bostame/workdock-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden tubco login matching
Some checks failed
CI / python-validation (push) Has been cancelled
Details
CI / docker-release-gate (push) Has been cancelled
Details
i18n / compile-translations (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Md Bayazid Bostame
2026-04-08 13:52:00 +02:00
parent b60d9eaeb7
commit 5b1fd6dc14
2 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/workflows/forms.py
View File

@@ -135,6 +135,8 @@ class AppLoginForm(forms.Form):
auth_username = login_value auth_username = login_value
user_model = get_user_model() user_model = get_user_model()
matched_user = user_model.objects.filter(email__iexact=login_value).first() matched_user = user_model.objects.filter(email__iexact=login_value).first()
if matched_user is None:
matched_user = user_model.objects.filter(username__iexact=login_value).first()
if matched_user: if matched_user:
auth_username = matched_user.username auth_username = matched_user.username
self.user_cache = authenticate(self.request, username=auth_username, password=password) self.user_cache = authenticate(self.request, username=auth_username, password=password)
@@ -494,7 +496,7 @@ class UserManagementCreateForm(forms.Form):
def clean_username(self): def clean_username(self):
username = (self.cleaned_data.get('username') or '').strip() username = (self.cleaned_data.get('username') or '').strip()
user_model = get_user_model() user_model = get_user_model()
if user_model.objects.filter(username=username).exists(): if user_model.objects.filter(username__iexact=username).exists():
raise forms.ValidationError(_('Dieser Benutzername ist bereits vergeben.')) raise forms.ValidationError(_('Dieser Benutzername ist bereits vergeben.'))
return username return username

26
backend/workflows/tests/test_account_ui.py
View File

@@ -2,6 +2,7 @@ from django.contrib.auth import get_user_model
from django.test import Client, TestCase from django.test import Client, TestCase
from django.utils import timezone from django.utils import timezone
from workflows.forms import UserManagementCreateForm
from workflows.models import UserProfile from workflows.models import UserProfile
from workflows.roles import ROLE_PLATFORM_OWNER, assign_user_role from workflows.roles import ROLE_PLATFORM_OWNER, assign_user_role
from workflows.totp import generate_totp_token from workflows.totp import generate_totp_token
@@ -194,3 +195,28 @@ class AccountUISmokeTests(TestCase):
) )
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 302)
def test_login_accepts_username_case_insensitively(self):
client = Client()
response = client.post(
'/accounts/login/',
{'username': 'PROFILE-USER', 'password': 'secret-12345'},
HTTP_HOST='localhost',
)
self.assertEqual(response.status_code, 302)
def test_user_management_create_form_rejects_case_insensitive_username_duplicate(self):
form = UserManagementCreateForm(
data={
'first_name': 'Another',
'last_name': 'User',
'username': 'PROFILE-USER',
'email': 'another@example.com',
'role_key': 'staff',
}
)
self.assertFalse(form.is_valid())
self.assertIn('username', form.errors)