Case sensitive login fix

If the backend Keystone is case-insensitive (perhaps using AD for authentication) then we could end up with several users in Grafana, one for each combination of upper & lowercase chars in the username. This fix always uses the username returned in the Keystone response as the username for Grafana, regardless of the case used in the login screen.
twc-openstack · Dec 2, 2016 · 1b8b6f9 · 1b8b6f9
1 parent 66316d7
commit 1b8b6f9
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/pkg/api/keystone/keystone_requests.go b/pkg/api/keystone/keystone_requests.go
@@ -220,6 +220,7 @@ func authenticate(data *Auth_data, b []byte) error {
 	data.Expiration = auth_response.Token.Expires_at
 	data.Roles = auth_response.Token.Roles
 	data.DomainId = auth_response.Token.User.Domain.Id
+	data.Username = auth_response.Token.User.Name
 
 	return nil
 }

diff --git a/pkg/login/keystone.go b/pkg/login/keystone.go
@@ -37,7 +37,7 @@ func (a *keystoneAuther) login(query *LoginUserQuery) error {
 
 	log.Trace("perform initial authentication")
 	// perform initial authentication
-	if err := a.authenticate(query.Username, query.Password); err != nil {
+	if err := a.authenticate(query); err != nil {
 		return err
 	}
 
@@ -56,19 +56,20 @@ func (a *keystoneAuther) login(query *LoginUserQuery) error {
 
 }
 
-func (a *keystoneAuther) authenticate(username, password string) error {
-	user, _ := keystone.UserDomain(username)
+func (a *keystoneAuther) authenticate(query *LoginUserQuery) error {
+	user, _ := keystone.UserDomain(query.Username)
 	auth := keystone.Auth_data{
 		Server:   a.server,
 		Username: user,
-		Password: password,
+		Password: query.Password,
 		Domain:   a.domainname,
 	}
 	if err := keystone.AuthenticateUnscoped(&auth); err != nil {
 		return err
 	}
 	a.token = auth.Token
 	a.domainId = auth.DomainId
+	query.Username = auth.Username // in case the actual username is a different case
 	return nil
 }