Make usernames case-insensitive when logging in #3918
Conversation
|
Is LDAP case-insensitive? Why only fix it for LDAP, and not in The Lounge overall? My proposed fix would be to simply lowercase searching here: thelounge/src/clientManager.js Lines 36 to 38 in 9bb0b02 That way it works outside of LDAP, and does not require a config option. |
|
Can you undo the signin/config change and squash please? |
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
171d8d2
to
5e1502b
Compare
|
@McInkay what do you reckon about this? It allows the files on disk to stay in whatever capitalization, but login will be case-insensitive. Unsure how we should (if we even need to) handle same usernames with different casing on case-sensitive file systems. |
xPaw
added
the
Type: Feature
xPaw
changed the title
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
5e1502b
to
fcc5be0
Compare
|
Hi @xPaw, Can you please have a look at the latest changes |
|
Yeah that looks fine, just need to give it some testing (see my comment above). Did you verify that this works on LDAP? |
|
Yes I have tested with LDAP as well, it works fine |
Sounds generally sensible to me.
Maybe we need to add a check to startup to see if there are any duplicated names just with case sensitivity differences. We can deprecate this until the next major version, just skipping this code for now if we find one, and just refusing to start up from the next major version? I suspect this won't affect many people, but we probably need to do it properly. |
|
We can do a loop after this code to find any duplicates that are case insensitive here: thelounge/src/clientManager.js Lines 41 to 43 in 3194777
I say we just print an error for user that has duplicates and not load it (remove the duplicate entry from users array). |
|
Hi @xPaw , |
|
Should be fine. |
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
312c0e0
to
396463a
Compare
src/clientManager.js
Outdated
| for (let i = 0; i < usersList.length; i++) { | ||
| const index = []; | ||
|
|
||
| for (let j = 0; j < usersList.length; j++) { |
There was a problem hiding this comment.
Double loop may get more expensive than it needs to be.
You can use a Set to avoid the inner loop entirely. Like so:
Lowercase the name and check whether its in that set, if it is, then remove it from the user list and print a message, otherwise add it to set and continue.
If you loop from the end, then you can splice out the user from the array while iterating.
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
396463a
to
7c48755
Compare
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
7c48755
to
08f15ef
Compare
|
hi @xPaw |
|
The updated code still essentially loops multiple times, just in a functional manner. Here's a diff of what I had in mind, could you apply that to your PR (and squash it so its a single commit). diff --git a/src/clientManager.js b/src/clientManager.js
index ca1f55b6..942d31ff 100644
--- a/src/clientManager.js
+++ b/src/clientManager.js
@@ -34,18 +34,39 @@ ClientManager.prototype.init = function (identHandler, sockets) {
};
ClientManager.prototype.findClient = function (name) {
- return this.clients.find((u) => u.name === name);
+ name = name.toLowerCase();
+ return this.clients.find((u) => u.name.toLowerCase() === name);
};
ClientManager.prototype.loadUsers = function () {
- const users = this.getUsers();
+ let users = this.getUsers();
if (users.length === 0) {
log.info(
`There are currently no users. Create one with ${colors.bold("thelounge add <name>")}.`
);
+ return;
}
+ const alreadySeenUsers = new Set();
+ users = users.filter((user) => {
+ user = user.toLowerCase();
+
+ if (alreadySeenUsers.has(user)) {
+ log.error(
+ `There is more than one user named "${colors.bold(
+ user
+ )}". Usernames are now case insensitive, duplicate users will not load.`
+ );
+
+ return false;
+ }
+
+ alreadySeenUsers.add(user);
+
+ return true;
+ });
+
// This callback is used by Auth plugins to load users they deem acceptable
const callbackLoadUser = (user) => {
this.loadUser(user);
Looks like a temporary issue. |
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
08f15ef
to
1df64eb
Compare
|
Thanks for applying the change. I also thought that we need to make sure diff --git a/src/server.js b/src/server.js
index ba1ab417..699cabb8 100644
--- a/src/server.js
+++ b/src/server.js
@@ -803,6 +803,10 @@ function performAuthentication(data) {
return;
}
+ if (typeof data.user !== "string") {
+ return;
+ }
+
const authCallback = (success) => {
// Authorization failed
if (!success) {Could you please squash your commits into one after doing so? https://stackoverflow.com/questions/5189560/squash-my-last-x-commits-together-using-git Sorry for the trouble. |
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
1df64eb
to
6fde8f1
Compare
|
Sure, i'll add that check and squash all commits into one. |
|
After adding below changes, users with the integers as username can also login because the numbers sent through input fields are considered as strings. Any thoughts on this?
|
Sure, numeric usernames are valid. And the input field being sent through websocket would remain a string. That check is to verify we can call |
okay got it! thank you |
Removing the duplicate user profiles
ashwinikammar
force-pushed
the
ashwini/fix_username
branch
from
6fde8f1
to
9e8033e
Compare
Fixes #2943
What is the fix:
For a new user, a profile will be created in thelounge and every time the same profile will be loaded irrespective of the username case.
For an existing user, one of his/her profile will be loaded irrespective of the username case. Further, duplicate profiles of the user will be removed.