Do not force username to always be lowercase in the DB

2020-09-01 18:00:19 -04:00 · 2020-09-01 18:00:19 -04:00 · 596a4897a3
parent 95eea0e9f8
commit 596a4897a3
5 changed files with 9 additions and 8 deletions
--- a/model/request/request.go
+++ b/model/request/request.go
@ -2,7 +2,6 @@ package request

 import (
 	"context"
-	"strings"

 	"github.com/deluan/navidrome/model"
 )
@ -23,7 +22,7 @@ func WithUser(ctx context.Context, u model.User) context.Context {
 }

 func WithUsername(ctx context.Context, username string) context.Context {
-	return context.WithValue(ctx, Username, strings.ToLower(username))
+	return context.WithValue(ctx, Username, username)
 }

 func WithClient(ctx context.Context, client string) context.Context {
--- a/persistence/mock_persistence.go
+++ b/persistence/mock_persistence.go
@ -98,6 +98,9 @@ type mockedUserRepo struct {
 }

 func (u *mockedUserRepo) FindByUsername(username string) (*model.User, error) {
+	if username != "admin" {
+		return nil, model.ErrNotFound
+	}
 	return &model.User{UserName: "admin", Password: "wordpass"}, nil
 }

--- a/persistence/user_repository.go
+++ b/persistence/user_repository.go
@ -2,7 +2,6 @@ package persistence

 import (
 	"context"
-	"strings"
 	"time"

 	. "github.com/Masterminds/squirrel"
@ -48,7 +47,6 @@ func (r *userRepository) Put(u *model.User) error {
 		id, _ := uuid.NewRandom()
 		u.ID = id.String()
 	}
-	u.UserName = strings.ToLower(u.UserName)
 	u.UpdatedAt = time.Now()
 	values, _ := toSqlArgs(*u)
 	update := Update(r.tableName).Where(Eq{"id": u.ID}).SetMap(values)
@ -73,8 +71,7 @@ func (r *userRepository) FindFirstAdmin() (*model.User, error) {
 }

 func (r *userRepository) FindByUsername(username string) (*model.User, error) {
-	username = strings.ToLower(username)
-	sel := r.newSelect().Columns("*").Where(Eq{"user_name": username})
+	sel := r.newSelect().Columns("*").Where(Like{"user_name": username})
 	var usr model.User
 	err := r.queryOne(sel, &usr)
 	return &usr, err
--- a/server/subsonic/middlewares.go
+++ b/server/subsonic/middlewares.go
@ -120,7 +120,7 @@ func validateUser(ctx context.Context, ds model.DataStore, username, pass, token
 	switch {
 	case jwt != "":
 		claims, err := auth.Validate(jwt)
-		valid = err == nil && claims["sub"] == username
+		valid = err == nil && claims["sub"] == user.UserName
 	case pass != "":
 		if strings.HasPrefix(pass, "enc:") {
 			if dec, err := hex.DecodeString(pass[4:]); err == nil {
--- a/server/subsonic/middlewares_test.go
+++ b/server/subsonic/middlewares_test.go
@ -282,7 +282,9 @@ var _ = Describe("Middlewares", func() {
 			})

 			It("fails if JWT token sub is different than username", func() {
-				_, err := validateUser(context.TODO(), ds, "not_admin", "", "", "", validToken)
+				u := &model.User{UserName: "hacker"}
+				validToken, _ = auth.CreateToken(u)
+				_, err := validateUser(context.TODO(), ds, "admin", "", "", "", validToken)
 				Expect(err).To(MatchError(model.ErrInvalidAuth))
 			})
 		})