Do not force username to always be lowercase in the DB

navidrome · Sep 1, 2020 · 596a489 · 596a489
1 parent 95eea0e
commit 596a489
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 8 deletions.
diff --git a/model/request/request.go b/model/request/request.go
@@ -2,7 +2,6 @@ package request
 
 import (
 	"context"
-	"strings"
 
 	"github.com/deluan/navidrome/model"
 )
@@ -23,7 +22,7 @@ func WithUser(ctx context.Context, u model.User) context.Context {
 }
 
 func WithUsername(ctx context.Context, username string) context.Context {
-	return context.WithValue(ctx, Username, strings.ToLower(username))
+	return context.WithValue(ctx, Username, username)
 }
 
 func WithClient(ctx context.Context, client string) context.Context {

diff --git a/persistence/mock_persistence.go b/persistence/mock_persistence.go
@@ -98,6 +98,9 @@ type mockedUserRepo struct {
 }
 
 func (u *mockedUserRepo) FindByUsername(username string) (*model.User, error) {
+	if username != "admin" {
+		return nil, model.ErrNotFound
+	}
 	return &model.User{UserName: "admin", Password: "wordpass"}, nil
 }
 

diff --git a/persistence/user_repository.go b/persistence/user_repository.go
@@ -2,7 +2,6 @@ package persistence
 
 import (
 	"context"
-	"strings"
 	"time"
 
 	. "github.com/Masterminds/squirrel"
@@ -48,7 +47,6 @@ func (r *userRepository) Put(u *model.User) error {
 		id, _ := uuid.NewRandom()
 		u.ID = id.String()
 	}
-	u.UserName = strings.ToLower(u.UserName)
 	u.UpdatedAt = time.Now()
 	values, _ := toSqlArgs(*u)
 	update := Update(r.tableName).Where(Eq{"id": u.ID}).SetMap(values)
@@ -73,8 +71,7 @@ func (r *userRepository) FindFirstAdmin() (*model.User, error) {
 }
 
 func (r *userRepository) FindByUsername(username string) (*model.User, error) {
-	username = strings.ToLower(username)
-	sel := r.newSelect().Columns("*").Where(Eq{"user_name": username})
+	sel := r.newSelect().Columns("*").Where(Like{"user_name": username})
 	var usr model.User
 	err := r.queryOne(sel, &usr)
 	return &usr, err

diff --git a/server/subsonic/middlewares.go b/server/subsonic/middlewares.go
@@ -120,7 +120,7 @@ func validateUser(ctx context.Context, ds model.DataStore, username, pass, token
 	switch {
 	case jwt != "":
 		claims, err := auth.Validate(jwt)
-		valid = err == nil && claims["sub"] == username
+		valid = err == nil && claims["sub"] == user.UserName
 	case pass != "":
 		if strings.HasPrefix(pass, "enc:") {
 			if dec, err := hex.DecodeString(pass[4:]); err == nil {

diff --git a/server/subsonic/middlewares_test.go b/server/subsonic/middlewares_test.go
@@ -282,7 +282,9 @@ var _ = Describe("Middlewares", func() {
 			})
 
 			It("fails if JWT token sub is different than username", func() {
-				_, err := validateUser(context.TODO(), ds, "not_admin", "", "", "", validToken)
+				u := &model.User{UserName: "hacker"}
+				validToken, _ = auth.CreateToken(u)
+				_, err := validateUser(context.TODO(), ds, "admin", "", "", "", validToken)
 				Expect(err).To(MatchError(model.ErrInvalidAuth))
 			})
 		})