From a71fc96ee3d07a6989325f8f2e818706f7f029da Mon Sep 17 00:00:00 2001 From: Mitch Gaffigan Date: Sat, 21 Jun 2025 09:52:31 -0500 Subject: [PATCH 1/2] Fix usernames being case sensitive Signed-off-by: Mitch Gaffigan --- server/dbconf/derby/derby-user.xml | 2 +- server/dbconf/mysql/mysql-user.xml | 2 +- server/dbconf/oracle/oracle-user.xml | 2 +- server/dbconf/postgres/postgres-user.xml | 2 +- server/dbconf/sqlserver/sqlserver-user.xml | 2 +- .../connect/server/controllers/DefaultUserController.java | 6 +++--- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/server/dbconf/derby/derby-user.xml b/server/dbconf/derby/derby-user.xml index ffb19b3e1b..19f5347115 100644 --- a/server/dbconf/derby/derby-user.xml +++ b/server/dbconf/derby/derby-user.xml @@ -33,7 +33,7 @@ FROM PERSON ID = #{id} - AND USERNAME = #{username} + AND LOWER(USERNAME) = LOWER(#{username}) diff --git a/server/dbconf/mysql/mysql-user.xml b/server/dbconf/mysql/mysql-user.xml index cc3f5fc3d1..1b0ea623d2 100644 --- a/server/dbconf/mysql/mysql-user.xml +++ b/server/dbconf/mysql/mysql-user.xml @@ -33,7 +33,7 @@ FROM PERSON AND ID = #{id} - AND USERNAME = #{username} + AND LOWER(USERNAME) = LOWER(#{username}) diff --git a/server/dbconf/oracle/oracle-user.xml b/server/dbconf/oracle/oracle-user.xml index feded8251b..26aa1b9eec 100644 --- a/server/dbconf/oracle/oracle-user.xml +++ b/server/dbconf/oracle/oracle-user.xml @@ -33,7 +33,7 @@ FROM PERSON ID = #{id} - AND USERNAME = #{username} + AND LOWER(USERNAME) = LOWER(#{username}) diff --git a/server/dbconf/postgres/postgres-user.xml b/server/dbconf/postgres/postgres-user.xml index f9dd0d8557..aad9ebece7 100644 --- a/server/dbconf/postgres/postgres-user.xml +++ b/server/dbconf/postgres/postgres-user.xml @@ -29,7 +29,7 @@ FROM PERSON AND ID = #{id} - AND USERNAME = #{username} + AND LOWER(USERNAME) = LOWER(#{username}) diff --git a/server/src/com/mirth/connect/server/controllers/DefaultUserController.java b/server/src/com/mirth/connect/server/controllers/DefaultUserController.java index 26fef00e39..d2487bca04 100644 --- a/server/src/com/mirth/connect/server/controllers/DefaultUserController.java +++ b/server/src/com/mirth/connect/server/controllers/DefaultUserController.java @@ -333,7 +333,7 @@ public LoginStatus authorizeUser(String username, String plainPassword, String s if (loginRequirementsChecker.isPasswordExpired(passwordTime, currentTime)) { // Let 0 be infinite grace period, -1 be no grace period if (passwordRequirements.getGracePeriod() == 0) { - loginStatus = new LoginStatus(LoginStatus.Status.SUCCESS_GRACE_PERIOD, "Your password has expired. Please change your password now."); + loginStatus = new LoginStatus(LoginStatus.Status.SUCCESS_GRACE_PERIOD, "Your password has expired. Please change your password now.", validUser.getUsername()); } else if (passwordRequirements.getGracePeriod() > 0) { // If there has never been a grace time, start it now long gracePeriodStartTime; @@ -351,7 +351,7 @@ public LoginStatus authorizeUser(String username, String plainPassword, String s long graceTimeRemaining = loginRequirementsChecker.getGraceTimeRemaining(gracePeriodStartTime, currentTime); if (graceTimeRemaining > 0) { - loginStatus = new LoginStatus(LoginStatus.Status.SUCCESS_GRACE_PERIOD, "Your password has expired. You are required to change your password in the next " + loginRequirementsChecker.getPrintableGraceTimeRemaining(graceTimeRemaining) + "."); + loginStatus = new LoginStatus(LoginStatus.Status.SUCCESS_GRACE_PERIOD, "Your password has expired. You are required to change your password in the next " + loginRequirementsChecker.getPrintableGraceTimeRemaining(graceTimeRemaining) + ".", validUser.getUsername()); } } @@ -374,7 +374,7 @@ public LoginStatus authorizeUser(String username, String plainPassword, String s // If nothing failed (loginStatus != null), set SUCCESS now if (loginStatus == null) { - loginStatus = new LoginStatus(LoginStatus.Status.SUCCESS, ""); + loginStatus = new LoginStatus(LoginStatus.Status.SUCCESS, "", validUser.getUsername()); // Clear the user's grace period if one exists if (validUser.getGracePeriodStart() != null) { From 1ff71d4a0e14f90c89be82da3288dfb69cc62475 Mon Sep 17 00:00:00 2001 From: Mitch Gaffigan Date: Sat, 29 Nov 2025 12:35:41 -0600 Subject: [PATCH 2/2] Allow users to login with case-sensitive usernames if pre-existing Signed-off-by: Mitch Gaffigan --- .../server/controllers/DefaultUserController.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/server/src/com/mirth/connect/server/controllers/DefaultUserController.java b/server/src/com/mirth/connect/server/controllers/DefaultUserController.java index d2487bca04..dbd9a89492 100644 --- a/server/src/com/mirth/connect/server/controllers/DefaultUserController.java +++ b/server/src/com/mirth/connect/server/controllers/DefaultUserController.java @@ -103,7 +103,16 @@ public User getUser(Integer userId, String userName) throws ControllerException User user = new User(); user.setId(userId); user.setUsername(userName); - return SqlConfig.getInstance().getReadOnlySqlSessionManager().selectOne("User.getUser", user); + List list = SqlConfig.getInstance().getReadOnlySqlSessionManager().selectList("User.getUser", user); + // If we have multiple results, we want to prefer the case sensitive match + if (userName != null) { + for (User u : list) { + if (userName.equals(u.getUsername())) { + return u; + } + } + } + return list.isEmpty() ? null : list.get(0); } catch (PersistenceException e) { throw new ControllerException(e); } finally {