redwood: [Bug?]: Standard `dbAuth` username is case sensitive causing inconsistencies
What’s not working?
Using the standard dbAuth strategy, username’s are stored as they type in, causing possible duplicate accounts or failed logins because of mismatch.
Note: It is possible to implement some additional logic within my app to solve the issue for most cases. It will not be fixed for the duplicate user check which is handled by redwood - which could cause user to create duplicate users.
How do we reproduce the bug?
Using a redwoodjs project with standard dbAuth flow installed:
- Sign up for an account with a case sensitive username (Ex:
demoUser) - Log out, then log back in trying to use the username in all lowercase (Ex:
demouser) - Error: Could not find account with matching username
What’s your environment? (If it applies)
System:
OS: macOS 12.0.1
Shell: 5.8 - /bin/zsh
Binaries:
Node: 16.13.2 - ../node
Yarn: 3.2.0 - ../yarn
Databases:
SQLite: 3.36.0 - /usr/bin/sqlite3
Browsers:
Chrome: 110.0.5481.177
Firefox: 110.0.1
Safari: 15.1
npmPackages:
@redwoodjs/auth-dbauth-setup: 4.0.1 => 4.0.1
@redwoodjs/core: ^4.0.1 => 4.0.1
Are you interested in working on this?
- I’m interested in working on this
About this issue
- Original URL
- State: open
- Created a year ago
- Comments: 16 (16 by maintainers)
Commits related to this issue
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by cannikin a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by ageddesi a year ago
- #7787 - Added new usernameMatch to SignupFlowOptions for case insensitive check on db — committed to ageddesi/redwood by ageddesi a year ago
- feat(#7787) - Added new usernameMatch to SignupFlowOptions for case insensitive check on db — committed to ageddesi/redwood by ageddesi a year ago
- Merge remote-tracking branch 'origin/feature-#7787' into feature-#7787 — committed to ageddesi/redwood by ageddesi a year ago
- feature(#7787) - Fixed failing unit test — committed to ageddesi/redwood by ageddesi a year ago
- feature(#7787) - Fix linting issues — committed to ageddesi/redwood by ageddesi a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by ageddesi a year ago
- docs(#7787) - Added supporting documentation — committed to ageddesi/redwood by ageddesi a year ago
- Merge remote-tracking branch 'origin/feature-#7787' into feature-#7787 — committed to ageddesi/redwood by ageddesi a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by cannikin a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by ageddesi a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by cannikin a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by Tobbe a year ago
- WIP: fix(#7787): Added userInsensitive for comparrison checks in dbAuth (#7979) * fix(): Added userInsensitive for comparrison checks in dbAuth * Revert "fix(): Added userInsensitive for comparris... — committed to redwoodjs/redwood by ageddesi a year ago
- doc(#7787) - Fix spelling mistake in documentation — committed to ageddesi/redwood by ageddesi a year ago
- fix(#7787) - updated check to findFirst in order to use mode checking — committed to ageddesi/redwood by ageddesi a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by ageddesi a year ago
- Merge branch 'main' into feature-#7787 — committed to ageddesi/redwood by ageddesi a year ago
- Fix(#7787) - Updates to previous PR for adding insensitive checks for signups (#8045) * fix(): Added userInsensitive for comparrison checks in dbAuth * Revert "fix(): Added userInsensitive for com... — committed to redwoodjs/redwood by ageddesi a year ago
Hi, the PR by @ageddesi applies case insensitivity check on signup flow, but not on login. Is it possible to add it easily to login, too?
I will be AFK (away from keyboard) through Apr 6 too. @ageddesi if you have time try out a fix, feel free. otherwise, I will look at it again when I get back.
As you say this depends on what db the user has chosen and its best to avoid logic based on different dbs. As such, I think we should consider adding another prop to the User Db Object eg ‘usernameInsensitive’ Then when we are doing the check-in ‘_createUser’ we can do it on the ‘usernameInsensitive’ instead.
usernames should probably be stored as the user types them in (i.e. case sensitive), but matched case insensitive, both for duplication checks and when logging in. @ched-dev if I can confirm that’s the behavior we want, would you be interesting in trying to implement it?