Catch potential SyntaxError in federation mapping

When using the 'groups' keyword in a federation mapping, the value
passed in the assertion map be a simple string with a space. For
example, "ALL USERS". This results in ast.literal_eval() raising
a SyntaxError and not ValueError, which bubbles up to the API as
an uncaught 500 Internal Server Error.

Change-Id: I61f93a6c54b62ba8719d2603f93dc18c33b581ce
Closes-Bug: #1629446
(cherry picked from commit 9e1e2c2156)
This commit is contained in:
Eric Brown 2017-01-17 17:42:52 -08:00
parent f7a8a053f3
commit a1cc77e72d
3 changed files with 57 additions and 1 deletions

View File

@ -649,7 +649,7 @@ class RuleProcessor(object):
try:
group_names_list = ast.literal_eval(
identity_value['groups'])
except ValueError:
except (ValueError, SyntaxError):
group_names_list = [identity_value['groups']]
domain = identity_value['domain']
group_dicts = [{'name': name, 'domain': domain} for name in

View File

@ -680,6 +680,24 @@ class MappingRuleEngineTests(unit.BaseTestCase):
rp.process,
assertion)
def test_rule_engine_groups_mapping_only_one_group(self):
"""Test mapping engine when groups is explicitly set.
If the groups list has only one group,
test if the transformation is done correctly
"""
mapping = mapping_fixtures.MAPPING_GROUPS_WITH_EMAIL
assertion = mapping_fixtures.GROUPS_ASSERTION_ONLY_ONE_GROUP
rp = mapping_utils.RuleProcessor(FAKE_MAPPING_ID, mapping['rules'])
mapped_properties = rp.process(assertion)
self.assertIsNotNone(mapped_properties)
self.assertEqual('jsmith', mapped_properties['user']['name'])
self.assertEqual('jill@example.com',
mapped_properties['user']['email'])
self.assertEqual('ALL USERS',
mapped_properties['group_names'][0]['name'])
def test_rule_engine_group_ids_mapping_whitelist(self):
"""Test mapping engine when group_ids is explicitly set

View File

@ -1401,6 +1401,38 @@ MAPPING_BAD_LOCAL_SETUP = {
]
}
MAPPING_GROUPS_WITH_EMAIL = {
"rules": [
{
"remote": [
{
"type": "groups",
},
{
"type": "userEmail",
},
{
"type": "UserName"
}
],
"local": [
{
"groups": "{0}",
"domain": {
"id": DEVELOPER_GROUP_DOMAIN_ID
}
},
{
"user": {
"name": "{2}",
"email": "{1}"
}
}
]
}
]
}
EMPLOYEE_ASSERTION = {
'Email': 'tim@example.com',
'UserName': 'tbo',
@ -1547,6 +1579,12 @@ UNICODE_NAME_ASSERTION = {
'PFX_orgPersonType': 'Admin;Chief'
}
GROUPS_ASSERTION_ONLY_ONE_GROUP = {
'userEmail': 'jill@example.com',
'UserName': 'jsmith',
'groups': 'ALL USERS'
}
MAPPING_UNICODE = {
"rules": [
{