Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CamelCase usernames get added as lower-case into DB and result in access issues #3614

Open
3 tasks done
pat-s opened this issue Apr 14, 2024 · 3 comments · May be fixed by #4762
Open
3 tasks done

CamelCase usernames get added as lower-case into DB and result in access issues #3614

pat-s opened this issue Apr 14, 2024 · 3 comments · May be fixed by #4762
Labels
bug Something isn't working server

Comments

@pat-s
Copy link
Contributor

pat-s commented Apr 14, 2024

Component

server

Describe the bug

When a username is in camel-case, e.g. MyUser, the user get's added as myuser into the DB (e.g. the orgs table).

This causes access issues during use. Users only see the generic "an unknown error occured" when accessing their own user org and other access-restricted parts within WP.

We have hundreds of these cases in the Codeberg instance (https://codeberg.org/Codeberg-CI/feedback/issues/149). Additionally, I also verified this behavior with a new user on my own private instance.

Not sure if it is forge-related, but it at least affects Gitea/Forgejo.

System Info

WP 2.4.1 but at least 2.3.x and likely also previous versions are affected

Additional context

No response

Validations

  • Read the docs.
  • Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
  • Checked that the bug isn't fixed in the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]
@pat-s pat-s added bug Something isn't working server labels Apr 14, 2024
@qwerty287
Copy link
Contributor

Users only see the generic "an unknown error occured" when accessing their own user org

Isn't this independent from the names? It should use IDs.

Which tables does this affect? Only orgs or users too?

Because looking at the code, there's no ToLowerCase. The migration doesn't change it, the registration API doesn't change it, and the Gitea driver doesn't change it too (it takes the API field directly).

@pat-s
Copy link
Contributor Author

pat-s commented Apr 15, 2024

Which tables does this affect? Only orgs or users too?

I focused on orgs for now but I guess its the same for users.

I don't know yet where the issue is coming from and what causes it. The only thing I can say that I could reproduce it in my private instance (creating a new user with a CamelCase name) and patching usernames from lowercase to CamelCase fixed a lot of access issues the respective users in the CB instance.

@zc-devs
Copy link
Contributor

zc-devs commented Apr 15, 2024

Start is in 3328, continues in 3342.

@pat-s pat-s linked a pull request Jan 23, 2025 that will close this issue
Open
@anbraten anbraten mentioned this issue Jan 23, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working server
Projects
None yet
Milestone
No milestone
3 participants
@pat-s @qwerty287 @zc-devs