Bug #21353
closed
Unable to change the default Satellite username "admin-username"
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1490969
Description of problem:
-After initial setup I attempted to change the default user
name and password from "admin-username" and "admin-password"
-From the GUI I can change the username and password but as soon as I hit submit the username returns to "admin-username"
Version-Release number of selected component (if applicable):
Satellite 6.2.11
How reproducible:
Easily Reproducible
Steps to Reproduce:
1. After new install of RedHat Satellite 6.2.11 using the installer with --foreman-admin-username gk-admin attempt to change username
2. Hit Submit when username and password changed
3. The username returns to the old "admin-username"
Actual results:
Expected results:
Expected the username to update to the new name.
Logging out and logging back in does not matter.
Additional info:
The problem is that installer allows user to modify the default admin username while in UI it's not properly detected as default admin and the username field is not disabled. The reason is we hardcode 'admin' login in app/views/users/_form.html.erb
<%= text_f f, :login, :disabled => f.object.login == 'admin' %>
Updated by Marek Hulán over 6 years ago
- Subject changed from Unable to change the default Satellite username "admin-username" to Unable to change the default Satellite username "admin-username"
- Category set to 218
- Difficulty set to easy
There's more in this issue. The reason why it does not work is that strong params drops login parameter if user is editing himself/herself, see https://github.com/theforeman/foreman/blob/3703af267f316676ce571a0ca00563c8c3565168/app/controllers/concerns/foreman/controller/parameters/user.rb#L27-L33
The second part is that we disable the login field for users with login == 'admin', see https://github.com/theforeman/foreman/blob/3703af267f316676ce571a0ca00563c8c3565168/app/views/users/_form.html.erb#L24 that does not make sense since we can have more than one admin.
Changing the login should be supported including user themselves in case the auth source is INTERNAL. For external auth sources this would be dangerous. After discussion with Evgeni and Ewoud, we came to conclusion that updating login and other sensitive fields (auth source) should be only allowed to user with edit_users permission, while self editing of other attributes (e.g. email) should be allowed to everyone.
So the properly fix this issue, following is required:
1) keep fields disabled only while self editing and current user does not have edit_users permission, the disabled field should have a hover tooltip explaining why the field is disabled
2) update strong params to follow the same logic, accepting login and auth source fields only for users with edit_users permission
Updated by The Foreman Bot over 6 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4966 added
Updated by Daniel Lobato Garcia over 6 years ago
- translation missing: en.field_release set to 296
Updated by Shira Maximov over 6 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 02d1635cbfca6e96d46b50d27232e152efb58d9f.
Updated by Ivan Necas over 6 years ago
- Related to Bug #21849: Login field disabled with "External user login can not be changed" added
Updated by Tomer Brisker almost 4 years ago
- Category changed from 218 to Users, Roles and Permissions