Unescape the MIQ_GROUP header

With the MIQ_GROUP header properly escaped, special characters in group descriptions will now be able to be specified. unescape the group name
ManageIQ · Jan 17, 2018 · 7a2de84 · 7a2de84
1 parent 1182530
commit 7a2de84
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/app/controllers/api/base_controller/authentication.rb b/app/controllers/api/base_controller/authentication.rb
@@ -44,6 +44,7 @@ def userid_to_userobj(userid)
       def authorize_user_group(user_obj)
         group_name = request.headers[HttpHeaders::MIQ_GROUP]
         if group_name.present?
+          group_name = CGI.unescape(group_name)
           group_obj = user_obj.miq_groups.find_by(:description => group_name)
           raise AuthenticationError, "Invalid Authorization Group #{group_name} specified" if group_obj.nil?
           user_obj.current_group_by_description = group_name