Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-23437

Allow users with EXTERNAL authentication to have blank mail

XMLWordPrintable

    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • CLOSED
    • Release Notes
    • foreman-3.13.0-0.1.develop.20240924095958gita34d983.el9sat.noarch.rpm
    • 950
    • Hide
      .External users can now log in to Satellite without specifying an email address

      Previously, external users, such as users defined in Identity Management or Active Directory, were unable to log in to Satellite without an email address. With this update, external users can log in to Satellite even when their user account does not include an email address. Note that if the `Mail Enabled` option is enabled for a user account in the Satellite web UI, the user will still be prompted to enter an email address.
      Show
      .External users can now log in to Satellite without specifying an email address Previously, external users, such as users defined in Identity Management or Active Directory, were unable to log in to Satellite without an email address. With this update, external users can log in to Satellite even when their user account does not include an email address. Note that if the `Mail Enabled` option is enabled for a user account in the Satellite web UI, the user will still be prompted to enter an email address.
    • Bug Fix
    • In Progress
    • Endeavour
    • Moderate
    • No Coverage
    • No

      Description of problem:
      There is an inconsistency of requirements for a user between users authorized by INTERNAL (local Sat users) and EXTERNAL (users from IdM or AD). While INTERNAL user can have empty mail (until one sets "Mail Enabled"), EXTERNAL user must have an email among its attributes.

      That is ridiculous restriction that causes problems when an AD / IdM user does not have mail specified - an attempt to login as that user than fails.

      Version-Release number of selected component (if applicable):
      Any Sat version

      How reproducible:
      100%

      Steps to Reproduce:
      1. Have an IdM or AD configured, and create an user with empty / null password there.
      2. Try to login as that user to Satellite WebUI

      Actual results:
      2. login fails with backtrace in production.log:
      2024-02-07T08:42:14 [I|app|228e2f37] Backtrace for 'Email address is invalid' error (Mail::Field::IncompleteParseError): Mail::AddressList can not parse |(null)|: Only able to parse up to "(null)"
      228e2f37 | /usr/share/gems/gems/mail-2.7.1/lib/mail/parsers/address_lists_parser.rb:33230:in `parse'
      228e2f37 | /usr/share/gems/gems/mail-2.7.1/lib/mail/elements/address.rb:192:in `parse'
      228e2f37 | /usr/share/gems/gems/mail-2.7.1/lib/mail/elements/address.rb:30:in `initialize'
      228e2f37 | /usr/share/foreman/app/validators/email_validator.rb:8:in `new'
      228e2f37 | /usr/share/foreman/app/validators/email_validator.rb:8:in `validate_each'
      228e2f37 | /usr/share/gems/gems/activemodel-6.1.7/lib/active_model/validator.rb:153:in `block in validate'
      228e2f37 | /usr/share/gems/gems/activemodel-6.1.7/lib/active_model/validator.rb:149:in `each'
      228e2f37 | /usr/share/gems/gems/activemodel-6.1.7/lib/active_model/validator.rb:149:in `validate'
      228e2f37 | /usr/share/gems/gems/activesupport-6.1.7/lib/active_support/callbacks.rb:427:in `block in make_lambda'
      ..
      228e2f37 | /usr/share/foreman/app/models/user.rb:346:in `block in find_or_create_external_user'
      228e2f37 | /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:108:in `as'
      228e2f37 | /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:114:in `as_anonymous_admin'
      228e2f37 | /usr/share/foreman/app/models/user.rb:343:in `find_or_create_external_user'
      228e2f37 | /usr/share/foreman/app/services/sso/apache.rb:39:in `authenticated?'
      228e2f37 | /usr/share/foreman/app/controllers/users_controller.rb:124:in `login'

      Expected results:
      EXTERNAL user can get created with blank mail as well.

      Additional info:
      /usr/share/foreman/app/models/user.rb around line 346 is the key place of change

          1.
          		 [QE] Allow users with EXTERNAL authentication to have blank mail Sub-task To Do Undefined Lukas Hellebrandt

              rhn-support-alazik Adam Lazik
              rhn-support-pmoravec Pavel Moravec
              Lukas Hellebrandt Lukas Hellebrandt
              Aneta Šteflová Petrová Aneta Šteflová Petrová
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: