-
Notifications
You must be signed in to change notification settings - Fork 635
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Username case error #11716
Username case error #11716
Conversation
Build Artifacts
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small code cleanup, but this looks like the correct logic! Have not tested yet.
kolibri/core/auth/backends.py
Outdated
for user in users: | ||
if user.check_password(password): | ||
return user | ||
# Allow login without password for learners for facilities that allow this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be good to keep this code comment.
@rtibbles ,I've made the necessary changes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great. The last thing here would be to add tests for the backend changes in this file: https://github.com/learningequality/kolibri/blob/release-v0.16.x/kolibri/core/auth/test/test_backend.py (so add a test where we add another user with the username mike
as well as the user Mike
, and ensure that we authenticate as the correct one!).
In addition, a regression test for the multiple matching usernames case for the session endpoint would be great too - existing tests for that are here: https://github.com/learningequality/kolibri/blob/release-v0.16.x/kolibri/core/auth/test/test_api.py#L1054
If this is a step too far, I'm happy to implement these tests, but let me know your preference!
i will try |
@rtibbles , I've added the test. Please take a moment to review, and thank you for giving me the opportunity. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one question on the API test, but this is looking good!
# Assert the expected behavior based on the application's design | ||
self.assertEqual(response_user1.status_code, 200) | ||
|
||
response_user2 = self.client.post( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is different between each of these requests? Should the second one be the title case username instead?
yes 😅 |
@rtibbles done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent work!
Docs build is fixed on release branch. |
765a54b
into
learningequality:release-v0.16.x
Summary
This pull request addresses the issue of username case sensitivity when using the same password and also handles scenarios involving multiple usernames.
…
Changes Made
-In the 'backend.py' file, modify the logic to first check the password for case-sensitive usernames. If the user can log in successfully, proceed accordingly; otherwise, switch to using case-insensitive usernames.
-In 'api.py,' I modified the 'try-except' block and added an additional 'except' in the 'SessionViewSet' to handle scenarios involving multiple usernames.
…
BEFORE
If the usernames are 'h' and 'H' and they share the same password 'n', logging in with either 'h' or 'H' will open the same user account, specifically the one associated with the uppercase 'H'
2024-01-12.11-01-48.mp4
AFTER
When I log in with the 'h' username, it opens the 'h' user account. Similarly, logging in with the 'H' username opens the 'H' user account.
2024-01-12.11-10-16.mp4
Related Issues
Closes #11082
…
Reviewer guidance
…
Testing checklist
PR process
Reviewer checklist
yarn
andpip
)