Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

username sanitization is case sensitive; column is citext #284

Open
hydrandt opened this issue Dec 10, 2021 · 0 comments · May be fixed by #285
Open

username sanitization is case sensitive; column is citext #284

hydrandt opened this issue Dec 10, 2021 · 0 comments · May be fixed by #285

Comments

@hydrandt
Copy link

Summary

Creating a new user using oauth fails in case there is already the same username with different case (ie. existing: peter, newly registering: Peter)

Steps to reproduce

  1. create an account with same username as your github username, but in different case (in my case, HYDRANDT would do)
  2. sign out
  3. attempt to sign in using github
  4. enjoy blue screen "An unknown error occurred"

Expected results

Username sanitization should be case insensitive and username should be sanitized to hydrandt1

Actual results

HYDRANDT and hydrandt are deemed non identical, number is not appended, and inserting a new user fails, as username column on app_public.users is type citext.

Additional context

-- Sanitise the username, and make it unique if necessary.
...
  select (
    case
    when i = 0 then v_username
    else v_username || i::text
    end
  ) into v_username from generate_series(0, 1000) i
  where not exists(
    select 1
    from app_public.users
    where users.username = (
      case
      when i = 0 then v_username
      else v_username || i::text
      end
    )
  )
  limit 1;

Possible Solution

Convert username using lower() while checking for uniqueness:

  select (
    case
    when i = 0 then v_username
    else v_username || i::text
    end
  ) into v_username from generate_series(0, 1000) i
  where not exists(
    select 1
    from app_public.users
    -- comparing using lowercase to make sure the username is unique (username column is citext -> constraint is not case sensitive)
    where lower(users.username) = (
      case
      when i = 0 then lower(v_username)
      else lower(v_username) || i::text
      end
    )
  )
  limit 1;
hydrandt added a commit to hydrandt/starter that referenced this issue Dec 10, 2021
@hydrandt
fix: make username sanitization case-insensitive (graphile#284)
119ad86
@hydrandt hydrandt linked a pull request Dec 10, 2021 that will close this issue
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: make username sanitization case-insensitive (#284) hydrandt/starter
1 participant
@hydrandt