Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce case insensitivity for usernames #85

Merged
merged 4 commits into from
Jun 21, 2021
Merged

Introduce case insensitivity for usernames #85

merged 4 commits into from
Jun 21, 2021

Conversation

adzialocha
Copy link
Collaborator

@adzialocha adzialocha commented Jun 17, 2021
edited
Loading

This PR converts all usernames to lowercase before checking if they already exist in database. This fixes a (security) problem where usernames can be used multiple times with different letter cases.

This was linked to issues Jun 17, 2021
Make usernames case-insensitive #35
Closed
Check how many duplicate username entries we have #84
Closed
@adzialocha adzialocha mentioned this pull request Jun 17, 2021
Closed
@adzialocha adzialocha marked this pull request as ready for review June 17, 2021 10:59
@adzialocha adzialocha requested a review from louilinn June 17, 2021 11:00
louilinn
louilinn reviewed Jun 21, 2021
View reviewed changes
Copy link
Collaborator

@louilinn louilinn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests look good!

Another general comment:
Now you can only create one of the following usernames: "username" "USERNAME" but you can create either one, right? I.e. someone can be named "USERNAME"
Is this what we want or do we only want to allow "username"?

src/controllers/users.js Outdated Show resolved Hide resolved
src/controllers/users.js Outdated Show resolved Hide resolved
@adzialocha
Copy link
Collaborator Author

Now you can only create one of the following usernames: "username" "USERNAME" but you can create either one, right? I.e. someone can be named "USERNAME"
Is this what we want or do we only want to allow "username"?

Exactly, its not restricting the letter casing (yet), this PR fixes only the case-sensitivity when checking for duplicates. Thought that restricting usernames to only lowercase etc. is part of another discussion 👍

@louilinn louilinn self-requested a review June 21, 2021 10:44
louilinn
louilinn previously approved these changes Jun 21, 2021
View reviewed changes
@adzialocha
Copy link
Collaborator Author

@louilinn Thank you! I like the name change 👍

@adzialocha adzialocha requested a review from louilinn June 21, 2021 12:04
@adzialocha adzialocha merged commit 290b7a5 into main Jun 21, 2021
@adzialocha adzialocha deleted the case-insensitivity branch June 21, 2021 13:24
@louilinn louilinn mentioned this pull request Jul 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@llunaCreixent llunaCreixent Awaiting requested review from llunaCreixent llunaCreixent is a code owner

@louilinn louilinn Awaiting requested review from louilinn

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check how many duplicate username entries we have Make usernames case-insensitive
2 participants
@adzialocha @louilinn