Skip to content

Allow usernames to be case-insensitive with app passwords #40281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
phil-davis merged 1 commit into from
Aug 11, 2022
Merged

Allow usernames to be case-insensitive with app passwords #40281

phil-davis merged 1 commit into from
Aug 11, 2022

Conversation

@phil-davis
Copy link
Contributor

@phil-davis phil-davis commented Aug 10, 2022
edited
Loading

Description

An acceptance test scenario is added that uses an app password generated by user "Alice" but provides user "alice" in the webDAV requests. The scenario fails without the fix, and passes with the fix in Session.php

Related Issue

How Has This Been Tested?

CI

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@phil-davis phil-davis self-assigned this Aug 10, 2022
@phil-davis phil-davis mentioned this pull request Aug 10, 2022
Closed
@owncloud owncloud deleted a comment from update-docs bot Aug 10, 2022
@phil-davis phil-davis mentioned this pull request Aug 10, 2022
Closed
10 tasks
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
@owncloud owncloud deleted a comment from ownclouders Aug 10, 2022
jvillafanez
jvillafanez reviewed Aug 10, 2022
View reviewed changes
lib/private/User/Session.php

// Check if login names match
if ($user !== null && $dbToken->getLoginName() !== $user) {
if ($user !== null && \strcasecmp($dbToken->getLoginName(), $user) !== 0) {
Copy link
Member

@jvillafanez jvillafanez Aug 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if this will work with greek, cyrillic and other utf8 strings. Maybe we don't need to support it if the username is expected to contain only ascii chars.

Copy link
Contributor Author

@phil-davis phil-davis Aug 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Error creating user: Only the following characters are allowed in a username: "a-z", "A-Z", "0-9", and "+_.@-'""

Usernames in oC10 are only a limited set of ASCII.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 10, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

100.0% 100.0% Coverage
0.0% 0.0% Duplication

@phil-davis phil-davis requested a review from jvillafanez August 11, 2022 02:29
@phil-davis phil-davis merged commit 7d40148 into master Aug 11, 2022
@delete-merged-branch delete-merged-branch bot deleted the issue-40119 branch August 11, 2022 07:06
@amrita-shrestha amrita-shrestha mentioned this pull request Aug 12, 2022
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jvillafanez jvillafanez jvillafanez approved these changes

@JammingBen JammingBen Awaiting requested review from JammingBen

@AlexAndBear AlexAndBear Awaiting requested review from AlexAndBear

Assignees

@phil-davis phil-davis

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Case sensitive usernames when logging in with an app password via webdav

3 participants

@phil-davis @jvillafanez