From 154fe90002d31bd43f0723aa8eeba20a5340842a Mon Sep 17 00:00:00 2001
From: Lorenzo Bernardi <lorenzo.bernardi@nrb.be>
Date: Wed, 11 Dec 2024 12:53:34 +0100
Subject: [PATCH] Make email comparison for SAML case insensitive

Signed-off-by: Lorenzo Bernardi <lorenzo.bernardi@nrb.be>
---
 backend/iam/adapter.py        | 2 +-
 backend/iam/models.py         | 3 +++
 backend/iam/sso/saml/views.py | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/backend/iam/adapter.py b/backend/iam/adapter.py
index 45ab6db40..3ee4c1f74 100644
--- a/backend/iam/adapter.py
+++ b/backend/iam/adapter.py
@@ -54,7 +54,7 @@ class SocialAccountAdapter(DefaultSocialAccountAdapter):
     def pre_social_login(self, request, sociallogin):
         email_address = next(iter(sociallogin.account.extra_data.values()))[0]
         try:
-            user = User.objects.get(email=email_address)
+            user = User.objects.get(email=email_address.lower())
             sociallogin.user = user
             sociallogin.connect(request, user)
         except User.DoesNotExist:
diff --git a/backend/iam/models.py b/backend/iam/models.py
index 4af980f3b..e471e6c88 100644
--- a/backend/iam/models.py
+++ b/backend/iam/models.py
@@ -391,6 +391,9 @@ def delete(self, *args, **kwargs):
         logger.info("user deleted", user=self)
 
     def save(self, *args, **kwargs):
+        # Make sure to always convert username to lowercase for easier comparison with SSO
+        if self.email:
+            self.email = self.email.lower()
         super().save(*args, **kwargs)
         logger.info("user saved", user=self)
 
diff --git a/backend/iam/sso/saml/views.py b/backend/iam/sso/saml/views.py
index 3af834135..3a1535feb 100644
--- a/backend/iam/sso/saml/views.py
+++ b/backend/iam/sso/saml/views.py
@@ -135,7 +135,7 @@ def dispatch(self, request, organization_slug):
             login.state["next"] = next_url
         try:
             email = auth._nameid
-            user = User.objects.get(email=email)
+            user = User.objects.get(email=email.lower())
             idp_first_name = auth._attributes.get(
                 "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", [""]
             )[0]