Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix local account search on LDAP login being case-sensitive #30113

Merged
merged 2 commits into from May 3, 2024
Merged

Fix local account search on LDAP login being case-sensitive #30113

merged 2 commits into from May 3, 2024

Conversation

raucao
Copy link
Contributor

@raucao raucao commented Apr 29, 2024

We recently migrated our Mastodon-only accounts to our LDAP directory, where all usernames are stored with lowercase letters.

However, upon trying to log in to an account with different-case letters in LDAP and Mastodon, it would fail to find the account and try to create a new one instead. For which the validation then also failed due to the username and email already existing in LDAP.

The validation exception is correct there, since the account does already exist. But since Mastodon usernames are case insensitive, the account lookup during login should also be. This commit changes the database query to use PostgreSQL's ILIKE matching function, which works like a case-insensitive equals matcher when used like this.

@raucao raucao changed the title Fix LDAP account search on login being case-sensitive Fix local account search on LDAP login being case-sensitive Apr 29, 2024
ClearlyClaire
ClearlyClaire previously approved these changes Apr 30, 2024
View reviewed changes
Copy link
Contributor

@ClearlyClaire ClearlyClaire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution!
Looks good to me, although we might want to avoid the ILIKE and instead query on the lowercase username, making use of an existing database index.

app/models/concerns/user/ldap_authenticable.rb Outdated Show resolved Hide resolved
@ClearlyClaire ClearlyClaire added this pull request to the merge queue May 3, 2024
Merged via the queue into mastodon:main with commit 9aa31be May 3, 2024
29 checks passed
@raucao raucao deleted the bugfix/ldap_case_sensitivity branch May 3, 2024 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClearlyClaire ClearlyClaire ClearlyClaire approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@raucao @ClearlyClaire