Auth: Enable case insensitive logins/emails by default #84840
Conversation
eleijonmarck
changed the title
eleijonmarck
changed the title
eleijonmarck
added
breaking change
eleijonmarck
requested review from
papagian,
diegommm and
idafurjes
and removed request for
a team
eleijonmarck
force-pushed
the
eleijonmarck/caseinsensitive-on-by-default
branch
2 times, most recently
from
5c3934e
to
adde92c
Compare
eleijonmarck
force-pushed
the
eleijonmarck/caseinsensitive-on-by-default
branch
from
adde92c
to
f3b61fc
Compare
There was a problem hiding this comment.
The code looks fine to me. It was a little confusing to figure out because of your claim of the breaking change:
This is a breaking change for users who use uppercase in their login or emails. The users are by default now using lowercase as part of their login and emails.
Am I correct in thinking that it's only a breaking change if for some reason you had two user records with the same characters but different casing? (e.g. one user record for agodin@grafana.com and another for aGodin@grafana.com).
Before this code change, I guess you'd be able to still log in as either, so it makes sense that it is a breaking change in that regard. Just want to clarify my understanding.
thx! i clarified the breaking change a bit more, to account for users reading this in the change log. Thx for the review |
| return err | ||
| } | ||
| if err := ss.userCaseInsensitiveLoginConflict(ctx, sess, usr.Login, usr.Email); err != nil { | ||
| return err | ||
| } | ||
| return nil |
There was a problem hiding this comment.
Call to function can be inlined
| cfg.CaseInsensitiveLogin = users.Key("case_insensitive_login").MustBool(true) | ||
| // Deprecated | ||
| // cfg.CaseInsensitiveLogin = users.Key("case_insensitive_login").MustBool(true) | ||
| cfg.CaseInsensitiveLogin = true |
There was a problem hiding this comment.
This option can just be removed
What is this feature?
Enables lower case sql queries for all users login, emails across grafanas users.
Why do we need this feature?
To make logins and emails lowercased across grafanas users and enforce use of lowercase in signing up for Grafana. This is to consolidate a standard.
Release notice breaking change
This is a breaking change for users who use uppercase in their login or emails. The users are by default now using lowercase as part of their login and emails.
Before this code change, users would be able to still log in as either
aUser@user.comorauser@user.com, users are now only able to login and signup with grafana using lowercasingauser@user.com.We recommend reviewing our blog post about using the CLI introduced in Grafana 9.3 and why this is important for us to consolidate our security efforts.