Merge pull request #673 from dataplane-app/sso-login

fix to case sensitive usernames and empty roles
dataplane-app · Aug 30, 2024 · f3e2807 · f3e2807
2 parents dc4f05c + 2a47ed4
commit f3e2807
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 2 deletions.
diff --git a/app/mainapp/database/migrations/db_migrate.go b/app/mainapp/database/migrations/db_migrate.go
@@ -27,7 +27,7 @@ import (
 
 func Migrate() {
 
-	migrateVersion := "0.0.82"
+	migrateVersion := "0.0.83"
 
 	connectURL := fmt.Sprintf(
 		"postgres://%s:%s@%s:%s/%s?sslmode=%s",

diff --git a/app/mainapp/database/migrations/db_migrate_specific.go b/app/mainapp/database/migrations/db_migrate_specific.go
@@ -104,6 +104,30 @@ func SpecificMigrations(dbConn *gorm.DB, migrateVersion string) {
 			panic("Could register specific migration for key: " + migrationKey)
 		}
 
+		/* To lower case all users */
+		migrationKey = "username_lowercase"
+
+		// If the key does not exist then perform the migration
+		if migrationsMap[migrationKey] == false {
+
+			log.Println("Running specific migration for username lowercase.")
+
+			errmigrate := dbConn.Transaction(func(tx *gorm.DB) error {
+
+				if err := tx.Debug().Exec("UPDATE users SET username = LOWER(username), email = lower(email);").Error; err != nil {
+					log.Println("Could not register migration for key: "+migrationKey, err)
+					return err
+				}
+
+				// return nil will commit the whole transaction
+				return nil
+			})
+
+			if errmigrate != nil {
+				panic("Could register specific migration for key: " + migrationKey)
+			}
+		}
+
 	}
 
 }
diff --git a/app/mainapp/graphql/private/resolvers/users.resolvers.go b/app/mainapp/graphql/private/resolvers/users.resolvers.go
diff --git a/app/mainapp/graphql/public/resolvers/admins.resolvers.go b/app/mainapp/graphql/public/resolvers/admins.resolvers.go
diff --git a/app/mainapp/graphql/public/resolvers/users.resolvers.go b/app/mainapp/graphql/public/resolvers/users.resolvers.go
diff --git a/app/mainapp/routes/apiroutes.go b/app/mainapp/routes/apiroutes.go
@@ -90,6 +90,9 @@ func APIRoutes(app *fiber.App) {
 			})
 		}
 
+		// lower case email
+		userEmail = strings.ToLower(userEmail.(string))
+
 		// Extract the role from the claims and check if role is allowed
 		if dpconfig.OIDCClaimRoleKey != "" {
 
@@ -111,6 +114,15 @@ func APIRoutes(app *fiber.App) {
 
 			// Check if the role is in the allowed list
 			roleValues := strings.Split(dpconfig.OIDCClaimRoleValues, ",")
+
+			// if empty then error
+			if len(stringRoles) < 1 {
+				return c.Status(http.StatusUnauthorized).JSON(fiber.Map{
+					"Data Platform": "Dataplane",
+					"Error":         "Role values in token not set.",
+				})
+			}
+
 			for _, vRole := range stringRoles {
 				if utilities.InArray(vRole, roleValues) == false {
 					return c.Status(http.StatusUnauthorized).JSON(fiber.Map{