Unescape the MIQ_GROUP header

With the MIQ_GROUP header properly escaped, special characters in group descriptions will now be able to be specified.

unescape the group name

app/controllers/api/base_controller/authentication.rb

@@ -44,6 +44,7 @@ def userid_to_userobj(userid)
       def authorize_user_group(user_obj)
         group_name = request.headers[HttpHeaders::MIQ_GROUP]
         if group_name.present?
+          group_name = CGI.unescape(group_name)
           group_obj = user_obj.miq_groups.find_by(:description => group_name)
           raise AuthenticationError, "Invalid Authorization Group #{group_name} specified" if group_obj.nil?
           user_obj.current_group_by_description = group_name

spec/requests/authentication_spec.rb

@@ -75,9 +75,10 @@
   context "Basic Authentication with Group Authorization" do
     let(:group1) { FactoryGirl.create(:miq_group, :description => "Group1", :miq_user_role => @role) }
     let(:group2) { FactoryGirl.create(:miq_group, :description => "Group2", :miq_user_role => @role) }
+    let(:special_char_group) { FactoryGirl.create(:miq_group, :description => "équipe", :miq_user_role => @role) }
 
     before(:each) do
-      @user.miq_groups = [group1, group2, @user.current_group]
+      @user.miq_groups = [group1, group2, @user.current_group, special_char_group]
       @user.current_group = group1
     end
 
@@ -104,6 +105,14 @@
 
       expect(response).to have_http_status(:ok)
     end
+
+    it "permits group headers to be specified with properly escaped special characters" do
+      api_basic_authorize
+
+      get api_entrypoint_url, :headers => {Api::HttpHeaders::MIQ_GROUP => CGI.escape(special_char_group.description)}
+
+      expect(response).to have_http_status(:ok)
+    end
   end
 
   context "Authentication/Authorization Identity" do