Url encode username in sftp connection string

[Boy132]

Closes #1726

[coderabbitai]

📝 Walkthrough

Walkthrough

SFTP URL generation in server settings now percent-encodes the authenticated username. SFTP authentication lookup normalizes input by lowercasing and trimming. Stored user username and email are normalized to lowercase and trimmed via the string helper.

Changes

Cohort / File(s)	Summary
SFTP URL encoding (UI) app/Filament/Server/Pages/Settings.php	Use rawurlencode(auth()->user()->username) when building the connect_sftp action URL and in formatStateUsing, producing sftp://{encoded-username}.{uuid_short}@{fqdn}:{daemon_sftp}.
SFTP authentication lookup (API) app/Http/Controllers/Api/Remote/SftpAuthenticationController.php	Normalize lookup input by lowercasing and trimming the provided username before querying (uses normalized string to match username), then continue existing firstOr/reject flow.
User attribute normalization (Model) app/Models/User.php	Replace mb_strtolower($value) mutators for username and email with str($value)->lower()->trim()->toString(), ensuring stored values are lowercased and trimmed.

Sequence Diagram(s)

sequenceDiagram
    participant UI as Filament Settings UI
    participant Auth as Auth
    participant Controller as SftpAuthenticationController
    participant DB as User Model / DB

    UI->>Auth: request current user
    Auth-->>UI: returns user.username
    UI->>UI: rawurlencode(username) -> build sftp://{encoded}.{uuid_short}@{fqdn}:{port}
    Note right of UI #DFF2E1: Encoded username prevents\ninvalid URL characters

    UI->>Controller: POST /api/remote/sftp-auth { username: userInput }
    Controller->>Controller: normalize input (lowercase + trim)
    Controller->>DB: query user by normalized username
    alt user found
        DB-->>Controller: user record
        Controller-->>UI: 200 OK (auth result)
    else not found
        DB-->>Controller: null
        Controller-->>UI: 4xx / reject
    end

Loading

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes Check	⚠️ Warning	While the URL-encoding and controller normalization are in-scope for [#1726], the PR also modifies the User model's email mutator (adding trimming and a different string handling approach) and changes a Filament password field from ->label(...) to ->state(...), neither of which is required to fix the SFTP connect-button bug. These additional edits broaden the PR's scope and could introduce side effects (for example, altering email normalization behavior) that deserve separate review. Because these changes are unrelated to the primary issue, the PR contains out-of-scope edits.	Please split or justify unrelated changes: move the email mutator and UI field presentation edits into a separate PR or document why they are included here, add targeted tests that verify SFTP connections work with special usernames and that username/email normalization behaves as intended, and run the project's integration/regression tests to ensure no unintended breakage before merging.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title concisely and accurately describes the primary change: URL-encoding the username in the SFTP connection string. It directly reflects the edits in Settings.php and is specific enough for a reviewer scanning PR history to understand the main intent. The phrasing is concise and contains no extraneous file lists or vague wording.
Linked Issues Check	✅ Passed	The PR implements the core fixes requested by [#1726] by URL-encoding the username in the SFTP connection string (Settings.php) and adding username normalization in SftpAuthenticationController so special characters and surrounding whitespace no longer break the connect flow. The User model's updated mutator aligns stored usernames with the normalized lookup, reducing mismatches between input and storage. I did not find any missing coding-related requirements from the linked issue; the changes target URL encoding and username normalization, which are the primary fixes requested.
Description Check	✅ Passed	The description "Closes #1726" is terse but directly related to the linked issue and the changeset; under this lenient check it is on-topic and acceptable. Level of detail is not required for this check, and the reference to the issue ties the PR to its intent.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b4b40cf and 0e571ec.

📒 Files selected for processing (1)

• app/Filament/Server/Pages/Settings.php (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• app/Filament/Server/Pages/Settings.php

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

app/Filament/Server/Pages/Settings.php (2)

191-195: Duplicate label() call on password entry.

Two label() calls: the latter overrides the first. If the second is meant as helper/hint text, switch to the appropriate API; otherwise remove the duplicate.

---

175-178: Deduplicate SFTP URI construction and bracket IPv6 hosts

Confirmed duplicate SFTP URI concatenation in app/Filament/Server/Pages/Settings.php (connect_sftp->url closure and formatStateUsing closure). Replace both with a helper that rawurlencodes the username and brackets IPv6 literals:

private function buildSftpUri(Server $server): string
{
    $user = rawurlencode(auth()->user()->username) . '.' . $server->uuid_short;
    $host = $server->node->daemon_sftp_alias ?? $server->node->fqdn;

    if (strpos($host, ':') !== false && ($host[0] ?? '') !== '[') {
        $host = '[' . trim($host, '[]') . ']';
    }

    return sprintf('sftp://%s@%s:%d', $user, $host, (int) $server->node->daemon_sftp);
}

Wire both closures to call this helper and remove the duplicated concatenations.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5c24fe and 93526b7.

📒 Files selected for processing (1)

• app/Filament/Server/Pages/Settings.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

app/Filament/Server/Pages/Settings.php (2)

app/Models/Server.php (3)

• user (259-262)
• node (331-334)
• Server (132-504)

app/Models/User.php (1)

• username (219-224)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

app/Models/User.php (1)

195-195: Remove redundant email normalization in saving hook.

Since Line 229 now handles email normalization through the email() mutator, the explicit normalization in the saving hook is redundant and could lead to double processing.

    static::saving(function (self $user) {
-        $user->email = mb_strtolower($user->email);
    });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1da5657 and b4b40cf.

📒 Files selected for processing (2)

• app/Http/Controllers/Api/Remote/SftpAuthenticationController.php (1 hunks)
• app/Models/User.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

app/Http/Controllers/Api/Remote/SftpAuthenticationController.php (1)

app/Models/User.php (2)

• User (95-493)
• username (219-224)

🔇 Additional comments (4)

app/Models/User.php (2)

222-222: LGTM: Username normalization aligns with SFTP authentication.

The change to normalize usernames using str($value)->lower()->trim()->toString() is correct and ensures consistency with the SFTP authentication lookup in SftpAuthenticationController.php.

---

229-229: LGTM: Email normalization follows same pattern as username.

The email normalization using the fluent string helper is consistent with the username normalization and maintains proper data consistency.

app/Http/Controllers/Api/Remote/SftpAuthenticationController.php (2)

102-102: LGTM: Username normalization ensures consistent authentication.

The normalization using str($username)->lower()->trim() correctly aligns with the User model's username mutator, ensuring that SFTP authentication works consistently regardless of how the username was originally stored or provided.

---

100-105: Verify SFTP authentication handles special characters in usernames

• Found: Settings UI builds sftp:// URLs with rawurlencode(auth()->user()->username) — app/Filament/Server/Pages/Settings.php (lines ~177,183).
• Action: getUser() (app/Http/Controllers/Api/Remote/SftpAuthenticationController.php, ~lines 100–105) only lowercases/trims the username and does not rawurldecode. Confirm whether the incoming username is URL-decoded by the SFTP client/daemon; if not, decode before lookup (e.g. $username = rawurldecode($username); then str($username)->lower()->trim()).