Fix: Resolve Username Case Sensitivity Issue in Login Flow (#1070)
* Fix: Username changing The only situation where the username must be unique is when changing the username. * Update UserController.java
This commit is contained in:
Ludy
GitHub
parent
032388a8e3
commit
ace4e200b1
6 changed files with 22 additions and 17 deletions
|
|
@ -56,7 +56,7 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
|
|||
}
|
||||
|
||||
private boolean isDemoUser(String username) {
|
||||
Optional<User> user = userService.findByUsername(username);
|
||||
Optional<User> user = userService.findByUsernameIgnoreCase(username);
|
||||
return user.isPresent()
|
||||
&& user.get().getAuthorities().stream()
|
||||
.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ public class FirstLoginFilter extends OncePerRequestFilter {
|
|||
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (authentication != null && authentication.isAuthenticated()) {
|
||||
Optional<User> user = userService.findByUsername(authentication.getName());
|
||||
Optional<User> user = userService.findByUsernameIgnoreCase(authentication.getName());
|
||||
if ("GET".equalsIgnoreCase(method)
|
||||
&& user.isPresent()
|
||||
&& user.get().isFirstLogin()
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ public class InitialSecuritySetup {
|
|||
initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);
|
||||
}
|
||||
}
|
||||
if (!userService.usernameExists(Role.INTERNAL_API_USER.getRoleId())) {
|
||||
if (!userService.usernameExistsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {
|
||||
userService.saveUser(
|
||||
Role.INTERNAL_API_USER.getRoleId(),
|
||||
UUID.randomUUID().toString(),
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ public class UserService implements UserServiceInterface {
|
|||
public User addApiKeyToUser(String username) {
|
||||
User user =
|
||||
userRepository
|
||||
.findByUsername(username)
|
||||
.findByUsernameIgnoreCase(username)
|
||||
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
|
||||
|
||||
user.setApiKey(generateApiKey());
|
||||
|
|
@ -76,7 +76,7 @@ public class UserService implements UserServiceInterface {
|
|||
public String getApiKeyForUser(String username) {
|
||||
User user =
|
||||
userRepository
|
||||
.findByUsername(username)
|
||||
.findByUsernameIgnoreCase(username)
|
||||
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
|
||||
return user.getApiKey();
|
||||
}
|
||||
|
|
@ -103,7 +103,7 @@ public class UserService implements UserServiceInterface {
|
|||
}
|
||||
|
||||
public boolean validateApiKeyForUser(String username, String apiKey) {
|
||||
Optional<User> userOpt = userRepository.findByUsername(username);
|
||||
Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
|
||||
return userOpt.isPresent() && userOpt.get().getApiKey().equals(apiKey);
|
||||
}
|
||||
|
||||
|
|
@ -136,7 +136,7 @@ public class UserService implements UserServiceInterface {
|
|||
}
|
||||
|
||||
public void deleteUser(String username) {
|
||||
Optional<User> userOpt = userRepository.findByUsername(username);
|
||||
Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
|
||||
if (userOpt.isPresent()) {
|
||||
for (Authority authority : userOpt.get().getAuthorities()) {
|
||||
if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
|
||||
|
|
@ -151,12 +151,16 @@ public class UserService implements UserServiceInterface {
|
|||
return userRepository.findByUsername(username).isPresent();
|
||||
}
|
||||
|
||||
public boolean usernameExistsIgnoreCase(String username) {
|
||||
return userRepository.findByUsernameIgnoreCase(username).isPresent();
|
||||
}
|
||||
|
||||
public boolean hasUsers() {
|
||||
return userRepository.count() > 0;
|
||||
}
|
||||
|
||||
public void updateUserSettings(String username, Map<String, String> updates) {
|
||||
Optional<User> userOpt = userRepository.findByUsername(username);
|
||||
Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
|
