Treat fediverse usernames as case-insensitive (#2155)
* treat fediverse usernames as case-insensitive for auth * add test for case insensitive, clean up duplicate import in federverse auth controller * fix test, there was an issue with state when all the tests were run
This commit is contained in:
parent
2ff5f31597
commit
e20985ecb4
@ -3,6 +3,7 @@ package fediverse
|
|||||||
import (
|
import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"io"
|
"io"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -37,7 +38,7 @@ func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string)
|
|||||||
Code: code,
|
Code: code,
|
||||||
UserID: userID,
|
UserID: userID,
|
||||||
UserDisplayName: userDisplayName,
|
UserDisplayName: userDisplayName,
|
||||||
Account: account,
|
Account: strings.ToLower(account),
|
||||||
Timestamp: time.Now(),
|
Timestamp: time.Now(),
|
||||||
}
|
}
|
||||||
pendingAuthRequests[accessToken] = r
|
pendingAuthRequests[accessToken] = r
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
package fediverse
|
package fediverse
|
||||||
|
|
||||||
import "testing"
|
import (
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
accessToken = "fake-access-token"
|
accessToken = "fake-access-token"
|
||||||
@ -58,3 +61,18 @@ func TestSingleOTPFlowRequest(t *testing.T) {
|
|||||||
t.Error("Second registration should not be permitted.")
|
t.Error("Second registration should not be permitted.")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccountCaseInsensitive(t *testing.T) {
|
||||||
|
account := "Account"
|
||||||
|
accessToken := "another-fake-access-token"
|
||||||
|
r1, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||||
|
_, reg1 := ValidateFediverseOTP(accessToken, r1.Code)
|
||||||
|
|
||||||
|
// Simulate second auth with account in different case
|
||||||
|
r2, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, strings.ToUpper(account))
|
||||||
|
_, reg2 := ValidateFediverseOTP(accessToken, r2.Code)
|
||||||
|
|
||||||
|
if reg1.Account != reg2.Account {
|
||||||
|
t.Errorf("Account names should be case-insensitive: %s %s", reg1.Account, reg2.Account)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -7,7 +7,6 @@ import (
|
|||||||
|
|
||||||
"github.com/owncast/owncast/activitypub"
|
"github.com/owncast/owncast/activitypub"
|
||||||
"github.com/owncast/owncast/auth"
|
"github.com/owncast/owncast/auth"
|
||||||
"github.com/owncast/owncast/auth/fediverse"
|
|
||||||
fediverseauth "github.com/owncast/owncast/auth/fediverse"
|
fediverseauth "github.com/owncast/owncast/auth/fediverse"
|
||||||
"github.com/owncast/owncast/controllers"
|
"github.com/owncast/owncast/controllers"
|
||||||
"github.com/owncast/owncast/core/chat"
|
"github.com/owncast/owncast/core/chat"
|
||||||
@ -57,7 +56,7 @@ func VerifyFediverseOTPRequest(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
accessToken := r.URL.Query().Get("accessToken")
|
accessToken := r.URL.Query().Get("accessToken")
|
||||||
valid, authRegistration := fediverse.ValidateFediverseOTP(accessToken, req.Code)
|
valid, authRegistration := fediverseauth.ValidateFediverseOTP(accessToken, req.Code)
|
||||||
if !valid {
|
if !valid {
|
||||||
w.WriteHeader(http.StatusForbidden)
|
w.WriteHeader(http.StatusForbidden)
|
||||||
return
|
return
|
||||||
|
Loading…
x
Reference in New Issue
Block a user