From 3f84899a189de97ca6671c83065be6d28ba2fab7 Mon Sep 17 00:00:00 2001 From: saul-data <63714857+saul-data@users.noreply.github.com> Date: Fri, 30 Aug 2024 15:26:40 +0100 Subject: [PATCH 1/2] fix to case sensitive usernames and empty roles --- app/mainapp/database/migrations/db_migrate.go | 2 +- .../migrations/db_migrate_specific.go | 24 +++++++++++++++++++ .../private/resolvers/users.resolvers.go | 4 +++- .../public/resolvers/admins.resolvers.go | 3 +++ .../public/resolvers/users.resolvers.go | 5 ++++ app/mainapp/routes/apiroutes.go | 12 ++++++++++ 6 files changed, 48 insertions(+), 2 deletions(-) diff --git a/app/mainapp/database/migrations/db_migrate.go b/app/mainapp/database/migrations/db_migrate.go index cb4f6e7c7..3fb70b8c0 100644 --- a/app/mainapp/database/migrations/db_migrate.go +++ b/app/mainapp/database/migrations/db_migrate.go @@ -27,7 +27,7 @@ import ( func Migrate() { - migrateVersion := "0.0.82" + migrateVersion := "0.0.83" connectURL := fmt.Sprintf( "postgres://%s:%s@%s:%s/%s?sslmode=%s", diff --git a/app/mainapp/database/migrations/db_migrate_specific.go b/app/mainapp/database/migrations/db_migrate_specific.go index f6bd6e80f..f88bb70b2 100644 --- a/app/mainapp/database/migrations/db_migrate_specific.go +++ b/app/mainapp/database/migrations/db_migrate_specific.go @@ -104,6 +104,30 @@ func SpecificMigrations(dbConn *gorm.DB, migrateVersion string) { panic("Could register specific migration for key: " + migrationKey) } + /* To lower case all users */ + migrationKey = "username_lowercase" + + // If the key does not exist then perform the migration + if migrationsMap[migrationKey] == false { + + log.Println("Running specific migration for username lowercase.") + + errmigrate := dbConn.Transaction(func(tx *gorm.DB) error { + + if err := tx.Debug().Exec("UPDATE users SET username = LOWER(username), email = lower(email);").Error; err != nil { + log.Println("Could not register migration for key: "+migrationKey, err) + return err + } + + // return nil will commit the whole transaction + return nil + }) + + if errmigrate != nil { + panic("Could register specific migration for key: " + migrationKey) + } + } + } } diff --git a/app/mainapp/graphql/private/resolvers/users.resolvers.go b/app/mainapp/graphql/private/resolvers/users.resolvers.go index bc2f73e6c..6a054d041 100644 --- a/app/mainapp/graphql/private/resolvers/users.resolvers.go +++ b/app/mainapp/graphql/private/resolvers/users.resolvers.go @@ -43,6 +43,9 @@ func (r *mutationResolver) CreateUser(ctx context.Context, input *privategraphql return nil, errors.New("Password hash failed.") } + // Lowercase email + input.Email = strings.ToLower(input.Email) + userData := models.Users{ UserID: uuid.New().String(), FirstName: input.FirstName, @@ -113,7 +116,6 @@ func (r *mutationResolver) UpdateUser(ctx context.Context, input *privategraphql err := database.DBConn.Where("user_id = ?", input.UserID).Updates(models.Users{ FirstName: input.FirstName, LastName: input.LastName, - Email: input.Email, JobTitle: input.JobTitle, Timezone: input.Timezone, }).Error diff --git a/app/mainapp/graphql/public/resolvers/admins.resolvers.go b/app/mainapp/graphql/public/resolvers/admins.resolvers.go index eafd602fa..b9b5e485c 100644 --- a/app/mainapp/graphql/public/resolvers/admins.resolvers.go +++ b/app/mainapp/graphql/public/resolvers/admins.resolvers.go @@ -63,6 +63,9 @@ func (r *mutationResolver) SetupPlatform(ctx context.Context, input *publicgraph One: platform.One, } + // Lower case new user + input.AddUsersInput.Email = strings.ToLower(input.AddUsersInput.Email) + userData = &models.Users{ UserID: uuid.New().String(), UserType: "admin", diff --git a/app/mainapp/graphql/public/resolvers/users.resolvers.go b/app/mainapp/graphql/public/resolvers/users.resolvers.go index ff14b43e7..899033bfb 100644 --- a/app/mainapp/graphql/public/resolvers/users.resolvers.go +++ b/app/mainapp/graphql/public/resolvers/users.resolvers.go @@ -7,6 +7,7 @@ package publicresolvers import ( "context" "errors" + "strings" "github.com/dataplane-app/dataplane/app/mainapp/auth" "github.com/dataplane-app/dataplane/app/mainapp/database" @@ -17,6 +18,10 @@ import ( // LoginUser is the resolver for the loginUser field. func (r *queryResolver) LoginUser(ctx context.Context, username string, password string) (*publicgraphql.Authtoken, error) { + + // Lower case username + username = strings.ToLower(username) + // check if a user exists u := models.Users{} if res := database.DBConn.Where( diff --git a/app/mainapp/routes/apiroutes.go b/app/mainapp/routes/apiroutes.go index 71beef99f..5ae090b89 100644 --- a/app/mainapp/routes/apiroutes.go +++ b/app/mainapp/routes/apiroutes.go @@ -90,6 +90,9 @@ func APIRoutes(app *fiber.App) { }) } + // lower case email + userEmail = strings.ToLower(userEmail.(string)) + // Extract the role from the claims and check if role is allowed if dpconfig.OIDCClaimRoleKey != "" { @@ -111,6 +114,15 @@ func APIRoutes(app *fiber.App) { // Check if the role is in the allowed list roleValues := strings.Split(dpconfig.OIDCClaimRoleValues, ",") + + // if empty then error + if len(roleValues) < 1 { + return c.Status(http.StatusUnauthorized).JSON(fiber.Map{ + "Data Platform": "Dataplane", + "Error": "Role values not set.", + }) + } + for _, vRole := range stringRoles { if utilities.InArray(vRole, roleValues) == false { return c.Status(http.StatusUnauthorized).JSON(fiber.Map{ From 2a47ed474bf071239cbd9856f15cf5489af1ae51 Mon Sep 17 00:00:00 2001 From: saul-data <63714857+saul-data@users.noreply.github.com> Date: Fri, 30 Aug 2024 15:33:46 +0100 Subject: [PATCH 2/2] fix looking at the token not the config --- app/mainapp/routes/apiroutes.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/mainapp/routes/apiroutes.go b/app/mainapp/routes/apiroutes.go index 5ae090b89..f5738c325 100644 --- a/app/mainapp/routes/apiroutes.go +++ b/app/mainapp/routes/apiroutes.go @@ -116,10 +116,10 @@ func APIRoutes(app *fiber.App) { roleValues := strings.Split(dpconfig.OIDCClaimRoleValues, ",") // if empty then error - if len(roleValues) < 1 { + if len(stringRoles) < 1 { return c.Status(http.StatusUnauthorized).JSON(fiber.Map{ "Data Platform": "Dataplane", - "Error": "Role values not set.", + "Error": "Role values in token not set.", }) }