Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-11-01 01:21:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Resolve Username Case Sensitivity Issue in Login Flow (#1070)

Browse Source 
* Fix: Username changing

The only situation where the username must be unique is when changing the username.

* Update UserController.java
This commit is contained in:
Ludy 2024-04-14 23:07:03 +02:00 committed by GitHub
parent 032388a8e3
commit ace4e200b1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
View File

@ -56,7 +56,7 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
}
private boolean isDemoUser(String username) {
Optional<User> user = userService.findByUsername(username);
Optional<User> user = userService.findByUsernameIgnoreCase(username);
return user.isPresent()
&& user.get().getAuthorities().stream()
.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));

2
src/main/java/stirling/software/SPDF/config/security/FirstLoginFilter.java
View File

@ -39,7 +39,7 @@ public class FirstLoginFilter extends OncePerRequestFilter {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
Optional<User> user = userService.findByUsername(authentication.getName());
Optional<User> user = userService.findByUsernameIgnoreCase(authentication.getName());
if ("GET".equalsIgnoreCase(method)
&& user.isPresent()
&& user.get().isFirstLogin()

2
src/main/java/stirling/software/SPDF/config/security/InitialSecuritySetup.java
View File

@ -38,7 +38,7 @@ public class InitialSecuritySetup {
initialUsername, initialPassword, Role.ADMIN.getRoleId(), true);
}
}
if (!userService.usernameExists(Role.INTERNAL_API_USER.getRoleId())) {
if (!userService.usernameExistsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {
userService.saveUser(
Role.INTERNAL_API_USER.getRoleId(),
UUID.randomUUID().toString(),

14
src/main/java/stirling/software/SPDF/config/security/UserService.java
View File

@ -62,7 +62,7 @@ public class UserService implements UserServiceInterface {
public User addApiKeyToUser(String username) {
User user =
userRepository
.findByUsername(username)
.findByUsernameIgnoreCase(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
user.setApiKey(generateApiKey());
@ -76,7 +76,7 @@ public class UserService implements UserServiceInterface {
public String getApiKeyForUser(String username) {
User user =
userRepository
.findByUsername(username)
.findByUsernameIgnoreCase(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
return user.getApiKey();
}
@ -103,7 +103,7 @@ public class UserService implements UserServiceInterface {
}
public boolean validateApiKeyForUser(String username, String apiKey) {
Optional<User> userOpt = userRepository.findByUsername(username);
Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
return userOpt.isPresent() && userOpt.get().getApiKey().equals(apiKey);
}
@ -136,7 +136,7 @@ public class UserService implements UserServiceInterface {
}
public void deleteUser(String username) {
Optional<User> userOpt = userRepository.findByUsername(username);
Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
if (userOpt.isPresent()) {
for (Authority authority : userOpt.get().getAuthorities()) {
if (authority.getAuthority().equals(Role.INTERNAL_API_USER.getRoleId())) {
@ -151,12 +151,16 @@ public class UserService implements UserServiceInterface {
return userRepository.findByUsername(username).isPresent();
}
public boolean usernameExistsIgnoreCase(String username) {
return userRepository.findByUsernameIgnoreCase(username).isPresent();
}
public boolean hasUsers() {
return userRepository.count() > 0;
}
public void updateUserSettings(String username, Map<String, String> updates) {
Optional<User> userOpt = userRepository.findByUsername(username);
Optional<User> userOpt = userRepository.findByUsernameIgnoreCase(username);
if (userOpt.isPresent()) {
User user = userOpt.get();
Map<String, String> settingsMap = user.getSettings();

15
src/main/java/stirling/software/SPDF/controller/api/UserController.java
View File

@ -43,7 +43,7 @@ public class UserController {
@PreAuthorize("!hasAuthority('ROLE_DEMO_USER')")
@PostMapping("/register")
public String register(@ModelAttribute UsernameAndPass requestModel, Model model) {
if (userService.usernameExists(requestModel.getUsername())) {
if (userService.usernameExistsIgnoreCase(requestModel.getUsername())) {
model.addAttribute("error", "Username already exists");
return "register";
}
@ -70,7 +70,8 @@ public class UserController {
return new RedirectView("/account?messageType=notAuthenticated");
}
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
// The username MUST be unique when renaming
Optional<User> userOpt = userService.findByUsername(principal.getName());
if (userOpt == null || userOpt.isEmpty()) {
return new RedirectView("/account?messageType=userNotFound");
@ -113,7 +114,7 @@ public class UserController {
return new RedirectView("/change-creds?messageType=notAuthenticated");
}
Optional<User> userOpt = userService.findByUsername(principal.getName());
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
if (userOpt == null || userOpt.isEmpty()) {
return new RedirectView("/change-creds?messageType=userNotFound");
@ -146,7 +147,7 @@ public class UserController {
return new RedirectView("/account?messageType=notAuthenticated");
}
Optional<User> userOpt = userService.findByUsername(principal.getName());
Optional<User> userOpt = userService.findByUsernameIgnoreCase(principal.getName());
if (userOpt == null || userOpt.isEmpty()) {
return new RedirectView("/account?messageType=userNotFound");
@ -207,7 +208,7 @@ public class UserController {
return new RedirectView("/addUsers?messageType=usernameExists");
}
}
if (userService.usernameExists(username)) {
if (userService.usernameExistsIgnoreCase(username)) {
return new RedirectView("/addUsers?messageType=usernameExists");
}
try {
@ -231,7 +232,7 @@ public class UserController {
public RedirectView deleteUser(
@PathVariable(name = "username") String username, Authentication authentication) {
if (!userService.usernameExists(username)) {
if (!userService.usernameExistsIgnoreCase(username)) {
return new RedirectView("/addUsers?messageType=deleteUsernameExists");
}
@ -239,7 +240,7 @@ public class UserController {
String currentUsername = authentication.getName();
// Check if the provided username matches the current session's username
if (currentUsername.equals(username)) {
if (currentUsername.equalsIgnoreCase(username)) {
return new RedirectView("/addUsers?messageType=deleteCurrentUser");
}
invalidateUserSessions(username);

4
src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
View File

@ -95,7 +95,7 @@ public class AccountWebController {
// Fetch user details from the database
Optional<User> user =
userRepository.findByUsername(
userRepository.findByUsernameIgnoreCase(
username); // Assuming findByUsername method exists
if (!user.isPresent()) {
// Handle error appropriately
@ -145,7 +145,7 @@ public class AccountWebController {
// Fetch user details from the database
Optional<User> user =
userRepository.findByUsername(
userRepository.findByUsernameIgnoreCase(
username); // Assuming findByUsername method exists
if (!user.isPresent()) {
// Handle error appropriately