Page MenuHomePhabricator

DataHub rights assignment is case-sensitive
Open, HighPublic

Description

When logging into DataHub it is possible to enter your username in either upper, lower, or mixed case.

e.g. I could use btullis, Btullis or BTULLIS as my username - as long as I supply the correct LDAP password authentication will succeed and I will be permitted access to DataHub.

However, it is only if I log in using the lowercase version of my username I am correctly added to the 'datahubadmins` group.

This is the URN for the datahubadmins group: https://datahub.wikimedia.org/group/urn:li:corpGroup:76fbf709-8faa-47e0-b31e-dee18a1b403d

This is the URN for my LDAP user: https://datahub.wikimedia.org/user/urn:li:corpuser:btullis

I have recorded the following screen capture demonstrating this. In the animation I initially log in with btullis and we can see the Domains, Users & Groups, Ingestion, and Policies lnks at the top right. Then I log out and log back in with the same password, but change the username to Btullis - this time those links have gone from the rop right.

firefox_8vIZcGKt1L.gif (960×1 px, 478 KB)

Event Timeline

This relates to T307711: User Experience: Authentication and T305874: Switch DataHub authentication to OIDC but the effects are quite specific, so I thought it worth creating a specific ticket about it.

seems like a bug to me. If this is a requirement of the system, it should just lowercase transparent to the user.