Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

auth: Treat emails case-insensitively in ExternalAuthResult. 

Our intent throughout the codebase is to treat email
case-insensitively.
The only codepath affected by this bug is remote_user_sso, as that's the
only one that currently passes potentially both a user_profile and
ExternalAuthDataDict when creating the ExternalAuthResult. That's why we
add a test specifically for that codepath.
This commit is contained in:
Mateusz Mandera 2020-08-05 16:40:41 +02:00 committed by Tim Abbott
parent d512594382
commit 15752067dc
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
zerver/tests/test_auth_backends.py
View File

@ -3660,6 +3660,14 @@ class TestZulipRemoteUserBackend(DesktopFlowTestingLib, ZulipTestCase):
self.assertEqual(result.status_code, 302) self.assertEqual(result.status_code, 302)
self.assert_logged_in_user_id(user_profile.id) self.assert_logged_in_user_id(user_profile.id)
def test_login_case_insensitive(self) -> None:
user_profile = self.example_user('hamlet')
email_upper = user_profile.delivery_email.upper()
with self.settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',)):
result = self.client_get('/accounts/login/sso/', REMOTE_USER=email_upper)
self.assertEqual(result.status_code, 302)
self.assert_logged_in_user_id(user_profile.id)
def test_login_failure(self) -> None: def test_login_failure(self) -> None:
email = self.example_email("hamlet") email = self.example_email("hamlet")
result = self.client_get('/accounts/login/sso/', REMOTE_USER=email) result = self.client_get('/accounts/login/sso/', REMOTE_USER=email)

2
zproject/backends.py
View File

@ -985,7 +985,7 @@ class ExternalAuthResult:
if self.user_profile is not None: if self.user_profile is not None:
# Ensure data inconsistent with the user_profile wasn't passed in inside the data_dict argument. # Ensure data inconsistent with the user_profile wasn't passed in inside the data_dict argument.
assert 'full_name' not in data_dict or data_dict['full_name'] == self.user_profile.full_name assert 'full_name' not in data_dict or data_dict['full_name'] == self.user_profile.full_name
assert 'email' not in data_dict or data_dict['email'] == self.user_profile.delivery_email assert 'email' not in data_dict or data_dict['email'].lower() == self.user_profile.delivery_email.lower()
# Update these data_dict fields to ensure consistency with self.user_profile. This is mostly # Update these data_dict fields to ensure consistency with self.user_profile. This is mostly
# defensive code, but is useful in these scenarios: # defensive code, but is useful in these scenarios:
# 1. user_profile argument was passed in, and no full_name or email_data in the data_dict arg. # 1. user_profile argument was passed in, and no full_name or email_data in the data_dict arg.