 +0800

    Test admin user create pages with external LDAP info

diff --git a/t/externalauth/ldap.t b/t/externalauth/ldap.t
index 1e0516fab..0d1a7c2af 100644
--- a/t/externalauth/ldap.t
+++ b/t/externalauth/ldap.t
@@ -93,6 +93,43 @@ diag "test redirect after login";
     is( $m->uri, $baseurl . '/SelfService/Closed.html' );
 }
 
+diag "test admin user create";
+{
+    $m->logout;
+    ok( $m->login );
+    $m->get_ok( $baseurl . '/Admin/Users/Modify.html?Create=1', 'user create page' );
+
+    my $username = 'testuser2';
+    $m->submit_form(
+        form_name => 'UserCreate',
+        fields    => { Name => $username },
+    );
+    $m->text_contains( 'User could not be created: Could not set user info' );
+    $m->text_lacks( 'User could not be created: Name in use' );
+
+    my $entry = {
+        cn           => $username,
+        mail         => "$username\@invalid.tld",
+        uid          => $username,
+        objectClass  => 'User',
+        userPassword => 'password',
+    };
+    $ldap->add( $base );
+    my $dn = "uid=$username,$base";
+    $ldap->add( $dn, attr => [ %$entry ] );
+
+    $m->submit_form(
+        form_name => 'UserCreate',
+        fields    => { Name => '', EmailAddress => "$username\@invalid.tld" },
+    );
+    $m->text_contains( 'User created' );
+    my ( $id ) = ( $m->uri =~ /id=(\d+)/ );
+    my $user = RT::User->new( RT->SystemUser );
+    $user->Load( $id );
+    is( $user->EmailAddress, "$username\@invalid.tld", 'email is not changed' );
+    is( $user->Name, $username, 'got canonicalized Name' );
+}
+
 $ldap->unbind();
 
 done_testing;

-----------------------------------------------------------------------
