-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
6.14.1
-
False
-
-
False
-
CLOSED
-
950
-
Endeavour
-
-
-
Moderate
-
No
Description of problem:
There is an inconsistency of requirements for a user between users authorized by INTERNAL (local Sat users) and EXTERNAL (users from IdM or AD). While INTERNAL user can have empty mail (until one sets "Mail Enabled"), EXTERNAL user must have an email among its attributes.
That is ridiculous restriction that causes problems when an AD / IdM user does not have mail specified - an attempt to login as that user than fails.
Version-Release number of selected component (if applicable):
Any Sat version
How reproducible:
100%
Steps to Reproduce:
1. Have an IdM or AD configured, and create an user with empty / null password there.
2. Try to login as that user to Satellite WebUI
Actual results:
2. login fails with backtrace in production.log:
2024-02-07T08:42:14 [I|app|228e2f37] Backtrace for 'Email address is invalid' error (Mail::Field::IncompleteParseError): Mail::AddressList can not parse |(null)|: Only able to parse up to "(null)"
228e2f37 | /usr/share/gems/gems/mail-2.7.1/lib/mail/parsers/address_lists_parser.rb:33230:in `parse'
228e2f37 | /usr/share/gems/gems/mail-2.7.1/lib/mail/elements/address.rb:192:in `parse'
228e2f37 | /usr/share/gems/gems/mail-2.7.1/lib/mail/elements/address.rb:30:in `initialize'
228e2f37 | /usr/share/foreman/app/validators/email_validator.rb:8:in `new'
228e2f37 | /usr/share/foreman/app/validators/email_validator.rb:8:in `validate_each'
228e2f37 | /usr/share/gems/gems/activemodel-6.1.7/lib/active_model/validator.rb:153:in `block in validate'
228e2f37 | /usr/share/gems/gems/activemodel-6.1.7/lib/active_model/validator.rb:149:in `each'
228e2f37 | /usr/share/gems/gems/activemodel-6.1.7/lib/active_model/validator.rb:149:in `validate'
228e2f37 | /usr/share/gems/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:427:in `block in make_lambda'
..
228e2f37 | /usr/share/foreman/app/models/user.rb:346:in `block in find_or_create_external_user'
228e2f37 | /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:108:in `as'
228e2f37 | /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:114:in `as_anonymous_admin'
228e2f37 | /usr/share/foreman/app/models/user.rb:343:in `find_or_create_external_user'
228e2f37 | /usr/share/foreman/app/services/sso/apache.rb:39:in `authenticated?'
228e2f37 | /usr/share/foreman/app/controllers/users_controller.rb:124:in `login'
Expected results:
EXTERNAL user can get created with blank mail as well.
Additional info:
/usr/share/foreman/app/models/user.rb around line 346 is the key place of change
- external trackers
