subtle installation issue with shiro + uppercase email #281
Milestone
Comments
oruscalleda
added
Type: Bug
arantzaetxebarria
added
ready for testing
iratigarzon
added a commit
that referenced
this issue
Feb 12, 2024
|
A solution to this problem has been developed and it is fixed. It will be available in the next release v2.5.3. Best regards |
unaibrrgn
added a commit
that referenced
this issue
Mar 15, 2024
…h-shiro #281 Fixed issue with uppercase email
|
After analyzing the issue, we found that if an admin user was created during installation and their email contained both uppercase and lowercase letters, they were unable to log in to the registry. Therefore, we made modifications to allow successful login in such cases. |
arantzaetxebarria
added
solved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In https://github.com/ec-jrc/re3gistry/blob/v2.4.2/sources/Re3gistry2Base/src/main/java/eu/europa/ec/re3gistry2/base/utility/UserHelper.java#L126 (current version as of 2023-04-25) the email address is turned into lower case. However, this case transformation does not seem to happen when the admin user is created during installation (https://github.com/ec-jrc/re3gistry/blob/v2.4.2/sources/Re3gistry2JavaAPI/src/main/java/eu/europa/ec/re3gistry2/javaapi/handler/RegInstallationStep3Handler.java#L49). This leads to login failures when typing an email address with uppercase letters.
As the exception handler https://github.com/ec-jrc/re3gistry/blob/v2.4.2/sources/Re3gistry2Base/src/main/java/eu/europa/ec/re3gistry2/base/utility/UserHelper.java#L130 logs the email without the lowercase transformation, it was quite an adventure to pinpoint this issue.
I would suggest dropping the toLowerCase() call from UserHelper and using a case insensitive comparison in the RegUser.findByEmail query instead https://github.com/ec-jrc/re3gistry/blob/v2.4.2/sources/Re3gistry2Model/src/main/java/eu/europa/ec/re3gistry2/model/RegUser.java#L53
Something like
LOWER(r.email) = LOWER(:email)could be a quick fix. However I'm not sure about the interactions with the persistence framework. For example, an index on LOWER(email) would be needed. As far as I understand the more correct way to do a case insensitive comparison in PostgreSQL would be using a case insensitive collation (https://www.postgresql.org/docs/current/collation.html) for that column, which seems even more complex with the persistence framework.Does anyone with more experience in this codebase have an opinion?
The text was updated successfully, but these errors were encountered: