diff --git a/tests/unit/oidc/models/test_gitlab.py b/tests/unit/oidc/models/test_gitlab.py index 4e8b5b524ee0..7c4409decb32 100644 --- a/tests/unit/oidc/models/test_gitlab.py +++ b/tests/unit/oidc/models/test_gitlab.py @@ -73,19 +73,36 @@ def test_lookup_fails_invalid_ci_config_ref_uri(self, environment): ): gitlab.GitLabPublisher.lookup_by_claims(pretend.stub(), signed_claims) - def test_lookup_succeeds_with_mixed_case_project_path(self, db_request): + @pytest.mark.parametrize( + ("configured_namespace", "configured_project", "project_path"), + [ + ( + "Foo", + "Bar", + "foo/bar", + ), + ( + "foo", + "bar", + "Foo/Bar", + ), + ], + ) + def test_lookup_succeeds_with_mixed_case_project_path( + self, db_request, configured_namespace, configured_project, project_path + ): # Test that we find a matching publisher when the project_path claims match # even if the case is different. stored_publisher = GitLabPublisherFactory( - namespace="Foo", - project="Bar", + namespace=configured_namespace, + project=configured_project, workflow_filepath=".gitlab-ci.yml", environment="", ) signed_claims = { - "project_path": "foo/bar", # different case than stored publisher - "ci_config_ref_uri": ("gitlab.com/foo/bar//.gitlab-ci.yml@refs/heads/main"), + "project_path": project_path, + "ci_config_ref_uri": "gitlab.com/foo/bar//.gitlab-ci.yml@refs/heads/main", "environment": "some_environment", } diff --git a/warehouse/oidc/models/gitlab.py b/warehouse/oidc/models/gitlab.py index 2750c080da0b..2b99edbd6247 100644 --- a/warehouse/oidc/models/gitlab.py +++ b/warehouse/oidc/models/gitlab.py @@ -246,8 +246,8 @@ def lookup_by_claims(cls, session: Session, signed_claims: SignedClaims) -> Self query: Query = Query(cls).filter( # claims `project_path` is case-insensitive - func.lower(cls.namespace) == namespace, - func.lower(cls.project) == project, + func.lower(cls.namespace) == func.lower(namespace), + func.lower(cls.project) == func.lower(project), cls.workflow_filepath == workflow_filepath, ) publishers = query.with_session(session).all()