tabshift/pocketbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use the explicitly mapped username column name for the unique legacy checks

Browse Source
This commit is contained in:
Gani Georgiev
2026-03-30 08:16:06 +03:00
parent 2dbc70d60d
commit 9f3cdf4ad5
1 changed files with 20 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
apis/record_auth_with_oauth2.go
View File

@@ -18,6 +18,7 @@ import (
"github.com/pocketbase/pocketbase/tools/auth" "github.com/pocketbase/pocketbase/tools/auth"
"github.com/pocketbase/pocketbase/tools/dbutils" "github.com/pocketbase/pocketbase/tools/dbutils"
"github.com/pocketbase/pocketbase/tools/filesystem" "github.com/pocketbase/pocketbase/tools/filesystem"
"github.com/pocketbase/pocketbase/tools/inflector"
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
@@ -213,16 +214,31 @@ func (form *recordOAuth2LoginForm) checkProviderName(value any) error {
return nil return nil
} }
// @todo evaluate if it is still worth keeping as this exists only for backward-compatibility with pre v0.23 versions
func oldCanAssignUsername(txApp core.App, collection *core.Collection, username string) bool { func oldCanAssignUsername(txApp core.App, collection *core.Collection, username string) bool {
field := collection.Fields.GetByName(collection.OAuth2.MappedFields.Username)
if field == nil {
return false
}
// ensure that the value matches the pattern of the username field (if text)
if txtField, ok := field.(*core.TextField); ok && txtField.ValidatePlainValue(username) != nil {
return false
}
// ensure that username is unique // ensure that username is unique
index, hasUniqueue := dbutils.FindSingleColumnUniqueIndex(collection.Indexes, collection.OAuth2.MappedFields.Username) index, hasUniqueue := dbutils.FindSingleColumnUniqueIndex(collection.Indexes, field.GetName())
if hasUniqueue { if hasUniqueue {
// it is not required because collection fields are already sanitized
// but normalize as an extra precaution in case of a custom validator
colName := inflector.Columnify(field.GetName())
var expr dbx.Expression var expr dbx.Expression
if strings.EqualFold(index.Columns[0].Collate, "nocase") { if strings.EqualFold(index.Columns[0].Collate, "nocase") {
// case-insensitive search // case-insensitive search
expr = dbx.NewExp("username = {:username} COLLATE NOCASE", dbx.Params{"username": username}) expr = dbx.NewExp("[["+colName+"]] = {:username} COLLATE NOCASE", dbx.Params{"username": username})
} else { } else {
expr = dbx.HashExp{"username": username} expr = dbx.HashExp{colName: username}
} }
var exists int var exists int
@@ -232,10 +248,7 @@ func oldCanAssignUsername(txApp core.App, collection *core.Collection, username
} }
} }
// ensure that the value matches the pattern of the username field (if text) return true
txtField, _ := collection.Fields.GetByName(collection.OAuth2.MappedFields.Username).(*core.TextField)
return txtField != nil && txtField.ValidatePlainValue(username) == nil
} }
func oauth2Submit(e *core.RecordAuthWithOAuth2RequestEvent, optExternalAuth *core.ExternalAuth) error { func oauth2Submit(e *core.RecordAuthWithOAuth2RequestEvent, optExternalAuth *core.ExternalAuth) error {