From 771b8fd095f3bcb922f761d297c62f1a56a997d5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 16 Feb 2015 14:04:49 -0500
Subject: Prefix userdata hives with _ to avoid conflicts

The main userdata dict contains common attributes, but we add
a sepcial groups list and unmapped extras, as well as indicators
like auth_type.
All these additional attributes are now prefixed by a _ character
so that conflicts with legitimate attributes are improbable.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 ipsilon/login/common.py | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

(limited to 'ipsilon/login/common.py')

diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py
index 2dcdb67..3002d78 100644
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -44,27 +44,34 @@ class LoginManagerBase(PluginConfig, PluginObject):
     def auth_successful(self, trans, username, auth_type=None, userdata=None):
         session = UserSession()
 
+        # merge attributes from login plugin and info plugin
         if self.info:
-            userattrs = self.info.get_user_attrs(username)
-            if userdata:
-                userdata.update(userattrs.get('userdata', {}))
-            else:
-                userdata = userattrs.get('userdata', {})
+            infoattrs = self.info.get_user_attrs(username)
+        else:
+            infoattrs = dict()
+
+        if userdata is None:
+            userdata = dict()
+
+        if '_groups' in infoattrs:
+            userdata['_groups'] = list(set(userdata.get('_groups', []) +
+                                           infoattrs['_groups']))
+            del infoattrs['_groups']
 
-            # merge groups and extras from login plugin and info plugin
-            userdata['groups'] = list(set(userdata.get('groups', []) +
-                                          userattrs.get('groups', [])))
+        if '_extras' in infoattrs:
+            userdata['_extras'] = userdata.get('_extras', {})
+            userdata['_extras'].update(infoattrs['_extras'])
+            del infoattrs['_extras']
 
-            userdata['extras'] = userdata.get('extras', {})
-            userdata['extras'].update(userattrs.get('extras', {}))
+        userdata.update(infoattrs)
 
-            self.debug("User %s attributes: %s" % (username, repr(userdata)))
+        self.debug("User %s attributes: %s" % (username, repr(userdata)))
 
         if auth_type:
             if userdata:
-                userdata.update({'auth_type': auth_type})
+                userdata.update({'_auth_type': auth_type})
             else:
-                userdata = {'auth_type': auth_type}
+                userdata = {'_auth_type': auth_type}
 
         # create session login including all the userdata just gathered
         session.login(username, userdata)
-- 
cgit