Respect auth.userNameToLowerCase configuration
The option to convert usernames to all lowercase letters exists for
other auth filters, e.g. [1]. Since the saml-plugin did not yet
respect this option, migration from another filter with this option
enabled was not possible.
[1] https://gerrit.googlesource.com/gerrit/+/refs/heads/stable-2.16/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java#129
Change-Id: Ie24986127e71a4e9948f2143f9c29f98991f48c3
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
index 0c3d18c..dddb17a 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
@@ -28,6 +28,7 @@
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
+import java.util.Locale;
import java.util.Objects;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -69,6 +70,7 @@
private final String httpEmailHeader;
private final String httpExternalIdHeader;
private final HashSet<String> authHeaders;
+ private final boolean userNameToLowerCase;
@Inject
SamlWebFilter(@GerritServerConfig Config gerritConfig, SitePaths sitePaths, SamlConfig samlConfig)
@@ -106,6 +108,7 @@
+ "httpDisplaynameHeader, httpEmailHeader and httpExternalIdHeader "
+ "are required.");
}
+ userNameToLowerCase = gerritConfig.getBoolean("auth", "userNameToLowerCase", false);
saml2Client.setCallbackUrl(callbackUrl);
}
@@ -260,7 +263,8 @@
}
private String getUserName(SAML2Profile user) {
- return getAttributeOrElseId(user, samlConfig.getUserNameAttr());
+ String username = getAttributeOrElseId(user, samlConfig.getUserNameAttr());
+ return userNameToLowerCase ? username.toLowerCase(Locale.US) : username;
}
private static Path ensureExists(Path dataDir) throws IOException {