FIX: more cases of case sensitive group membership in sso

2017-08-11 18:09:22 -04:00 · 2017-08-11 18:09:22 -04:00 · 9813f9f0f8
parent c2016e2bc6
commit 9813f9f0f8
2 changed files with 17 additions and 7 deletions
--- a/app/models/discourse_single_sign_on.rb
+++ b/app/models/discourse_single_sign_on.rb
@ -110,7 +110,7 @@ class DiscourseSingleSignOn < SingleSignOn
    if add_groups
      split = add_groups.split(",").map(&:downcase)
      if split.length > 0
-        Group.where('name in (?) AND NOT automatic', split).pluck(:id).each do |id|
+        Group.where('LOWER(name) in (?) AND NOT automatic', split).pluck(:id).each do |id|
          unless GroupUser.where(group_id: id, user_id: user.id).exists?
            GroupUser.create(group_id: id, user_id: user.id)
          end
@ -119,11 +119,11 @@ class DiscourseSingleSignOn < SingleSignOn
    end

    if remove_groups
-      split = remove_groups.split(",")
+      split = remove_groups.split(",").map(&:downcase)
      if split.length > 0
        GroupUser
          .where(user_id: user.id)
-          .where('group_id IN (SELECT id FROM groups WHERE name in (?))', split)
+          .where('group_id IN (SELECT id FROM groups WHERE LOWER(name) in (?))', split)
          .destroy_all
      end
    end
--- a/spec/models/discourse_single_sign_on_spec.rb
+++ b/spec/models/discourse_single_sign_on_spec.rb
@ -128,9 +128,13 @@ describe DiscourseSingleSignOn do
    add_group1 = Fabricate(:group, name: 'group1')
    add_group2 = Fabricate(:group, name: 'group2')
    existing_group = Fabricate(:group, name: 'group3')
+    add_group4 = Fabricate(:group, name: 'GROUP4')
+    existing_group2 = Fabricate(:group, name: 'GRoup5')

-    existing_group.add(user)
-    existing_group.save!
+    [existing_group, existing_group2].each do |g|
+      g.add(user)
+      g.save!
+    end

    add_group1.add(user)
    existing_group.save!
@ -141,19 +145,25 @@ describe DiscourseSingleSignOn do
    sso.email = user.email
    sso.external_id = "A"

-    sso.add_groups = "#{add_group1.name},#{add_group2.name.capitalize},badname"
-    sso.remove_groups = "#{existing_group.name},badname"
+    sso.add_groups = "#{add_group1.name},#{add_group2.name.capitalize},group4,badname"
+    sso.remove_groups = "#{existing_group.name},#{existing_group2.name.downcase},badname"

    sso.lookup_or_create_user(ip_address)

    existing_group.reload
    expect(existing_group.usernames).to eq("")

+    existing_group2.reload
+    expect(existing_group2.usernames).to eq("")
+
    add_group1.reload
    expect(add_group1.usernames).to eq(user.username)

    add_group2.reload
    expect(add_group2.usernames).to eq(user.username)
+
+    add_group4.reload
+    expect(add_group4.usernames).to eq(user.username)
  end

  it "can override name / email / username" do