Open-MBEE · HuiJun · Mar 14, 2023 · Feb 23, 2023
diff --git a/groups/src/main/java/org/openmbee/mms/groups/controllers/LocalGroupsController.java b/groups/src/main/java/org/openmbee/mms/groups/controllers/LocalGroupsController.java
@@ -126,7 +126,7 @@ public GroupUpdateResponse updateGroupUsers(@PathVariable String group,
         response.setGroup(group);
 
         groupUpdateRequest.getUsers().forEach(newUser -> {
-            User user = userRepository.findByUsername(newUser).orElse(null);
+            User user = userRepository.findByUsernameIgnoreCase(newUser).orElse(null);
             if (user != null) {
 
                 if (groupUpdateRequest.getAction() == Action.ADD) {

diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java
@@ -29,7 +29,6 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
-import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
@@ -155,7 +154,7 @@ private CustomLdapAuthoritiesPopulator(BaseLdapPathContextSource ldapContextSour
             public Collection<? extends GrantedAuthority> getGrantedAuthorities(
                 DirContextOperations userData, String username) {
                 logger.debug("Populating authorities using LDAP");
-                Optional<User> userOptional = userRepository.findByUsername(username);
+                Optional<User> userOptional = userRepository.findByUsernameIgnoreCase(username);
 
                 if (userOptional.isEmpty()) {
                     logger.info("No user record for {} in the userRepository, creating...", userData.getDn());

diff --git a/localuser/src/main/java/org/openmbee/mms/localuser/security/UserDetailsServiceImpl.java b/localuser/src/main/java/org/openmbee/mms/localuser/security/UserDetailsServiceImpl.java
@@ -31,7 +31,7 @@ public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
 
     @Override
     public UserDetailsImpl loadUserByUsername(String username) throws UsernameNotFoundException {
-        Optional<User> user = userRepository.findByUsername(username);
+        Optional<User> user = userRepository.findByUsernameIgnoreCase(username);
 
         if (!user.isPresent()) {
             throw new UsernameNotFoundException(
@@ -59,7 +59,7 @@ public User register(UserCreateRequest req) {
 
     @Transactional
     public void changeUserPassword(String username, String password, boolean asAdmin) {
-        Optional<User> userOptional = userRepository.findByUsername(username);
+        Optional<User> userOptional = userRepository.findByUsernameIgnoreCase(username);
         if(! userOptional.isPresent()) {
             throw new UsernameNotFoundException(
                     String.format("No user found with username '%s'.", username));

diff --git a/...c/main/java/org/openmbee/mms/permissions/delegation/DefaultBranchPermissionsDelegate.java b/...c/main/java/org/openmbee/mms/permissions/delegation/DefaultBranchPermissionsDelegate.java
@@ -93,7 +93,7 @@ public void initializePermissions(String creator) {
     @Override
     public void initializePermissions(String creator, boolean inherit) {
 
-        Optional<User> user = getUserRepo().findByUsername(creator);
+        Optional<User> user = getUserRepo().findByUsernameIgnoreCase(creator);
         Optional<Role> role = getRoleRepo().findByName("ADMIN");
 
         if (!user.isPresent()) {
@@ -131,7 +131,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
         switch(req.getAction()) {
             case MODIFY:
                 for (PermissionUpdateRequest.Permission p: req.getPermissions()) {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     Optional<Role> role = getRoleRepo().findByName(p.getRole());
                     if (!user.isPresent() || !role.isPresent()) {
                         //throw exception or skip
@@ -160,7 +160,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
                     branchUserPermRepo.findAllByBranchAndInherited(branch, false));
                 branchUserPermRepo.deleteByBranchAndInherited(branch, false);
                 for (PermissionUpdateRequest.Permission p: req.getPermissions()) {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     Optional<Role> role = getRoleRepo().findByName(p.getRole());
                     if (!user.isPresent() || !role.isPresent()) {
                         //throw exception or skip
@@ -174,7 +174,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
             case REMOVE:
                 Set<String> users = new HashSet<>();
                 req.getPermissions().forEach(p -> {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     if(! user.isPresent()) {
                         //throw or skip;
                         return;

diff --git a/.../src/main/java/org/openmbee/mms/permissions/delegation/DefaultOrgPermissionsDelegate.java b/.../src/main/java/org/openmbee/mms/permissions/delegation/DefaultOrgPermissionsDelegate.java
@@ -82,7 +82,7 @@ public void initializePermissions(String creator, boolean inherit) {
             throw new IllegalArgumentException("Cannot inherit permissions for an Org");
         }
 
