Openfire icon indicating copy to clipboard operation
Openfire copied to clipboard
verified publisher icon igniterealtime

OF-2827: JDBCAuthProvider should not lowercase/trim provided username

Open guusdk opened this issue 1 year ago • 4 comments

By lowercasing the input, a username with a capital letter can't be used.

The closely related JDBCUserProvider does not lowercase/trim values. It is probably best that both providers treat usernames in the same way.

I'm wondering if we even need a configuration option to make this behavior configurable. Isn't it just plain 'wrong' to have inconsistent processing of the username values - that's never going to work, is it?

guusdk avatar May 17 '24 11:05 guusdk

Seems reasonable to maintain the fidelity of the username. I can see an argument to maintain the trim, but I don't know whether alice is a valid username.

Fishbowler avatar May 17 '24 11:05 Fishbowler

I can see an argument to maintain the trim, but I don't know whether alice is a valid username.

It likely isn't, but shouldn't that then be applied to where the user provides the input (eg: the login form)?

guusdk avatar May 17 '24 11:05 guusdk

Exactly that. Let's trust the user.

Fishbowler avatar May 17 '24 12:05 Fishbowler

Hehehe, let's not - but lets apply input validation near the input form maybe?

guusdk avatar May 17 '24 12:05 guusdk

Successfully created backport PR for 4.8:

  • #2475

github-actions[bot] avatar Jun 28 '24 14:06 github-actions[bot]