Added case-sensitivity option for usernames (#485)

Radiergummi · taylorotwell · web-flow · commit 74cd344aea9a · 2023-09-06T15:42:11.000-05:00
* Added case sensitivity option for usernames.

Introduced a new configuration option 'case_sensitive_usernames'. This feature allows to decide whether usernames should be treated as case-sensitive. The default configuration value is true to prevent backwards-compatibility breaks. If it is set to false, the system will convert all usernames to lowercase before storing or comparing them. This prevents issues with case-sensitive database collations, where users would not enter their email address in the exact variation used at registration. Accompanying tests and implementation have been updated or added accordingly.

* Removed legal disclaimer

* Removed superfluous function imports

* formatting

---------

Co-authored-by: Taylor Otwell &lt;taylor@laravel.com&gt;
diff --git a/config/fortify.php b/config/fortify.php
@@ -13,6 +13,7 @@
     'home' => '/home',
     'prefix' => '',
     'domain' => null,
+    'lowercase_usernames' => false,
     'limiters' => [
         'login' => null,
     ],
diff --git a/src/Actions/CanonicalizeUsername.php b/src/Actions/CanonicalizeUsername.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Laravel\Fortify\Actions;
+
+use Illuminate\Support\Str;
+use Laravel\Fortify\Fortify;
+
+class CanonicalizeUsername
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  callable  $next
+     * @return mixed
+     */
+    public function handle($request, $next)
+    {
+        $request->merge([
+            Fortify::username() => Str::lower($request->{Fortify::username()}),
+        ]);
+
+        return $next($request);
+    }
+}
diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php
@@ -7,6 +7,7 @@
 use Illuminate\Routing\Controller;
 use Illuminate\Routing\Pipeline;
 use Laravel\Fortify\Actions\AttemptToAuthenticate;
+use Laravel\Fortify\Actions\CanonicalizeUsername;
 use Laravel\Fortify\Actions\EnsureLoginIsNotThrottled;
 use Laravel\Fortify\Actions\PrepareAuthenticatedSession;
 use Laravel\Fortify\Actions\RedirectIfTwoFactorAuthenticatable;
@@ -83,6 +84,7 @@ protected function loginPipeline(LoginRequest $request)
 
         return (new Pipeline(app()))->send($request)->through(array_filter([
             config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class,
+            config('fortify.lowercase_usernames') ? CanonicalizeUsername::class : null,
             Features::enabled(Features::twoFactorAuthentication()) ? RedirectIfTwoFactorAuthenticatable::class : null,
             AttemptToAuthenticate::class,
             PrepareAuthenticatedSession::class,
diff --git a/src/Http/Controllers/ProfileInformationController.php b/src/Http/Controllers/ProfileInformationController.php
@@ -4,8 +4,10 @@
 
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
+use Illuminate\Support\Str;
 use Laravel\Fortify\Contracts\ProfileInformationUpdatedResponse;
 use Laravel\Fortify\Contracts\UpdatesUserProfileInformation;
+use Laravel\Fortify\Fortify;
 
 class ProfileInformationController extends Controller
 {
@@ -19,6 +21,12 @@ class ProfileInformationController extends Controller
     public function update(Request $request,
                            UpdatesUserProfileInformation $updater)
     {
+        if (config('fortify.lowercase_usernames')) {
+            $request->merge([
+                Fortify::username() => Str::lower($request->{Fortify::username()}),
+            ]);
+        }
+
         $updater->update($request->user(), $request->all());
 
         return app(ProfileInformationUpdatedResponse::class);
diff --git a/src/Http/Controllers/RegisteredUserController.php b/src/Http/Controllers/RegisteredUserController.php
@@ -6,9 +6,11 @@
 use Illuminate\Contracts\Auth\StatefulGuard;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
+use Illuminate\Support\Str;
 use Laravel\Fortify\Contracts\CreatesNewUsers;
 use Laravel\Fortify\Contracts\RegisterResponse;
 use Laravel\Fortify\Contracts\RegisterViewResponse;
+use Laravel\Fortify\Fortify;
 
 class RegisteredUserController extends Controller
 {
@@ -51,6 +53,12 @@ public function create(Request $request): RegisterViewResponse
     public function store(Request $request,
                           CreatesNewUsers $creator): RegisterResponse
     {
+        if (config('fortify.lowercase_usernames')) {
+            $request->merge([
+                Fortify::username() => Str::lower($request->{Fortify::username()}),
+            ]);
+        }
+
         event(new Registered($user = $creator->create($request->all())));
 
