arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Do not force username to always be lowercase in the DB

Browse Source
This commit is contained in:
Deluan
2020-09-01 18:00:19 -04:00
parent 95eea0e9f8
commit 596a4897a3
5 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/subsonic/middlewares.go
+1 -1
View File
@@ -120,7 +120,7 @@ func validateUser(ctx context.Context, ds model.DataStore, username, pass, token
switch {
case jwt != "":
claims, err := auth.Validate(jwt)
valid = err == nil && claims["sub"] == username
valid = err == nil && claims["sub"] == user.UserName
case pass != "":
if strings.HasPrefix(pass, "enc:") {
if dec, err := hex.DecodeString(pass[4:]); err == nil {
server/subsonic/middlewares_test.go
+3 -1
View File
@@ -282,7 +282,9 @@ var _ = Describe("Middlewares", func() {
})
It("fails if JWT token sub is different than username", func() {
_, err := validateUser(context.TODO(), ds, "not_admin", "", "", "", validToken)
u := &model.User{UserName: "hacker"}
validToken, _ = auth.CreateToken(u)
_, err := validateUser(context.TODO(), ds, "admin", "", "", "", validToken)
Expect(err).To(MatchError(model.ErrInvalidAuth))
})
})