cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [users] added uniqueness to usernames 

- added upgrade script with removal of duplicate usernames
- added unique index to username field
- massaging the usernames before insertion (trim + lowercasing)

- As reported by SK-CERT
cli-modification-summary
iglocska 2022-09-19 01:12:14 +02:00
parent a9eccb3097
commit 9a50a5693e
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
2 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
config/Migrations/20220918000001_unique_usernames.php Normal file
View File

@ -0,0 +1,35 @@
<?php
declare(strict_types=1);
use Migrations\AbstractMigration;
final class UniqueUserNames extends AbstractMigration
{
/**
* Change Method.
*
* Write your reversible migrations using this method.
*
* More information on writing migrations is available here:
* https://book.cakephp.org/phinx/0/en/migrations.html#the-change-method
*
* Remember to call "create()" or "update()" and NOT "save()" when working
* with the Table class.
*/
public function change(): void
{
$table = $this->table('users');
$exists = $table->hasIndexByName('users', 'username');
$this->execute('DELETE FROM users WHERE id NOT IN (SELECT MIN(id) FROM users GROUP BY LOWER(username));');
if (!$exists) {
$table->addIndex(
[
'username'
],
[
'unique' => true
]
)->save();
}
}
}

11
src/Model/Table/UsersTable.php
View File

@ -7,12 +7,14 @@ use Cake\ORM\Table;
use Cake\Validation\Validator;
use Cake\ORM\RulesChecker;
use Cake\ORM\TableRegistry;
use \Cake\Datasource\EntityInterface;
use \Cake\Http\Session;
use Cake\Event\EventInterface;
use Cake\Datasource\EntityInterface;
use Cake\Http\Session;
use Cake\Http\Client;
use Cake\Utility\Security;
use Cake\Core\Configure;
use Cake\Utility\Text;
use ArrayObject;
class UsersTable extends AppTable
{
@ -54,6 +56,11 @@ class UsersTable extends AppTable
$this->setDisplayField('username');
}
public function beforeMarshal(EventInterface $event, ArrayObject $data, ArrayObject $options)
{
$data['username'] = trim(mb_strtolower($data['username']));
}
private function initAuthBehaviors()
{
if (!empty(Configure::read('keycloak'))) {