From 4fc3d657f6d4a067631d66412b06b15c1bbbc843 Mon Sep 17 00:00:00 2001
From: Andrew Martinez <andrew.p.martinez@gmail.com>
Date: Wed, 23 Apr 2025 14:43:52 -0400
Subject: [PATCH] addresses openziti/ziti#3008 UPDB enrolls panic on older
 controllers

- older controllers do not parot back the result username, which can be
  set by administrators and the enrolling client has no idea what the
  value is
---
 ziti/enroll/enroll.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ziti/enroll/enroll.go b/ziti/enroll/enroll.go
index 6de65b3d..89fcfdf9 100644
--- a/ziti/enroll/enroll.go
+++ b/ziti/enroll/enroll.go
@@ -241,6 +241,11 @@ func Enroll(enFlags EnrollmentFlags) (*ziti.Config, error) {
 		enrollErr = enrollCAAuto(enFlags, cfg, caPool)
 	case "updb":
 		resultUsername, enrollErr = enrollUpdb(enFlags.Username, enFlags.Password, enFlags.Token, caPool)
+
+		//v1.5.0 and earlier controllers do not confirm the username in their response (e.g. if set by admin and an override isn't provided)
+		if resultUsername == "" {
+			resultUsername = enFlags.Username
+		}
 	default:
 		enrollErr = errors.Errorf("enrollment method '%s' is not supported", enFlags.Token.EnrollmentMethod)
 	}
@@ -325,7 +330,7 @@ func enrollUpdb(username, password string, token *ziti.EnrollmentClaims, caPool
 	if resp.StatusCode == http.StatusOK {
 		respBody, _ := io.ReadAll(resp.Body)
 		if respContainer, err := gabs.ParseJSON(respBody); err == nil {
-			username = respContainer.Path("data.username").Data().(string)
+			username, _ = respContainer.Path("data.username").Data().(string)
 		}
 		return username, nil
 	}