||||
if (userOpt.isPresent()) {
|
||||
User user = userOpt.get();
|
||||
Map<String, String> settingsMap = user.getSettings();
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ public class UserController {
|
|||
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
|
||||
@PostMapping("/register")
|
||||
public String register(@ModelAttribute UsernameAndPass requestModel, Model model) {
|
||||
if (userService.usernameExists(requestModel.getUsername())) {
|
||||
if (userService.usernameExistsIgnoreCase(requestModel.getUsername())) {
|
||||
model.addAttribute("error", "Username already exists");
|
||||
return "register";
|
||||
}
|
||||
|
|
@ -70,7 +70,8 @@ public class UserController {
|
|||
return new RedirectView("/account?messageType=notAuthenticated");
|
||||
}
|
||||
|
||||
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
|
||||
// The username MUST be unique when renaming
|
||||
Optional<User> userOpt = userService.findByUsername(principal.getName());
|
||||
|
||||
if (userOpt == null || userOpt.isEmpty()) {
|
||||
return new RedirectView("/account?messageType=userNotFound");
|
||||
|
|
@ -113,7 +114,7 @@ public class UserController {
|
|||
return new RedirectView("/change-creds?messageType=notAuthenticated");
|
||||
}
|
||||
|
||||
Optional<User> userOpt = userService.findByUsername(principal.getName());
|
||||
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
|
||||
|
||||
if (userOpt == null || userOpt.isEmpty()) {
|
||||
return new RedirectView("/change-creds?messageType=userNotFound");
|
||||
|
|
@ -146,7 +147,7 @@ public class UserController {
|
|||
return new RedirectView("/account?messageType=notAuthenticated");
|
||||
}
|
||||
|
||||
Optional<User> userOpt = userService.findByUsername(principal.getName());
|
||||
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
|
||||
|
||||
if (userOpt == null || userOpt.isEmpty()) {
|
||||
return new RedirectView("/account?messageType=userNotFound");
|
||||
|
|
@ -207,7 +208,7 @@ public class UserController {
|
|||
return new RedirectView("/addUsers?messageType=usernameExists");
|
||||
}
|
||||
}
|
||||
if (userService.usernameExists(username)) {
|
||||
if (userService.usernameExistsIgnoreCase(username)) {
|
||||
return new RedirectView("/addUsers?messageType=usernameExists");
|
||||
}
|
||||
try {
|
||||
|
|
@ -231,7 +232,7 @@ public class UserController {
|
|||
public RedirectView deleteUser(
|
||||
@PathVariable(name = "username") String username, Authentication authentication) {
|
||||
|
||||
if (!userService.usernameExists(username)) {
|
||||
if (!userService.usernameExistsIgnoreCase(username)) {
|
||||
return new RedirectView("/addUsers?messageType=deleteUsernameExists");
|
||||
}
|
||||
|
||||
|
|
@ -239,7 +240,7 @@ public class UserController {
|
|||
String currentUsername = authentication.getName();
|
||||
|
||||
// Check if the provided username matches the current session's username
|
||||
if (currentUsername.equals(username)) {
|
||||
if (currentUsername.equalsIgnoreCase(username)) {
|
||||
return new RedirectView("/addUsers?messageType=deleteCurrentUser");
|
||||
}
|
||||
invalidateUserSessions(username);
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ public class AccountWebController {
|
|||
|
||||
// Fetch user details from the database
|
||||
Optional<User> user =
|
||||
userRepository.findByUsername(
|
||||
userRepository.findByUsernameIgnoreCase(
|
||||
username); // Assuming findByUsername method exists
|
||||
if (!user.isPresent()) {
|
||||
// Handle error appropriately
|
||||
|
|
@ -145,7 +145,7 @@ public class AccountWebController {
|
|||
|
||||
// Fetch user details from the database
|
||||
Optional<User> user =
|
||||
userRepository.findByUsername(
|
||||
userRepository.findByUsernameIgnoreCase(
|
||||
username); // Assuming findByUsername method exists
|
||||
if (!user.isPresent()) {
|
||||
// Handle error appropriately
|
||||
|
|
|
|||
Loading…
Reference in a new issue