New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make usernames case-insensitive when logging in #3918
Conversation
Is LDAP case-insensitive? Why only fix it for LDAP, and not in The Lounge overall? My proposed fix would be to simply lowercase searching here: thelounge/src/clientManager.js Lines 36 to 38 in 9bb0b02
That way it works outside of LDAP, and does not require a config option. |
Can you undo the signin/config change and squash please? |
171d8d2
to
5e1502b
Compare
@McInkay what do you reckon about this? It allows the files on disk to stay in whatever capitalization, but login will be case-insensitive. Unsure how we should (if we even need to) handle same usernames with different casing on case-sensitive file systems. |
5e1502b
to
fcc5be0
Compare
Hi @xPaw, Can you please have a look at the latest changes |
Yeah that looks fine, just need to give it some testing (see my comment above). Did you verify that this works on LDAP? |
Yes I have tested with LDAP as well, it works fine |
Sounds generally sensible to me.
Maybe we need to add a check to startup to see if there are any duplicated names just with case sensitivity differences. We can deprecate this until the next major version, just skipping this code for now if we find one, and just refusing to start up from the next major version? I suspect this won't affect many people, but we probably need to do it properly. |
We can do a loop after this code to find any duplicates that are case insensitive here: thelounge/src/clientManager.js Lines 41 to 43 in 3194777
I say we just print an error for user that has duplicates and not load it (remove the duplicate entry from users array). |
Hi @xPaw , |
Should be fine. |
312c0e0
to
396463a
Compare
src/clientManager.js
Outdated
for (let i = 0; i < usersList.length; i++) { | ||
const index = []; | ||
|
||
for (let j = 0; j < usersList.length; j++) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Double loop may get more expensive than it needs to be.
You can use a Set
to avoid the inner loop entirely. Like so:
Lowercase the name and check whether its in that set, if it is, then remove it from the user list and print a message, otherwise add it to set and continue.
If you loop from the end, then you can splice out the user from the array while iterating.
396463a
to
7c48755
Compare
7c48755
to
08f15ef
Compare
hi @xPaw |
The updated code still essentially loops multiple times, just in a functional manner. Here's a diff of what I had in mind, could you apply that to your PR (and squash it so its a single commit). diff --git a/src/clientManager.js b/src/clientManager.js
index ca1f55b6..942d31ff 100644
--- a/src/clientManager.js
+++ b/src/clientManager.js
@@ -34,18 +34,39 @@ ClientManager.prototype.init = function (identHandler, sockets) {
};
ClientManager.prototype.findClient = function (name) {
- return this.clients.find((u) => u.name === name);
+ name = name.toLowerCase();
+ return this.clients.find((u) => u.name.toLowerCase() === name);
};
ClientManager.prototype.loadUsers = function () {
- const users = this.getUsers();
+ let users = this.getUsers();
if (users.length === 0) {
log.info(
`There are currently no users. Create one with ${colors.bold("thelounge add <name>")}.`
);
+ return;
}
+ const alreadySeenUsers = new Set();
+ users = users.filter((user) => {
+ user = user.toLowerCase();
+
+ if (alreadySeenUsers.has(user)) {
+ log.error(
+ `There is more than one user named "${colors.bold(
+ user
+ )}". Usernames are now case insensitive, duplicate users will not load.`
+ );
+
+ return false;
+ }
+
+ alreadySeenUsers.add(user);
+
+ return true;
+ });
+
// This callback is used by Auth plugins to load users they deem acceptable
const callbackLoadUser = (user) => {
this.loadUser(user);
Looks like a temporary issue. |
08f15ef
to
1df64eb
Compare
Thanks for applying the change. I also thought that we need to make sure diff --git a/src/server.js b/src/server.js
index ba1ab417..699cabb8 100644
--- a/src/server.js
+++ b/src/server.js
@@ -803,6 +803,10 @@ function performAuthentication(data) {
return;
}
+ if (typeof data.user !== "string") {
+ return;
+ }
+
const authCallback = (success) => {
// Authorization failed
if (!success) { Could you please squash your commits into one after doing so? https://stackoverflow.com/questions/5189560/squash-my-last-x-commits-together-using-git Sorry for the trouble. |
1df64eb
to
6fde8f1
Compare
Sure, i'll add that check and squash all commits into one. |
After adding below changes, users with the integers as username can also login because the numbers sent through input fields are considered as strings. Any thoughts on this?
|
Sure, numeric usernames are valid. And the input field being sent through websocket would remain a string. That check is to verify we can call |
okay got it! thank you |
Removing the duplicate user profiles
6fde8f1
to
9e8033e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good now, just need to give it some testing.
Fixes #2943
What is the fix:
For a new user, a profile will be created in thelounge and every time the same profile will be loaded irrespective of the username case.
For an existing user, one of his/her profile will be loaded irrespective of the username case. Further, duplicate profiles of the user will be removed.