Merge pull request #1331 from /issues/1330-backport-1324

Fix #1330: Backport #1324 to 1.4.x
wultra · Jun 6, 2023 · 0ca3639 · 0ca3639
2 parents 52919f1 + 3b33d13
commit 0ca3639
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 12 deletions.
diff --git a/...main/java/io/getlime/security/powerauth/app/nextstep/repository/CredentialRepository.java b/...main/java/io/getlime/security/powerauth/app/nextstep/repository/CredentialRepository.java
@@ -45,12 +45,12 @@ public interface CredentialRepository extends CrudRepository<CredentialEntity, S
     Stream<CredentialEntity> findAllByCredentialDefinitionAndStatus(CredentialDefinitionEntity credentialDefinition, CredentialStatus status);
 
     /**
-     * Find credential by credential name and username.
+     * Find credential by credential name and username (performing case insensitive matching).
      * @param credentialDefinition Credential definition.
      * @param username Username.
      * @return Credential matching query criteria.
      */
-    Optional<CredentialEntity> findByCredentialDefinitionAndUsername(CredentialDefinitionEntity credentialDefinition, String username);
+    Optional<CredentialEntity> findByCredentialDefinitionAndUsernameIgnoreCase(CredentialDefinitionEntity credentialDefinition, String username);
 
     /**
      * Reset soft failed attempt counters for credentials in BLOCKED_TEMPORARY status and change credential status to ACTIVE.

diff --git a/.../java/io/getlime/security/powerauth/app/nextstep/service/CredentialGenerationService.java b/.../java/io/getlime/security/powerauth/app/nextstep/service/CredentialGenerationService.java
@@ -159,7 +159,7 @@ private String generateRandomUsernameWithDigits(CredentialDefinitionEntity crede
                 // This can happen with leading zeros
                 continue;
             }
-            final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsername(credentialDefinition, username);
+            final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsernameIgnoreCase(credentialDefinition, username);
             if (credentialOptional.isPresent()) {
                 // Username is already taken
                 continue;
@@ -189,11 +189,11 @@ private String generateRandomUsernameWithLetters(CredentialDefinitionEntity cred
         for (int i = 0; i < generateUsernameMaxAttempts; i++) {
             final StringBuilder usernameBuilder = new StringBuilder();
             for (int j = 0; j < length; j++) {
-                final char c = (char) (secureRandom.nextInt(26) + 'a');
+                final char c = (char) (secureRandom.nextInt(26) + 'a'); // username is always lowercase
                 usernameBuilder.append(c);
             }
             final String username = usernameBuilder.toString();
-            final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsername(credentialDefinition, username);
+            final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsernameIgnoreCase(credentialDefinition, username);
             if (credentialOptional.isPresent()) {
                 // Username is already taken
                 continue;

diff --git a/...p/src/main/java/io/getlime/security/powerauth/app/nextstep/service/CredentialService.java b/...p/src/main/java/io/getlime/security/powerauth/app/nextstep/service/CredentialService.java
@@ -199,13 +199,13 @@ public UpdateCredentialResponse updateCredential(UpdateCredentialRequest request
         }
         CredentialValidationMode validationMode = CredentialValidationMode.NO_VALIDATION;
         if (request.getUsername() != null && request.getCredentialValue() != null) {
-            username = request.getUsername();
+            username = request.getUsername().toLowerCase();
             validationMode = CredentialValidationMode.VALIDATE_USERNAME_AND_CREDENTIAL;
         } else if (request.getCredentialValue() != null) {
-            username = credential.getUsername();
+            username = credential.getUsername().toLowerCase();
             validationMode = CredentialValidationMode.VALIDATE_CREDENTIAL;
         } else if (request.getUsername() != null) {
-            username = request.getUsername();
+            username = request.getUsername().toLowerCase();
             validationMode = CredentialValidationMode.VALIDATE_USERNAME;
         }
         if (request.getUsername() != null || request.getCredentialValue() != null) {
@@ -680,7 +680,7 @@ public CredentialSecretDetail createCredential(UserIdentityEntity user, Credenti
         if (username != null) {
             // Username has to be checked for duplicates even when username validation is disabled
             if (validationMode == CredentialValidationMode.NO_VALIDATION || validationMode == CredentialValidationMode.VALIDATE_CREDENTIAL) {
-                final Optional<CredentialEntity> existingCredentialOptional = credentialRepository.findByCredentialDefinitionAndUsername(credentialDefinition, username);
+                final Optional<CredentialEntity> existingCredentialOptional = credentialRepository.findByCredentialDefinitionAndUsernameIgnoreCase(credentialDefinition, username);
                 if (existingCredentialOptional.isPresent()) {
                     final CredentialEntity existingCredential = existingCredentialOptional.get();
                     if (!existingCredential.getUser().equals(user)) {
@@ -698,6 +698,9 @@ public CredentialSecretDetail createCredential(UserIdentityEntity user, Credenti
                 username = credentialGenerationService.generateUsername(credentialDefinition);
             }
         }
+        if (username != null) {
+            username = username.toLowerCase();
+        }
         credential.setType(credentialType);
         if (timestampExpires != null) {
             // Credential expiration is set in the request

diff --git a/.../java/io/getlime/security/powerauth/app/nextstep/service/CredentialValidationService.java b/.../java/io/getlime/security/powerauth/app/nextstep/service/CredentialValidationService.java
@@ -142,7 +142,7 @@ public List<CredentialValidationFailure> validateUsername(UserIdentityEntity use
         if (allowedPattern != null && !username.matches(allowedPattern)) {
             validationFailures.add(CredentialValidationFailure.USERNAME_ALLOWED_MATCH_FAILED);
         }
-        final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsername(credentialDefinition, username);
+        final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsernameIgnoreCase(credentialDefinition, username);
         if (credentialOptional.isPresent()) {
             final CredentialEntity credential = credentialOptional.get();
             if (!credential.getUser().equals(user)) {

diff --git a/...in/java/io/getlime/security/powerauth/app/nextstep/service/UserIdentityLookupService.java b/...in/java/io/getlime/security/powerauth/app/nextstep/service/UserIdentityLookupService.java
@@ -109,7 +109,7 @@ public LookupUsersResponse lookupUsers(LookupUsersRequest request) throws Invali
         // Choose main query based on most exact parameters, filter lookup results in code by additional parameters
         if (username != null && credentialName != null) {
             // When username and credentialName are present, lookup the user identity, single result or no result is found
-            final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsername(credentialDefinition, username);
+            final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsernameIgnoreCase(credentialDefinition, username);
             if (!credentialOptional.isPresent()) {
                 throw new UserNotFoundException("User not found, credential definition name: " + credentialName + ", username: " + username);
             }
@@ -232,7 +232,7 @@ public LookupUserResponse lookupUser(LookupUserRequest request) throws InvalidRe
         }
 
         // When username and credentialName are present, lookup the user identity, single result or no result is found
-        final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsername(credentialDefinition, username);
+        final Optional<CredentialEntity> credentialOptional = credentialRepository.findByCredentialDefinitionAndUsernameIgnoreCase(credentialDefinition, username);
         if (!credentialOptional.isPresent()) {
             throw new UserNotFoundException("User not found, credential definition name: " + credentialName + ", username: " + username);
         }