Disallow using origin 'uaa' when creating user by username

svkrieger · svkrieger · commit 29b97d55519a · 2024-11-28T13:03:20.000+01:00
diff --git a/app/messages/user_create_message.rb b/app/messages/user_create_message.rb
@@ -13,6 +13,7 @@ def validate(record)
         elsif record.username || record.origin
           record.errors.add(:origin, message: "'username' is missing") unless record.username
           record.errors.add(:username, message: "'origin' is missing") unless record.origin
+          record.errors.add(:origin, message: "cannot be 'uaa' when creating a user by username") unless record.origin != 'uaa'
         else
           record.errors.add(:guid, message: "either 'guid' or 'username' and 'origin' must be provided")
         end
diff --git a/spec/unit/messages/user_create_message_spec.rb b/spec/unit/messages/user_create_message_spec.rb
@@ -150,6 +150,17 @@ module VCAP::CloudController
             expect(subject.errors[:origin]).to include("'username' is missing")
           end
         end
+
+        context 'when equal to "uaa"' do
+          let(:params) do
+            { origin: 'uaa' }
+          end
+
+          it 'is not valid' do
+            expect(subject).not_to be_valid
+            expect(subject.errors[:origin]).to include("cannot be 'uaa' when creating a user by username")
+          end
+        end
       end
     end
   end
