Unsanitize user and org names in DB

.cspell.json

@@ -201,6 +201,7 @@
     "typecheck",
     "Typeflag",
     "unplugin",
+    "unsanitize",
     "Upsert",
     "urfave",
     "usecase",

server/store/datastore/migration/024_unsanitize_org_and_user_names.go

@@ -0,0 +1,61 @@
+// Excerpt from:
+// Copyright 2024 Woodpecker Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package migration
+
+import (
+	"fmt"
+
+	"src.techknowlogick.com/xormigrate"
+	"xorm.io/xorm"
+)
+
+var unSanitizeOrgAndUserNames = xormigrate.Migration{
+	ID: "unsanitize-org-and-user-names",
+	MigrateSession: func(sess *xorm.Session) (err error) {
+		type user struct {
+			Login string `xorm:"TEXT 'login'"`
+		}
+
+		type org struct {
+			Name string `xorm:"TEXT 'name'"`
+		}
+
+		if err := sess.Sync(new(user), new(org)); err != nil {
+			return fmt.Errorf("sync new models failed: %w", err)
+		}
+
+		// get all users
+		var us []*user
+		if err := sess.Find(&us); err != nil {
+			return fmt.Errorf("find all repos failed: %w", err)
+		}
+
+		for _, user := range us {
+			userOrg := &org{}
+			_, err := sess.Where("name = ?", user.Login).Get(userOrg)
+			if err != nil {
+				return fmt.Errorf("getting org failed: %w", err)
+			}
+			if user.Login != userOrg.Name {
+				userOrg.Name = user.Login
+				if _, err := sess.ID(userOrg.Name).Cols("Name").Update(userOrg); err != nil {
+					return fmt.Errorf("updating org name failed: %w", err)
+				}
+			}
+		}
+		return nil
+	},
+}

server/store/datastore/migration/common.go

@@ -134,7 +134,7 @@ func alterColumnDefault(sess *xorm.Session, table, column, defValue string) erro
 	dialect := sess.Engine().Dialect().URI().DBType
 	switch dialect {
 	case schemas.MYSQL:
-		sql := fmt.Sprintf("SHOW COLUMNS FROM `%s` WHERE lower(field) = '%s'", table, strings.ToLower(column))
+		sql := fmt.Sprintf("SHOW COLUMNS FROM `%s` WHERE lower(field) = '%s'", table, column)
 		res, err := sess.Query(sql)
 		if err != nil {
 			return err
@@ -170,7 +170,7 @@ func alterColumnNull(sess *xorm.Session, table, column string, null bool) error
 	dialect := sess.Engine().Dialect().URI().DBType
 	switch dialect {
 	case schemas.MYSQL:
-		sql := fmt.Sprintf("SHOW COLUMNS FROM `%s` WHERE lower(field) = '%s'", table, strings.ToLower(column))
+		sql := fmt.Sprintf("SHOW COLUMNS FROM `%s` WHERE lower(field) = '%s'", table, column)
 		res, err := sess.Query(sql)
 		if err != nil {
 			return err

server/store/datastore/migration/migration.go

@@ -52,6 +52,7 @@ var migrationTasks = []*xormigrate.Migration{
 	&renameTokenFields,
 	&setNewDefaultsForRequireApproval,
 	&removeRepoScm,
+	&unSanitizeOrgAndUserNames,
 }
 
 var allBeans = []any{

server/store/datastore/org.go

@@ -28,13 +28,24 @@ func (s storage) OrgCreate(org *model.Org) error {
 }
 
 func (s storage) orgCreate(org *model.Org, sess *xorm.Session) error {
-	// sanitize
-	org.Name = strings.ToLower(org.Name)
+	// Get all organizations to check for conflicts (this should actually be impossible in the forge but better double-check)
+	orgs, err := s.OrgList(nil)
+	if err != nil {
+		return err
+	}
+
+	for _, existingOrg := range orgs {
+		if strings.EqualFold(existingOrg.Name, org.Name) {
+			return fmt.Errorf("organization name already exists")
+		}
+	}
+
 	if org.Name == "" {
 		return fmt.Errorf("org name is empty")
 	}
+
 	// insert
-	_, err := sess.Insert(org)
+	_, err = sess.Insert(org)
 	return err
 }
 
