feat(backend): handle username always in lowercase

This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase. Signed-off-by: Philip Molares <philip.molares@udo.edu> Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2025-05-15 07:34:42 -04:00 · 2023-05-13 14:56:42 +02:00 · 2023-05-13 14:56:42 +02:00 · 0a8945d934
commit 0a8945d934
parent 9625900d1c
23 changed files with 99 additions and 58 deletions
--- a/backend/src/identity/ldap/ldap-login.dto.ts
+++ b/backend/src/identity/ldap/ldap-login.dto.ts
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
@ -7,7 +7,7 @@ import { IsString } from 'class-validator';

 export class LdapLoginDto {
  @IsString()
-  username: string;
+  username: string; // This is not of type Username, because LDAP server may use mixed case usernames
  @IsString()
  password: string;
 }
--- a/backend/src/identity/ldap/ldap.strategy.ts
+++ b/backend/src/identity/ldap/ldap.strategy.ts
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
@ -22,6 +22,7 @@ import authConfiguration, {
 import { NotInDBError } from '../../errors/errors';
 import { ConsoleLoggerService } from '../../logger/console-logger.service';
 import { UsersService } from '../../users/users.service';
+import { makeUsernameLowercase } from '../../utils/username';
 import { Identity } from '../identity.entity';
 import { IdentityService } from '../identity.service';
 import { ProviderType } from '../provider-type.enum';
@ -85,7 +86,7 @@ export class LdapStrategy extends PassportStrategy(Strategy, 'ldap') {
   */
  private loginWithLDAP(
    ldapConfig: LDAPConfig,
-    username: string,
+    username: string, // This is not of type Username, because LDAP server may use mixed case usernames
    password: string,
    doneCallBack: VerifiedCallback,
  ): void {
@ -146,7 +147,7 @@ export class LdapStrategy extends PassportStrategy(Strategy, 'ldap') {
    userId: string,
    ldapConfig: LDAPConfig,
    user: Record<string, string>,
-    username: string,
+    username: string, // This is not of type Username, because LDAP server may use mixed case usernames
  ): void {
    this.identityService
      .getIdentityFromUserIdAndProviderType(userId, ProviderType.LDAP)
@ -162,8 +163,9 @@ export class LdapStrategy extends PassportStrategy(Strategy, 'ldap') {
      .catch(async (error) => {
        if (error instanceof NotInDBError) {
          // The user/identity does not yet exist
+          const usernameLowercase = makeUsernameLowercase(username); // This ensures ldap user can be given permission via usernames
          const newUser = await this.usersService.createUser(
-            username,
+            usernameLowercase,
            // if there is no displayName we use the username
            user[ldapConfig.displayNameField] ?? username,
          );
--- a/backend/src/identity/local/local.strategy.ts
+++ b/backend/src/identity/local/local.strategy.ts
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
@ -15,6 +15,7 @@ import { ConsoleLoggerService } from '../../logger/console-logger.service';
 import { UserRelationEnum } from '../../users/user-relation.enum';
 import { User } from '../../users/user.entity';
 import { UsersService } from '../../users/users.service';
+import { Username } from '../../utils/username';
 import { IdentityService } from '../identity.service';

@Injectable()
@ -31,7 +32,7 @@ export class LocalStrategy extends PassportStrategy(Strategy, 'local') {
    logger.setContext(LocalStrategy.name);
  }

-  async validate(username: string, password: string): Promise<User> {
+  async validate(username: Username, password: string): Promise<User> {
    try {
      const user = await this.userService.getUserByUsername(username, [
        UserRelationEnum.IDENTITIES,
--- a/backend/src/identity/local/login.dto.ts
+++ b/backend/src/identity/local/login.dto.ts
@ -1,13 +1,16 @@
 /*
- * SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { IsString } from 'class-validator';
+import { IsLowercase, IsString } from 'class-validator';
+
+import { Username } from '../../utils/username';

 export class LoginDto {
  @IsString()
-  username: string;
+  @IsLowercase()
+  username: Username;
  @IsString()
  password: string;
 }
--- a/backend/src/identity/local/register.dto.ts
+++ b/backend/src/identity/local/register.dto.ts
@ -1,13 +1,16 @@
 /*
- * SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { IsString } from 'class-validator';
+import { IsLowercase, IsString } from 'class-validator';
+
+import { Username } from '../../utils/username';

 export class RegisterDto {
  @IsString()
-  username: string;
+  @IsLowercase()
+  username: Username;

  @IsString()
  displayName: string;