Case-insensitive usernames in Gerrit
Matthias Sohn (SAP)
We used
We used
We used
We used
Migrate to SAP ID Service
How to limit migration effort for users ?
How to limit migration effort for users ?
How to limit migration effort for users ?
Problem
Different behavior regarding case of usernames in external-ids�due to the configuration we used before:
username of
Example - technical user 'BuildBot'
760a1054f05d5fe7a6110256d88e95fb71c700a0 'username:buildbot'
serviceuser.db:
[user "BuildBot"]
creatorId = 1000000
createdBy = admin
createdAt = 10 Feb 2021 00:13:35
Example - technical user 'BuildBot'
760a1054f05d5fe7a6110256d88e95fb71c700a0 'username:buildbot'
c1dec325e27ad0f815b7d105b352d6187cd948b9 'username:BuildBot'
serviceuser.db:
[user "BuildBot"]
creatorId = 1000000
createdBy = admin
createdAt = 10 Feb 2021 00:13:35
Example - technical user 'BuildBot'
760a1054f05d5fe7a6110256d88e95fb71c700a0 'username:buildbot'
c1dec325e27ad0f815b7d105b352d6187cd948b9 'username:BuildBot'
Lookup of external-id fails ! �This spoiled the plan for a smooth migration.
serviceuser.db:
[user "BuildBot"]
creatorId = 1000000
createdBy = admin
createdAt = 10 Feb 2021 00:13:35
Example - technical user 'BuildBot'
760a1054f05d5fe7a6110256d88e95fb71c700a0 'username:buildbot'
c1dec325e27ad0f815b7d105b352d6187cd948b9 'username:BuildBot'
Lookup of external-id fails ! �This spoiled the plan for a smooth migration.
→ Fix this by always computing � id = sha1(toLowerCase(external-id)) � to make lookup case-insensitive (thanks Edwin for the idea)
serviceuser.db:
[user "BuildBot"]
creatorId = 1000000
createdBy = admin
createdAt = 10 Feb 2021 00:13:35
Solution
New option auth.userNameCaseInsensitive set to true:
Example - username 'JohnDoe'
case-sensitive :
id = shasum(external-id)
90194fbd033d9a544d9e7df2ccbfdfa2d2e78061 'username:JohnDoe'�ee8942eac80eb867f16d4d7b25c8b6999e221d71 'username:johndoe'�166110abb028006a2bb523cceff5cdc0ba6cbe06 'username:JOHNDOE'
Example - username 'JohnDoe'
case-sensitive :
id = shasum(external-id)
90194fbd033d9a544d9e7df2ccbfdfa2d2e78061 'username:JohnDoe'�ee8942eac80eb867f16d4d7b25c8b6999e221d71 'username:johndoe'�166110abb028006a2bb523cceff5cdc0ba6cbe06 'username:JOHNDOE'
case-insensitive/case-preserving:
id = shasum(toLower(external-id))
ee8942eac80eb867f16d4d7b25c8b6999e221d71 'username:JohnDoe'�ee8942eac80eb867f16d4d7b25c8b6999e221d71 'username:johndoe'�ee8942eac80eb867f16d4d7b25c8b6999e221d71 'username:JOHNDOE'
Experience
Status in open source project
Internally
Upstream
Open question
Does anybody need case-sensitive usernames ?
Option 1: Optional feature via new option auth.userNameCaseInsensitive
Option 2: Next release of Gerrit handles usernames always case-insensitive
Kudos to
Design Doc: case-insensitive usernames
Changes: #case-insensitive-usernames