From 4fcef71bebbccee2e8a78882115d8271e359e2ef Mon Sep 17 00:00:00 2001 From: Jason Han Date: Thu, 23 Feb 2023 11:55:56 -0800 Subject: [PATCH] Ignore case for username --- .../mms/groups/controllers/LocalGroupsController.java | 2 +- .../java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 3 +-- .../mms/localuser/security/UserDetailsServiceImpl.java | 4 ++-- .../delegation/DefaultBranchPermissionsDelegate.java | 8 ++++---- .../delegation/DefaultOrgPermissionsDelegate.java | 8 ++++---- .../delegation/DefaultProjectPermissionsDelegate.java | 8 ++++---- .../org/openmbee/mms/rdb/repositories/UserRepository.java | 2 +- .../openmbee/mms/twc/security/TwcUserDetailsService.java | 2 +- 8 files changed, 18 insertions(+), 19 deletions(-) diff --git a/groups/src/main/java/org/openmbee/mms/groups/controllers/LocalGroupsController.java b/groups/src/main/java/org/openmbee/mms/groups/controllers/LocalGroupsController.java index ee9c89aa2..b4c957553 100644 --- a/groups/src/main/java/org/openmbee/mms/groups/controllers/LocalGroupsController.java +++ b/groups/src/main/java/org/openmbee/mms/groups/controllers/LocalGroupsController.java @@ -126,7 +126,7 @@ public GroupUpdateResponse updateGroupUsers(@PathVariable String group, response.setGroup(group); groupUpdateRequest.getUsers().forEach(newUser -> { - User user = userRepository.findByUsername(newUser).orElse(null); + User user = userRepository.findByUsernameIgnoreCase(newUser).orElse(null); if (user != null) { if (groupUpdateRequest.getAction() == Action.ADD) { diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 56791c6e0..03ff63141 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -29,7 +29,6 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.ldap.SpringSecurityLdapTemplate; -import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; import org.springframework.transaction.annotation.EnableTransactionManagement; @@ -155,7 +154,7 @@ private CustomLdapAuthoritiesPopulator(BaseLdapPathContextSource ldapContextSour public Collection getGrantedAuthorities( DirContextOperations userData, String username) { logger.debug("Populating authorities using LDAP"); - Optional userOptional = userRepository.findByUsername(username); + Optional userOptional = userRepository.findByUsernameIgnoreCase(username); if (userOptional.isEmpty()) { logger.info("No user record for {} in the userRepository, creating...", userData.getDn()); diff --git a/localuser/src/main/java/org/openmbee/mms/localuser/security/UserDetailsServiceImpl.java b/localuser/src/main/java/org/openmbee/mms/localuser/security/UserDetailsServiceImpl.java index 824786805..cd9bc1105 100644 --- a/localuser/src/main/java/org/openmbee/mms/localuser/security/UserDetailsServiceImpl.java +++ b/localuser/src/main/java/org/openmbee/mms/localuser/security/UserDetailsServiceImpl.java @@ -31,7 +31,7 @@ public void setPasswordEncoder(PasswordEncoder passwordEncoder) { @Override public UserDetailsImpl loadUserByUsername(String username) throws UsernameNotFoundException { - Optional user = userRepository.findByUsername(username); + Optional user = userRepository.findByUsernameIgnoreCase(username); if (!user.isPresent()) { throw new UsernameNotFoundException( @@ -59,7 +59,7 @@ public User register(UserCreateRequest req) { @Transactional public void changeUserPassword(String username, String password, boolean asAdmin) { - Optional userOptional = userRepository.findByUsername(username); + Optional userOptional = userRepository.findByUsernameIgnoreCase(username); if(! userOptional.isPresent()) { throw new UsernameNotFoundException( String.format("No user found with username '%s'.", username)); diff --git a/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultBranchPermissionsDelegate.java b/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultBranchPermissionsDelegate.java index f42020f18..ded88a232 100644 --- a/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultBranchPermissionsDelegate.java +++ b/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultBranchPermissionsDelegate.java @@ -93,7 +93,7 @@ public void initializePermissions(String creator) { @Override public void initializePermissions(String creator, boolean inherit) { - Optional user = getUserRepo().findByUsername(creator); + Optional user = getUserRepo().findByUsernameIgnoreCase(creator); Optional role = getRoleRepo().findByName("ADMIN"); if (!user.isPresent()) { @@ -131,7 +131,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re switch(req.getAction()) { case MODIFY: for (PermissionUpdateRequest.Permission p: req.getPermissions()) { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); Optional role = getRoleRepo().findByName(p.getRole()); if (!user.isPresent() || !role.isPresent()) { //throw exception or skip @@ -160,7 +160,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re branchUserPermRepo.findAllByBranchAndInherited(branch, false)); branchUserPermRepo.deleteByBranchAndInherited(branch, false); for (PermissionUpdateRequest.Permission p: req.getPermissions()) { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); Optional role = getRoleRepo().findByName(p.getRole()); if (!user.isPresent() || !role.isPresent()) { //throw