Project

General

Profile

Bug #21353

Unable to change the default Satellite username "admin-username"

Added by Marek Hulán about 3 years ago. Updated 3 months ago.

Status:
Closed
Priority:
Low
Assignee:
Category:
Users, Roles and Permissions
Target version:
Difficulty:
easy
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1490969

Description of problem:

-After initial setup I attempted to change the default user
name and password from "admin-username" and "admin-password"
-From the GUI I can change the username and password but as soon as I hit submit the username returns to "admin-username"

Version-Release number of selected component (if applicable):
Satellite 6.2.11

How reproducible:
Easily Reproducible

Steps to Reproduce:
1. After new install of RedHat Satellite 6.2.11 using the installer with --foreman-admin-username gk-admin attempt to change username
2. Hit Submit when username and password changed
3. The username returns to the old "admin-username"

Actual results:

Expected results:
Expected the username to update to the new name.
Logging out and logging back in does not matter.

Additional info:

The problem is that installer allows user to modify the default admin username while in UI it's not properly detected as default admin and the username field is not disabled. The reason is we hardcode 'admin' login in app/views/users/_form.html.erb

<%= text_f f, :login, :disabled => f.object.login == 'admin' %>

Related issues

Related to Foreman - Bug #21849: Login field disabled with "External user login can not be changed"Closed

Associated revisions

Revision 02d1635c (diff)
Added by Shira Maximov almost 3 years ago

Fixes #21353 - users can edit login if they have permissions

History

#1 Updated by Marek Hulán about 3 years ago

  • Difficulty set to easy
  • Category set to 218
  • Subject changed from Unable to change the default Satellite username "admin-username" to Unable to change the default Satellite username "admin-username"

There's more in this issue. The reason why it does not work is that strong params drops login parameter if user is editing himself/herself, see https://github.com/theforeman/foreman/blob/3703af267f316676ce571a0ca00563c8c3565168/app/controllers/concerns/foreman/controller/parameters/user.rb#L27-L33

The second part is that we disable the login field for users with login == 'admin', see https://github.com/theforeman/foreman/blob/3703af267f316676ce571a0ca00563c8c3565168/app/views/users/_form.html.erb#L24 that does not make sense since we can have more than one admin.

Changing the login should be supported including user themselves in case the auth source is INTERNAL. For external auth sources this would be dangerous. After discussion with Evgeni and Ewoud, we came to conclusion that updating login and other sensitive fields (auth source) should be only allowed to user with edit_users permission, while self editing of other attributes (e.g. email) should be allowed to everyone.

So the properly fix this issue, following is required:
1) keep fields disabled only while self editing and current user does not have edit_users permission, the disabled field should have a hover tooltip explaining why the field is disabled
2) update strong params to follow the same logic, accepting login and auth source fields only for users with edit_users permission

#2 Updated by The Foreman Bot almost 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4966 added

#3 Updated by Shira Maximov almost 3 years ago

  • Assignee set to Shira Maximov

#4 Updated by Daniel Lobato Garcia almost 3 years ago

  • Legacy Backlogs Release (now unused) set to 296

#5 Updated by Shira Maximov almost 3 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#6 Updated by Ivan Necas almost 3 years ago

  • Related to Bug #21849: Login field disabled with "External user login can not be changed" added

#7 Updated by Tomer Brisker 3 months ago

  • Category changed from 218 to Users, Roles and Permissions

Also available in: Atom PDF