         $this->guard->login($user);
diff --git a/stubs/fortify.php b/stubs/fortify.php
@@ -50,6 +50,19 @@
 
     'email' => 'email',
 
+    /*
+    |--------------------------------------------------------------------------
+    | Lowercase Usernames
+    |--------------------------------------------------------------------------
+    |
+    | This value defines whether usernames should be lowercased before saving
+    | them in the database, as some database system string fields are case
+    | sensitive. You may disable this for your application if necessary.
+    |
+    */
+
+    'lowercase_usernames' => true,
+
     /*
     |--------------------------------------------------------------------------
     | Home Path
diff --git a/tests/AuthenticatedSessionControllerTest.php b/tests/AuthenticatedSessionControllerTest.php
@@ -428,6 +428,26 @@ public function test_two_factor_challenge_requires_a_challenged_user()
         $this->assertNull(Auth::getUser());
     }
 
+    public function test_case_insensitive_usernames_can_be_used()
+    {
+        app('config')->set('fortify.lowercase_usernames', true);
+
+        $this->loadLaravelMigrations(['--database' => 'testbench']);
+
+        TestAuthenticationSessionUser::forceCreate([
+            'name' => 'Taylor Otwell',
+            'email' => 'taylor@laravel.com',
+            'password' => bcrypt('secret'),
+        ]);
+
+        $response = $this->withoutExceptionHandling()->post('/login', [
+            'email' => 'TAYLOR@LARAVEL.COM',
+            'password' => 'secret',
+        ]);
+
+        $response->assertRedirect('/home');
+    }
+
     protected function getPackageProviders($app)
     {
         return [FortifyServiceProvider::class];
diff --git a/tests/ProfileInformationControllerTest.php b/tests/ProfileInformationControllerTest.php
@@ -23,4 +23,26 @@ public function test_contact_information_can_be_updated()
 
         $response->assertStatus(200);
     }
+
+    public function test_email_address_will_be_updated_case_insensitive()
+    {
+        app('config')->set('fortify.lowercase_usernames', true);
+
+        $user = Mockery::mock(Authenticatable::class);
+
+        $this->mock(UpdatesUserProfileInformation::class)
+                    ->shouldReceive('update')
+                    ->with($user, [
+                        'name' => 'Taylor Otwell',
+                        'email' => 'taylor@laravel.com',
+                    ])
+                    ->once();
+
+        $response = $this->withoutExceptionHandling()->actingAs($user)->putJson('/user/profile-information', [
+            'name' => 'Taylor Otwell',
+            'email' => 'TAYLOR@LARAVEL.COM',
+        ]);
+
+        $response->assertStatus(200);
+    }
 }
diff --git a/tests/RegisteredUserControllerTest.php b/tests/RegisteredUserControllerTest.php
@@ -52,4 +52,29 @@ public function test_users_can_be_created_and_redirected_to_intended_url()
 
         $response->assertRedirect('http://foo.com/bar');
     }
+
+    public function test_usernames_will_be_stored_case_insensitive()
+    {
+        app('config')->set('fortify.lowercase_usernames', true);
+
+        $this->mock(CreatesNewUsers::class)
+                    ->shouldReceive('create')
+                    ->with([
+                        'email' => 'taylor@laravel.com',
+                        'password' => 'password',
+                    ])
+                    ->once()
+                    ->andReturn(Mockery::mock(Authenticatable::class));
+
+        $this->mock(StatefulGuard::class)
+                    ->shouldReceive('login')
+                    ->once();
+
+        $response = $this->post('/register', [
+            'email' => 'TAYLOR@LARAVEL.COM',
+            'password' => 'password',
+        ]);
+
+        $response->assertRedirect('/home');
+    }
 }
