Make email comparison for SAML case insensitive

Signed-off-by: Lorenzo Bernardi <[email protected]>
intuitem · Dec 11, 2024 · 154fe90 · 154fe90
1 parent 2bad133
commit 154fe90
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/backend/iam/adapter.py b/backend/iam/adapter.py
@@ -54,7 +54,7 @@ class SocialAccountAdapter(DefaultSocialAccountAdapter):
     def pre_social_login(self, request, sociallogin):
         email_address = next(iter(sociallogin.account.extra_data.values()))[0]
         try:
-            user = User.objects.get(email=email_address)
+            user = User.objects.get(email=email_address.lower())
             sociallogin.user = user
             sociallogin.connect(request, user)
         except User.DoesNotExist:

diff --git a/backend/iam/models.py b/backend/iam/models.py
@@ -391,6 +391,9 @@ def delete(self, *args, **kwargs):
         logger.info("user deleted", user=self)
 
     def save(self, *args, **kwargs):
+        # Make sure to always convert username to lowercase for easier comparison with SSO
+        if self.email:
+            self.email = self.email.lower()
         super().save(*args, **kwargs)
         logger.info("user saved", user=self)
 

diff --git a/backend/iam/sso/saml/views.py b/backend/iam/sso/saml/views.py
@@ -135,7 +135,7 @@ def dispatch(self, request, organization_slug):
             login.state["next"] = next_url
         try:
             email = auth._nameid
-            user = User.objects.get(email=email)
+            user = User.objects.get(email=email.lower())
             idp_first_name = auth._attributes.get(
                 "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", [""]
             )[0]