exception or skip @@ -174,7 +174,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re case REMOVE: Set users = new HashSet<>(); req.getPermissions().forEach(p -> { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); if(! user.isPresent()) { //throw or skip; return; diff --git a/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultOrgPermissionsDelegate.java b/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultOrgPermissionsDelegate.java index b457d5d77..64ed7f179 100644 --- a/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultOrgPermissionsDelegate.java +++ b/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultOrgPermissionsDelegate.java @@ -82,7 +82,7 @@ public void initializePermissions(String creator, boolean inherit) { throw new IllegalArgumentException("Cannot inherit permissions for an Org"); } - Optional user = getUserRepo().findByUsername(creator); + Optional user = getUserRepo().findByUsernameIgnoreCase(creator); Optional role = getRoleRepo().findByName(AuthorizationConstants.ADMIN); if (!user.isPresent()) { @@ -116,7 +116,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re switch(req.getAction()) { case MODIFY: for (PermissionUpdateRequest.Permission p: req.getPermissions()) { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); Optional role = getRoleRepo().findByName(p.getRole()); if (!user.isPresent() || !role.isPresent()) { //throw exception or skip @@ -146,7 +146,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re orgUserPermRepo.deleteByOrganization(organization); for (PermissionUpdateRequest.Permission p: req.getPermissions()) { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); Optional role = getRoleRepo().findByName(p.getRole()); if (!user.isPresent() || !role.isPresent()) { //throw exception or skip @@ -160,7 +160,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re case REMOVE: Set users = new HashSet<>(); req.getPermissions().forEach(p -> { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); if(! user.isPresent()) { //throw or skip; return; diff --git a/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultProjectPermissionsDelegate.java b/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultProjectPermissionsDelegate.java index e7ae4d69f..5244e15e1 100644 --- a/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultProjectPermissionsDelegate.java +++ b/permissions/src/main/java/org/openmbee/mms/permissions/delegation/DefaultProjectPermissionsDelegate.java @@ -95,7 +95,7 @@ public void initializePermissions(String creator) { @Override public void initializePermissions(String creator, boolean inherit) { - Optional user = getUserRepo().findByUsername(creator); + Optional user = getUserRepo().findByUsernameIgnoreCase(creator); Optional role = getRoleRepo().findByName("ADMIN"); if (!user.isPresent()) { @@ -133,7 +133,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re switch(req.getAction()) { case MODIFY: for (PermissionUpdateRequest.Permission p: req.getPermissions()) { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); Optional role = getRoleRepo().findByName(p.getRole()); if (!user.isPresent() || !role.isPresent()) { //throw exception or skip @@ -162,7 +162,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re projectUserPermRepo.findAllByProjectAndInherited(project, false)); projectUserPermRepo.deleteByProjectAndInherited(project, false); for (PermissionUpdateRequest.Permission p: req.getPermissions()) { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); Optional role = getRoleRepo().findByName(p.getRole()); if (!user.isPresent() || !role.isPresent()) { //throw exception or skip @@ -176,7 +176,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re case REMOVE: Set users = new HashSet<>(); req.getPermissions().forEach(p -> { - Optional user = getUserRepo().findByUsername(p.getName()); + Optional user = getUserRepo().findByUsernameIgnoreCase(p.getName()); if(! user.isPresent()) { //throw or skip; return; diff --git a/rdb/src/main/java/org/openmbee/mms/rdb/repositories/UserRepository.java b/rdb/src/main/java/org/openmbee/mms/rdb/repositories/UserRepository.java index e9389279e..129355cad 100644 --- a/rdb/src/main/java/org/openmbee/mms/rdb/repositories/UserRepository.java +++ b/rdb/src/main/java/org/openmbee/mms/rdb/repositories/UserRepository.java @@ -10,6 +10,6 @@ public interface UserRepository extends JpaRepository { Optional findByEmail(String email); - Optional findByUsername(String username); + Optional findByUsernameIgnoreCase(String username); } diff --git a/twc/src/main/java/org/openmbee/mms/twc/security/TwcUserDetailsService.java b/twc/src/main/java/org/openmbee/mms/twc/security/TwcUserDetailsService.java index ee3981a26..336d0830f 100644 --- a/twc/src/main/java/org/openmbee/mms/twc/security/TwcUserDetailsService.java +++ b/twc/src/main/java/org/openmbee/mms/twc/security/TwcUserDetailsService.java @@ -23,7 +23,7 @@ public void setUserRepository(UserRepository userRepository) { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { - Optional user = userRepository.findByUsername(username); + Optional user = userRepository.findByUsernameIgnoreCase(username); User u; if (!user.isPresent()) {