Fix: Resolve Username Case Sensitivity Issue in Login Flow (#1070)

* Fix: Username changing The only situation where the username must be unique is when changing the username. * Update UserController.java
2024-04-14 23:07:03 +02:00
parent 032388a8e3
commit ace4e200b1
6 changed files with 22 additions and 17 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
@@ -56,7 +56,7 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
    }

    private boolean isDemoUser(String username) {
-        Optional<User> user = userService.findByUsername(username);
+        Optional<User> user = userService.findByUsernameIgnoreCase(username);
        return user.isPresent()
                && user.get().getAuthorities().stream()
                        .anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
--- a/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
@@ -39,7 +39,7 @@ public class FirstLoginFilter extends OncePerRequestFilter {

        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated()) {
-            Optional<User> user = userService.findByUsername(authentication.getName());
+            Optional<User> user = userService.findByUsernameIgnoreCase(authentication.getName());
            if ("GET".equalsIgnoreCase(method)
                    && user.isPresent()
                    && user.get().isFirstLogin()
--- a/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
+++ b/src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
@@ -38,7 +38,7 @@ public class InitialSecuritySetup {
                        initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);
            }
        }
-        if (!userService.usernameExists(Role.INTERNAL_API_USER.getRoleId())) {
+        if (!userService.usernameExistsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {
            userService.saveUser(
                    Role.INTERNAL_API_USER.getRoleId(),
                    UUID.randomUUID().toString(),
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@@ -62,7 +62,7 @@ public class UserService implements UserServiceInterface {
    public User addApiKeyToUser(String username) {
        User user =
                userRepository
-                        .findByUsername(username)
+                        .findByUsernameIgnoreCase(username)
                        .orElseThrow(() -> new UsernameNotFoundException("User not found"));

        user.setApiKey(generateApiKey());
@@ -76,7 +76,7 @@ public class UserService implements UserServiceInterface {
    public String getApiKeyForUser(String username) {
        User user =
                userRepository
-                        .findByUsername(username)
+                        .findByUsernameIgnoreCase(username)
                        .orElseThrow(() -> new UsernameNotFoundException("User not found"));
        return user.getApiKey();
    }
@@ -103,7 +103,7 @@ public class UserService implements UserServiceInterface {
    }

    public boolean validateApiKeyForUser(String username, String apiKey) {
-        Optional<User> userOpt = userRepository.findByUsername(username);
+        Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
        return userOpt.isPresent() && userOpt.get().getApiKey().equals(apiKey);
    }

@@ -136,7 +136,7 @@ public class UserService implements UserServiceInterface {
    }

    public void deleteUser(String username) {
-        Optional<User> userOpt = userRepository.findByUsername(username);
+        Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
        if (userOpt.isPresent()) {
            for (Authority authority : userOpt.get().getAuthorities()) {
                if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
@@ -151,12 +151,16 @@ public class UserService implements UserServiceInterface {
        return userRepository.findByUsername(username).isPresent();
    }

+    public boolean usernameExistsIgnoreCase(String username) {
+        return userRepository.findByUsernameIgnoreCase(username).isPresent();
+    }
+
    public boolean hasUsers() {
        return userRepository.count() > 0;
    }

    public void updateUserSettings(String username, Map<String, String> updates) {
-        Optional<User> userOpt = userRepository.findByUsername(username);
+        Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
        if (userOpt.isPresent()) {
            User user = userOpt.get();
            Map<String, String> settingsMap = user.getSettings();