-
Notifications
You must be signed in to change notification settings - Fork 12k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth: Enable case insensitive logins/emails by default #84840
Auth: Enable case insensitive logins/emails by default #84840
Conversation
5c3934e
to
adde92c
Compare
adde92c
to
f3b61fc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks fine to me. It was a little confusing to figure out because of your claim of the breaking change:
This is a breaking change for users who use uppercase in their login or emails. The users are by default now using lowercase as part of their login and emails.
Am I correct in thinking that it's only a breaking change if for some reason you had two user records with the same characters but different casing? (e.g. one user record for agodin@grafana.com
and another for aGodin@grafana.com
).
Before this code change, I guess you'd be able to still log in as either, so it makes sense that it is a breaking change in that regard. Just want to clarify my understanding.
thx! i clarified the breaking change a bit more, to account for users reading this in the change log. Thx for the review |
return err | ||
} | ||
if err := ss.userCaseInsensitiveLoginConflict(ctx, sess, usr.Login, usr.Email); err != nil { | ||
return err | ||
} | ||
return nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Call to function can be inlined
cfg.CaseInsensitiveLogin = users.Key("case_insensitive_login").MustBool(true) | ||
// Deprecated | ||
// cfg.CaseInsensitiveLogin = users.Key("case_insensitive_login").MustBool(true) | ||
cfg.CaseInsensitiveLogin = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This option can just be removed
What is this feature?
Enables lower case sql queries for all users login, emails across grafanas users.
Why do we need this feature?
To make logins and emails lowercased across grafanas users and enforce use of lowercase in signing up for Grafana. This is to consolidate a standard.
Release notice breaking change
This is a breaking change for users who use uppercase in their login or emails. The users are by default now using lowercase as part of their login and emails.
Before this code change, users would be able to still log in as either
aUser@user.com
orauser@user.com
, users are now only able to login and signup with grafana using lowercasingauser@user.com
.We recommend reviewing our blog post about using the CLI introduced in Grafana 9.3 and why this is important for us to consolidate our security efforts.