handle saml array values and first/last name

GitOrigin-RevId: f571cb466ac8618f09e6a77682bff1420060e457
This commit is contained in:
Ersun Warncke 2019-12-19 11:06:30 -04:00 committed by Copybot
parent b2444b42cf
commit 051700688b
2 changed files with 70 additions and 3 deletions

View file

@ -228,14 +228,25 @@ async function updateEntitlement(
}
function entitlementAttributeMatches(entitlementAttribute, entitlementMatcher) {
if (Array.isArray(entitlementAttribute)) {
entitlementAttribute = entitlementAttribute.join(' ')
}
if (
typeof entitlementAttribute !== 'string' ||
typeof entitlementMatcher !== 'string'
) {
return false
}
try {
const entitlementRegExp = new RegExp(entitlementMatcher)
return !!entitlementAttribute.match(entitlementRegExp)
} catch (err) {
logger.error({ err }, 'Invalid SAML entitlement matcher')
// this is likely caused by an invalid regex in the matcher string
// log the error but do not bubble so that user can still sign in
// even if they don't have the entitlement
return false
}
}
function userHasEntitlement(user, providerId) {

View file

@ -39,6 +39,10 @@ describe('SAMLIdentityManager', function() {
removeEntitlement: sinon.stub().resolves()
}
}
this.logger = {
error: sinon.stub(),
warn: sinon.stub()
}
this.SAMLIdentityManager = SandboxedModule.require(modulePath, {
requires: {
'../Email/EmailHandler': (this.EmailHandler = {
@ -66,10 +70,12 @@ describe('SAMLIdentityManager', function() {
'../User/UserUpdater': (this.UserUpdater = {
addEmailAddress: sinon.stub()
}),
'../Institutions/InstitutionsAPI': this.InstitutionsAPI
'../Institutions/InstitutionsAPI': this.InstitutionsAPI,
'logger-sharelatex': this.logger
}
})
})
describe('getUser', function() {
it('should throw an error if missing provider ID and/or external user ID', async function() {
let error
@ -82,6 +88,7 @@ describe('SAMLIdentityManager', function() {
}
})
})
describe('linkAccounts', function() {
it('should throw an error if missing data', async function() {
let error
@ -93,12 +100,14 @@ describe('SAMLIdentityManager', function() {
expect(error).to.exist
}
})
describe('when email is already associated with another Overleaf account', function() {
beforeEach(function() {
this.UserGetter.promises.getUserByAnyEmail.resolves(
this.userEmailExists
)
})
it('should throw an EmailExistsError error', async function() {
let error
try {
@ -117,12 +126,14 @@ describe('SAMLIdentityManager', function() {
}
})
})
describe('when institution identifier is already associated with another Overleaf account', function() {
beforeEach(function() {
this.UserGetter.promises.getUserByAnyEmail.resolves(
this.userAlreadyLinked
)
})
it('should throw an SAMLIdentityExistsError error', async function() {
let error
try {
@ -142,6 +153,7 @@ describe('SAMLIdentityManager', function() {
})
})
})
describe('unlinkAccounts', function() {
it('should send an email notification email', function() {
this.SAMLIdentityManager.unlinkAccounts(
@ -156,4 +168,48 @@ describe('SAMLIdentityManager', function() {
)
})
})
describe('entitlementAttributeMatches', function() {
it('should return true when entitlement matches on string', function() {
this.SAMLIdentityManager.entitlementAttributeMatches(
'foo bar',
'bar'
).should.equal(true)
})
it('should return false when entitlement does not match on string', function() {
this.SAMLIdentityManager.entitlementAttributeMatches(
'foo bar',
'bam'
).should.equal(false)
})
it('should return false on an invalid matcher', function() {
this.SAMLIdentityManager.entitlementAttributeMatches(
'foo bar',
'('
).should.equal(false)
})
it('should log error on an invalid matcher', function() {
this.SAMLIdentityManager.entitlementAttributeMatches('foo bar', '(')
this.logger.error.firstCall.args[0].err.message.should.equal(
'Invalid regular expression: /(/: Unterminated group'
)
})
it('should return true when entitlement matches on array', function() {
this.SAMLIdentityManager.entitlementAttributeMatches(
['foo', 'bar'],
'bar'
).should.equal(true)
})
it('should return false when entitlement does not match array', function() {
this.SAMLIdentityManager.entitlementAttributeMatches(
['foo', 'bar'],
'bam'
).should.equal(false)
})
})
})