Merge pull request #1306 from apernet/wip-userpass-ignore-case

tobyxdd · web-flow · commit 401ed5245d9b · 2025-02-03T18:05:27.000-08:00
Make username of userpass case insensitive
diff --git a/app/cmd/server.go b/app/cmd/server.go
@@ -755,7 +755,7 @@ func (c *serverConfig) fillAuthenticator(hyConfig *server.Config) error {
 		if len(c.Auth.UserPass) == 0 {
 			return configError{Field: "auth.userpass", Err: errors.New("empty auth userpass")}
 		}
-		hyConfig.Authenticator = &auth.UserPassAuthenticator{Users: c.Auth.UserPass}
+		hyConfig.Authenticator = auth.NewUserPassAuthenticator(c.Auth.UserPass)
 		return nil
 	case "http", "https":
 		if c.Auth.HTTP.URL == "" {
diff --git a/extras/auth/userpass.go b/extras/auth/userpass.go
@@ -16,15 +16,25 @@ var _ server.Authenticator = &UserPassAuthenticator{}
 // UserPassAuthenticator checks the provided auth string against a map of username/password pairs.
 // The format of the auth string must be "username:password".
 type UserPassAuthenticator struct {
-	Users map[string]string
+	users map[string]string
+}
+
+func NewUserPassAuthenticator(users map[string]string) *UserPassAuthenticator {
+	// Usernames are case-insensitive, as they are already lowercased by viper.
+	// Lowercase it again on our own to make it explicit.
+	lcUsers := make(map[string]string, len(users))
+	for user, pass := range users {
+		lcUsers[strings.ToLower(user)] = pass
+	}
+	return &UserPassAuthenticator{users: lcUsers}
 }
 
 func (a *UserPassAuthenticator) Authenticate(addr net.Addr, auth string, tx uint64) (ok bool, id string) {
 	u, p, ok := splitUserPass(auth)
 	if !ok {
 		return false, ""
 	}
-	rp, ok := a.Users[u]
+	rp, ok := a.users[u]
 	if !ok || rp != p {
 		return false, ""
 	}
@@ -36,5 +46,6 @@ func splitUserPass(auth string) (user, pass string, ok bool) {
 	if len(rs) != 2 {
 		return "", "", false
 	}
-	return rs[0], rs[1], true
+	// Usernames are case-insensitive
+	return strings.ToLower(rs[0]), rs[1], true
 }
diff --git a/extras/auth/userpass_test.go b/extras/auth/userpass_test.go
@@ -85,12 +85,26 @@ func TestUserPassAuthenticator(t *testing.T) {
 			wantOk: false,
 			wantId: "",
 		},
+		{
+			name: "case insensitive username",
+			fields: fields{
+				Users: map[string]string{
+					"gawR":   "gura",
+					"fubuki": "shirakami",
+				},
+			},
+			args: args{
+				addr: nil,
+				auth: "Gawr:gura",
+				tx:   0,
+			},
+			wantOk: true,
+			wantId: "gawr",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			a := &UserPassAuthenticator{
-				Users: tt.fields.Users,
-			}
+			a := NewUserPassAuthenticator(tt.fields.Users)
 			gotOk, gotId := a.Authenticate(tt.args.addr, tt.args.auth, tt.args.tx)
 			if gotOk != tt.wantOk {
 				t.Errorf("Authenticate() gotOk = %v, want %v", gotOk, tt.wantOk)

Original file line number	Diff line number	Diff line change
`@@ -755,7 +755,7 @@ func (c serverConfig) fillAuthenticator(hyConfig server.Config) error {`
`755`	`755`	`if len(c.Auth.UserPass) == 0 {`
`756`	`756`	`return configError{Field: "auth.userpass", Err: errors.New("empty auth userpass")}`
`757`	`757`	`}`
`758`		`- hyConfig.Authenticator = &auth.UserPassAuthenticator{Users: c.Auth.UserPass}`
	`758`	`+ hyConfig.Authenticator = auth.NewUserPassAuthenticator(c.Auth.UserPass)`
`759`	`759`	`return nil`
`760`	`760`	`case "http", "https":`
`761`	`761`	`if c.Auth.HTTP.URL == "" {`