Merge "Respect auth.userNameToLowerCase"
diff --git a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java
index 2fde5d9..23968a2 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/CFOAuthService.java
@@ -22,6 +22,7 @@
 import com.google.gerrit.extensions.auth.oauth.OAuthUserInfo;
 import com.google.gerrit.extensions.auth.oauth.OAuthVerifier;
 import com.google.gerrit.reviewdb.client.AccountExternalId;
+import com.google.gerrit.server.config.AuthConfig;
 import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.config.PluginConfig;
 import com.google.gerrit.server.config.PluginConfigFactory;
@@ -41,6 +42,7 @@
 
   @Inject
   CFOAuthService(PluginConfigFactory cfgFactory,
+      AuthConfig authConfig,
       @PluginName String pluginName,
       @CanonicalWebUrl Provider<String> urlProvider) {
     PluginConfig cfg = cfgFactory.getFromGerritConfig(pluginName);
@@ -52,6 +54,7 @@
         cfg.getString(InitOAuthConfig.CLIENT_ID),
         cfg.getString(InitOAuthConfig.CLIENT_SECRET),
         cfg.getBoolean(InitOAuthConfig.VERIFIY_SIGNATURES, true),
+        authConfig.isUserNameToLowerCase(),
         redirectUrl);
   }
 
diff --git a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
index c1a5f1f..b800265 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
@@ -34,6 +34,7 @@
 import org.scribe.model.Response;
 
 import java.text.MessageFormat;
+import java.util.Locale;
 
 class UAAClient {
 
@@ -79,6 +80,7 @@
   private final String userInfoEndpoint;
 
   private final boolean verifySignatures;
+  private final boolean userNameToLowerCase;
 
   /**
    * Lazily initialized and may be updated from time to time
@@ -90,10 +92,12 @@
       String clientId,
       String clientSecret,
       boolean verifySignatures,
+      boolean userNameToLowerCase,
       String redirectUrl) {
     this.clientCredentials = BASIC_AUTHENTICATION + " "
       + encodeBase64(clientId + ":" + clientSecret);
     this.verifySignatures = verifySignatures;
+    this.userNameToLowerCase = userNameToLowerCase;
     this.redirectUrl = redirectUrl;
     this.authorizationEndpoint = String.format(AUTHORIZE_ENDPOINT,
         uaaServerUrl, encode(clientId), encode(redirectUrl));
@@ -215,7 +219,8 @@
   public boolean isAccessTokenForUser(String username, String accessToken) {
     try {
       JsonObject jsonWebToken = toJsonWebToken(accessToken);
-      return username.equals(getAttribute(jsonWebToken, USER_NAME_ATTRIBUTE));
+      return equalsAdjustCase(username,
+          getAttribute(jsonWebToken, USER_NAME_ATTRIBUTE));
     } catch (UAAClientException e) {
       return false;
     }
@@ -234,7 +239,8 @@
     try {
       JsonObject jsonWebToken = toJsonWebToken(accessToken);
       return getAttribute(jsonWebToken, USER_NAME_ATTRIBUTE) == null &&
-          clientname.equals(getAttribute(jsonWebToken, SUB_ATTRIBUTE));
+          equalsAdjustCase(clientname,
+              getAttribute(jsonWebToken, SUB_ATTRIBUTE));
     } catch (UAAClientException e) {
       return false;
     }
@@ -260,6 +266,9 @@
       throw new UAAClientException(
           "Invalid token: missing or invalid 'user_name' attribute");
     }
+    if (userNameToLowerCase) {
+      username = lowercase(username);
+    }
     String emailAddress = getAttribute(jsonWebToken, EMAIL_ATTRIBUTE);
     if (emailAddress == null) {
       throw new UAAClientException(
@@ -392,6 +401,16 @@
     return accessToken;
   }
 
+  private boolean equalsAdjustCase(String left, String right) {
+    return userNameToLowerCase
+        ? lowercase(left).equals(lowercase(right))
+        : left.equals(right);
+  }
+
+  private static String lowercase(String s) {
+    return s.toLowerCase(Locale.US);
+  }
+
   private String decodeBase64(String s) {
     return new String(Base64.decodeBase64(s), UTF_8);
   }
diff --git a/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java b/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java
index 244286c..ab22c77 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/cfoauth/UAAClientTest.java
@@ -78,7 +78,8 @@
   private static class UAATestClient extends UAAClient {
 
     public UAATestClient() {
-      super(UAA_SERVER_URL, CLIENT_ID, CLIENT_SECRET, true, REDIRECT_URL);
+      super(UAA_SERVER_URL, CLIENT_ID, CLIENT_SECRET, true, false,
+          REDIRECT_URL);
     }
 
     @Override