@@ -48,8 +59,6 @@ func (s storage) OrgUpdate(org *model.Org) error {
 }
 
 func (s storage) orgUpdate(sess *xorm.Session, org *model.Org) error {
-	// sanitize
-	org.Name = strings.ToLower(org.Name)
 	// update
 	_, err := sess.ID(org.ID).AllCols().Update(org)
 	return err
@@ -84,7 +93,6 @@ func (s storage) OrgFindByName(name string) (*model.Org, error) {
 
 func (s storage) orgFindByName(sess *xorm.Session, name string) (*model.Org, error) {
 	// sanitize
-	name = strings.ToLower(name)
 	org := new(model.Org)
 	return org, wrapGet(sess.Where("name = ?", name).Get(org))
 }

server/store/datastore/org_test.go

@@ -34,7 +34,7 @@ func TestOrgCRUD(t *testing.T) {
 
 	// create first org to play with
 	assert.NoError(t, store.OrgCreate(org1))
-	assert.EqualValues(t, "someawesomeorg", org1.Name)
+	assert.EqualValues(t, "someAwesomeOrg", org1.Name)
 
 	// retrieve it
 	orgOne, err := store.OrgGet(org1.ID)
@@ -48,13 +48,13 @@ func TestOrgCRUD(t *testing.T) {
 	assert.Error(t, store.OrgCreate(&model.Org{Name: "reNamedorg"}))
 
 	// find updated org by name
-	orgOne, err = store.OrgFindByName("renamedorG")
+	orgOne, err = store.OrgFindByName("RenamedOrg")
 	assert.NoError(t, err)
 	assert.NotEqualValues(t, org1, orgOne)
 	assert.EqualValues(t, org1.ID, orgOne.ID)
 	assert.EqualValues(t, false, orgOne.IsUser)
 	assert.EqualValues(t, false, orgOne.Private)
-	assert.EqualValues(t, "renamedorg", orgOne.Name)
+	assert.EqualValues(t, "RenamedOrg", orgOne.Name)
 
 	// create two more orgs and repos
 	someUser := &model.Org{Name: "some_other_u", IsUser: true}

server/store/datastore/repo.go

@@ -17,7 +17,6 @@ package datastore
 import (
 	"errors"
 	"fmt"
-	"strings"
 
 	"xorm.io/builder"
 	"xorm.io/xorm"
@@ -73,7 +72,7 @@ func (s storage) GetRepoName(fullName string) (*model.Repo, error) {
 
 func (s storage) getRepoName(e *xorm.Session, fullName string) (*model.Repo, error) {
 	repo := new(model.Repo)
-	return repo, wrapGet(e.Where("LOWER(full_name) = ?", strings.ToLower(fullName)).Get(repo))
+	return repo, wrapGet(e.Where("full_name = ?", fullName).Get(repo))
 }
 
 func (s storage) GetRepoCount() (int64, error) {

server/store/datastore/repo_test.go

@@ -113,11 +113,7 @@ func TestGetRepoName(t *testing.T) {
 
 	// case-insensitive
 	getrepo, err = store.GetRepoName("Bradrydzewski/test")
-	assert.NoError(t, err)
-	assert.Equal(t, repo.ID, getrepo.ID)
-	assert.Equal(t, repo.UserID, getrepo.UserID)
-	assert.Equal(t, repo.Owner, getrepo.Owner)
-	assert.Equal(t, repo.Name, getrepo.Name)
+	assert.Error(t, err)
 }
 
 func TestRepoList(t *testing.T) {