[RORDEV-1259] User definition validation for duplicated entries with not matching credentials #1048
Conversation
|
|
||
| private type SupportedRule = AuthKeyRule | AuthKeyUnixRule | AuthKeyHashingRule | ||
|
|
||
| def similarity(x: BasicAuthenticationRule[?], y: BasicAuthenticationRule[?]): SimilarityMeasure = { |
There was a problem hiding this comment.
This implementation looks very nice, but I'm not sure if this is what the user needs.
IMO we should compare the username fields. In code, this is represented by UserIdPatterns case class.
We already have the withUserIdParamsCheck. It checks if the user defined in the auth rule matches the pattern defined in the usernme field. The user noticed that we have no validation of usenname patterns uniqueness.
In the client's example the validation won't help, because username in the auth rule is hashed.
But it seems there should be another validation, which can be defined like this:
- if there are at least two the same usename pattens (without wildcard) it should failed to validate
And that's it. Is it? Or I'm missing sth?
TBH, the "username" seems to be a redundant setting. In case of auth rules with local users it seems that it is not necessary. In case of rules like LDAP auth we can use it to cut out some users. In case of local users it makes no sense.
🧐Enhancement (ES) Validation added for multiple username entries with different credentials in the
userssection