arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Do not force username to always be lowercase in the DB

Browse Source
This commit is contained in:
Deluan
2020-09-01 18:00:19 -04:00
parent 95eea0e9f8
commit 596a4897a3
5 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
model/request/request.go
+1 -2
View File
@@ -2,7 +2,6 @@ package request
import ( import (
"context" "context"
"strings"
"github.com/deluan/navidrome/model" "github.com/deluan/navidrome/model"
) )
@@ -23,7 +22,7 @@ func WithUser(ctx context.Context, u model.User) context.Context {
} }
func WithUsername(ctx context.Context, username string) context.Context { func WithUsername(ctx context.Context, username string) context.Context {
return context.WithValue(ctx, Username, strings.ToLower(username)) return context.WithValue(ctx, Username, username)
} }
func WithClient(ctx context.Context, client string) context.Context { func WithClient(ctx context.Context, client string) context.Context {
persistence/mock_persistence.go
+3
View File
@@ -98,6 +98,9 @@ type mockedUserRepo struct {
} }
func (u *mockedUserRepo) FindByUsername(username string) (*model.User, error) { func (u *mockedUserRepo) FindByUsername(username string) (*model.User, error) {
if username != "admin" {
return nil, model.ErrNotFound
}
return &model.User{UserName: "admin", Password: "wordpass"}, nil return &model.User{UserName: "admin", Password: "wordpass"}, nil
} }
persistence/user_repository.go
+1 -4
View File
@@ -2,7 +2,6 @@ package persistence
import ( import (
"context" "context"
"strings"
"time" "time"
. "github.com/Masterminds/squirrel" . "github.com/Masterminds/squirrel"
@@ -48,7 +47,6 @@ func (r *userRepository) Put(u *model.User) error {
id, _ := uuid.NewRandom() id, _ := uuid.NewRandom()
u.ID = id.String() u.ID = id.String()
} }
u.UserName = strings.ToLower(u.UserName)
u.UpdatedAt = time.Now() u.UpdatedAt = time.Now()
values, _ := toSqlArgs(*u) values, _ := toSqlArgs(*u)
update := Update(r.tableName).Where(Eq{"id": u.ID}).SetMap(values) update := Update(r.tableName).Where(Eq{"id": u.ID}).SetMap(values)
@@ -73,8 +71,7 @@ func (r *userRepository) FindFirstAdmin() (*model.User, error) {
} }
func (r *userRepository) FindByUsername(username string) (*model.User, error) { func (r *userRepository) FindByUsername(username string) (*model.User, error) {
username = strings.ToLower(username) sel := r.newSelect().Columns("*").Where(Like{"user_name": username})
sel := r.newSelect().Columns("*").Where(Eq{"user_name": username})
var usr model.User var usr model.User
err := r.queryOne(sel, &usr) err := r.queryOne(sel, &usr)
return &usr, err return &usr, err
server/subsonic/middlewares.go
+1 -1
View File
@@ -120,7 +120,7 @@ func validateUser(ctx context.Context, ds model.DataStore, username, pass, token
switch { switch {
case jwt != "": case jwt != "":
claims, err := auth.Validate(jwt) claims, err := auth.Validate(jwt)
valid = err == nil && claims["sub"] == username valid = err == nil && claims["sub"] == user.UserName
case pass != "": case pass != "":
if strings.HasPrefix(pass, "enc:") { if strings.HasPrefix(pass, "enc:") {
if dec, err := hex.DecodeString(pass[4:]); err == nil { if dec, err := hex.DecodeString(pass[4:]); err == nil {
server/subsonic/middlewares_test.go
+3 -1
View File
@@ -282,7 +282,9 @@ var _ = Describe("Middlewares", func() {
}) })
It("fails if JWT token sub is different than username", func() { It("fails if JWT token sub is different than username", func() {
_, err := validateUser(context.TODO(), ds, "not_admin", "", "", "", validToken) u := &model.User{UserName: "hacker"}
validToken, _ = auth.CreateToken(u)
_, err := validateUser(context.TODO(), ds, "admin", "", "", "", validToken)
Expect(err).To(MatchError(model.ErrInvalidAuth)) Expect(err).To(MatchError(model.ErrInvalidAuth))
}) })
}) })