starter icon indicating copy to clipboard operation
starter copied to clipboard

Published 20 hours ago verified publisher icon graphile

fix: make username sanitization case-insensitive (#284)

Open hydrandt opened this issue 3 years ago • 2 comments

Description

Fixes #284, makes username sanitization case-insensitive to avoid potential conflicts when creating account using oauth providers.

Performance impact

Should be minimal (using lower() 3x in sanitization loop, potentially could be optimized by only running it once and assigning to a variable, is it worth it?

Security impact

None.

Checklist

  • [x] My code matches the project's code style and yarn lint:fix passes.
  • [ ] I've added tests for the new feature, and yarn test passes.
  • [ ] I have detailed the new feature in the relevant documentation.
  • [ ] I have added this feature to 'Pending' in the RELEASE_NOTES.md file (if one exists).
  • [ ] If this is a breaking change I've explained why.

hydrandt avatar Dec 10 '21 04:12 hydrandt

Is this actually required? Username is citext so it should already be compared case insensitively…

benjie avatar Dec 10 '21 09:12 benjie

Ah the comparison is text due to concat; we should case the result of concat back to citext.

benjie avatar Dec 10 '21 09:12 benjie