Comments (6)
Good catch! I've mostly been testing against the django-auth-ldap backend which does case insensitive lookups and creates new usernames as lowercase, and caused me to gloss over this whole issue. I've pushed up 4c80af5 which removes all of the lower() calls on username. That should resolve the immediate issue you noted.
Regarding the bigger question, I'm wondering if it should simply be left up to the authentication backend(s) in use to determine whether or not usernames should be case sensitive. There could be a setting within mama-cas that allows for modification of the username, but that wouldn't change how a backend handles the lookup and could create surprises. The downside is that if multiple backends are in use, it's very possible they could implement it differently (e.g. django-auth-ldap and the model backend). At least in that example, the model backend would be easy to replace with a case-insensitive version.
Any additional thoughts? I'm not sure if there are additional use cases I'm not thinking about.
from django-mama-cas.
- I sign up as "Bryan".
- My username is saved as "bryan".
- I fail to log in as "Bryan".
β΄ The frontend must agree with whatever scheme the backend uses.
from django-mama-cas.
Are you testing against the latest commit that removed the lower() calls? I've checked it against both a case-sensitive and case-insensitive authentication backend, and it now works as expected in my tests.
My point above was that mama-cas does not directly create or authenticate a user, but relies on other apps or backends for those tasks. However the user creation process happens it will certainly need to agree with the active backends, but currently that should all be external to mama-cas.
from django-mama-cas.
Please forgive my delay in reply. I've been swamped.
I haven't tested this with HEAD, but I can. Back when I opened this issue, I modified my registration script to lower() all usernames. I opened this issue anyway, just in case other people run into the problem.
I did have a look at 4c80af5, and honestly I'm not sure how it would work with any case-insensitive backend.
Please explain how the workflow outlined in my previous comment can succeed if mama-cas does not lower(). I signed up as "Bryan" but I can not sign in as "Bryan". Right?
from django-mama-cas.
Sure, no problem. Here's the basic process:
- You sign up as "Bryan". This process is external to mama-cas and could happen in different ways, but the result is a
User
created inauth_user
. For this example, the username is exactly "Bryan" (mixed case). - You log in using mama-cas, entering your username in the form field as "bryan". Within the
clean()
method ofLoginForm
the unaltered form data is passed to theauthenticate()
method of the currently configured authentication backend. For a simplistic example, here is a case-insensitive authentication backend. This backend takes the username string (still a lowercase "bryan") and does an iexact query for a matchingUser
. The username "Bryan" matches and theUser
is returned to mama-cas. - That
User
is then passed to thelogin()
method withinLoginView
to log the user in successfully.
If the backend is not case-sensitive, in step 2 you could have logged in as "Bryan", "BRYAN" or "bryan" and all of them would be successful.
The authentication backend makes the determination as to how User
lookups are handled externally to mama-cas. The above example backend could be trivially converted to case-sensitive by changing the query to exact. The problem that you correctly pointed out was that mama-cas was originally fiddling with the username string, which could cause problems if a case-sensitive backend was in use.
Does that help explain things better?
from django-mama-cas.
Yep. Thanks very much for the detailed explanation. It makes good sense.
from django-mama-cas.
Related Issues (20)
- /cas/validate returns no
- Signup and password reset? HOT 2
- ImportError: cannot import name 'python_2_unicode_compatible' HOT 1
- build pip package please HOT 4
- django 3.1.5 - cannot import name 'python_2_unicode_compatible' HOT 2
- django-mama-cas and python-social-auth HOT 2
- Allow service backends to have access to the current request or user
- Allow services to decide if a request should be warned (`warn_user`)
- Django 4.2 support HOT 1
- How does djang_mama_cas solve the problem of implementing single sign out
- Custom Username CAS
- Single logout should raise on request failure HOT 1
- Single logout breaks with multiple sessions HOT 2
- Why is this code in models. py not executed when logout? HOT 3
- About the βexpireβ of ST Model HOT 1
- Question: Adding Two-Factor Auth HOT 1
- Still active? HOT 9
- Do MAMA_CAS_USER_ATTRIBUTES and MAMA_CAS_PROFILE_ATTRIBUTES work? HOT 4
- Sign on without ticket generation HOT 10
- Single Sign Out sometime can't work normally with error "Connection reset by peer" HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-mama-cas.