-        Optional<User> user = getUserRepo().findByUsername(creator);
+        Optional<User> user = getUserRepo().findByUsernameIgnoreCase(creator);
         Optional<Role> role = getRoleRepo().findByName(AuthorizationConstants.ADMIN);
 
         if (!user.isPresent()) {
@@ -116,7 +116,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
         switch(req.getAction()) {
             case MODIFY:
                 for (PermissionUpdateRequest.Permission p: req.getPermissions()) {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     Optional<Role> role = getRoleRepo().findByName(p.getRole());
                     if (!user.isPresent() || !role.isPresent()) {
                         //throw exception or skip
@@ -146,7 +146,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
                 orgUserPermRepo.deleteByOrganization(organization);
 
                 for (PermissionUpdateRequest.Permission p: req.getPermissions()) {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     Optional<Role> role = getRoleRepo().findByName(p.getRole());
                     if (!user.isPresent() || !role.isPresent()) {
                         //throw exception or skip
@@ -160,7 +160,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
             case REMOVE:
                 Set<String> users = new HashSet<>();
                 req.getPermissions().forEach(p -> {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     if(! user.isPresent()) {
                         //throw or skip;
                         return;

diff --git a/.../main/java/org/openmbee/mms/permissions/delegation/DefaultProjectPermissionsDelegate.java b/.../main/java/org/openmbee/mms/permissions/delegation/DefaultProjectPermissionsDelegate.java
@@ -95,7 +95,7 @@ public void initializePermissions(String creator) {
 
     @Override
     public void initializePermissions(String creator, boolean inherit) {
-        Optional<User> user = getUserRepo().findByUsername(creator);
+        Optional<User> user = getUserRepo().findByUsernameIgnoreCase(creator);
         Optional<Role> role = getRoleRepo().findByName("ADMIN");
 
         if (!user.isPresent()) {
@@ -133,7 +133,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
         switch(req.getAction()) {
             case MODIFY:
                 for (PermissionUpdateRequest.Permission p: req.getPermissions()) {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     Optional<Role> role = getRoleRepo().findByName(p.getRole());
                     if (!user.isPresent() || !role.isPresent()) {
                         //throw exception or skip
@@ -162,7 +162,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
                     projectUserPermRepo.findAllByProjectAndInherited(project, false));
                 projectUserPermRepo.deleteByProjectAndInherited(project, false);
                 for (PermissionUpdateRequest.Permission p: req.getPermissions()) {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     Optional<Role> role = getRoleRepo().findByName(p.getRole());
                     if (!user.isPresent() || !role.isPresent()) {
                         //throw exception or skip
@@ -176,7 +176,7 @@ public PermissionUpdateResponse updateUserPermissions(PermissionUpdateRequest re
             case REMOVE:
                 Set<String> users = new HashSet<>();
                 req.getPermissions().forEach(p -> {
-                    Optional<User> user = getUserRepo().findByUsername(p.getName());
+                    Optional<User> user = getUserRepo().findByUsernameIgnoreCase(p.getName());
                     if(! user.isPresent()) {
                         //throw or skip;
                         return;

diff --git a/rdb/src/main/java/org/openmbee/mms/rdb/repositories/UserRepository.java b/rdb/src/main/java/org/openmbee/mms/rdb/repositories/UserRepository.java
@@ -10,6 +10,6 @@ public interface UserRepository extends JpaRepository<User, Long> {
 
     Optional<User> findByEmail(String email);
 
-    Optional<User> findByUsername(String username);
+    Optional<User> findByUsernameIgnoreCase(String username);
 
 }
diff --git a/twc/src/main/java/org/openmbee/mms/twc/security/TwcUserDetailsService.java b/twc/src/main/java/org/openmbee/mms/twc/security/TwcUserDetailsService.java
@@ -23,7 +23,7 @@ public void setUserRepository(UserRepository userRepository) {
 
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-        Optional<User> user = userRepository.findByUsername(username);
+        Optional<User> user = userRepository.findByUsernameIgnoreCase(username);
 
         User u;
         if (!user.isPresent()) {