make countOfIdentifier case insensitive #3575

IQSS · Apr 25, 2019 · 392d26e · 392d26e
1 parent 0a0dc25
commit 392d26e
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/BuiltinUsers.java b/src/main/java/edu/harvard/iq/dataverse/api/BuiltinUsers.java
@@ -123,9 +123,9 @@ private Response internalSave(BuiltinUser user, String password, String key) {
                 user.updateEncryptedPassword(PasswordEncryption.get().encrypt(password), PasswordEncryption.getLatestVersionNumber());
             }
 
-            // Make sure the identifier is unique
-            if ( (builtinUserSvc.findByUserName(user.getUserName()) != null)
-                    || ( authSvc.identifierExists(user.getUserName())) ) {
+            // Make sure the identifier is unique, case insensitive. "DATAVERSEADMIN" is not allowed to be created if "dataverseAdmin" exists.
+            if ((builtinUserSvc.findByUserName(user.getUserName()) != null)
+                    || (authSvc.identifierExists(user.getUserName()))) {
                 return error(Status.BAD_REQUEST, "username '" + user.getUserName() + "' already exists");
             }
             user = builtinUserSvc.save(user);

diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/users/AuthenticatedUser.java b/src/main/java/edu/harvard/iq/dataverse/authorization/users/AuthenticatedUser.java
@@ -49,7 +49,7 @@
     @NamedQuery( name="AuthenticatedUser.findByEmail",
                 query="select au from AuthenticatedUser au WHERE LOWER(au.email)=LOWER(:email)"),
     @NamedQuery( name="AuthenticatedUser.countOfIdentifier",
-                query="SELECT COUNT(a) FROM AuthenticatedUser a WHERE a.userIdentifier=:identifier"),
+                query="SELECT COUNT(a) FROM AuthenticatedUser a WHERE LOWER(a.userIdentifier)=LOWER(:identifier)"),
     @NamedQuery( name="AuthenticatedUser.filter",
                 query="select au from AuthenticatedUser au WHERE ("
                         + "au.userIdentifier like :query OR "

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UsersIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UsersIT.java
@@ -15,7 +15,6 @@
 import javax.json.JsonObjectBuilder;
 import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
 import static javax.ws.rs.core.Response.Status.CREATED;
-import static javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR;
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 import static javax.ws.rs.core.Response.Status.OK;
 import static javax.ws.rs.core.Response.Status.UNAUTHORIZED;
@@ -338,8 +337,14 @@ public void testUsernameCaseSensitivity() {
         Response createUppercaseUser = UtilIT.createUser(uppercaseUsername, randomEmailForUppercaseuser);
         createUppercaseUser.prettyPrint();
         createUppercaseUser.then().assertThat()
-                // TODO: consider returning "BAD REQUEST" (400) instead of a 500.
-                .statusCode(INTERNAL_SERVER_ERROR.getStatusCode());
+                .statusCode(BAD_REQUEST.getStatusCode())
+                /**
+                 * Technically, it's the lowercase version that exists but the
+                 * point gets across. There's currently no way to bubble up the
+                 * exact username it's in conflict with, even if we wanted to.
+                 */
+                .body("message", equalTo("username '" + uppercaseUsername + "' already exists"));
+        ;
     }
 
     private Response convertUserFromBcryptToSha1(long idOfBcryptUserToConvert, String password) {