userName attribute should be case-insensitive, per the RFC
mateuszmandera opened this issue · 6 comments
See https://datatracker.ietf.org/doc/html/rfc7643#section-4.1.1: (userName)
This attribute is REQUIRED and is case insensitive.
Currently this case-insensitive behavior is not implemented and the filter lookups are case-sensitive.
This looks quite troublesome, since it requires transforming SQL queries into something like UPPER(<relevant column>) = UPPER('string in the query') - and I'm not sure how easy that'd be too implement, especially if it's to work correctly with the various filter operators?
I dag a bit into scim2_filter_parser code trying to figure out something, but it seems quite non-trivial 😞
Currently, the Django Q object transpiler is always case-insensitive, but the SQL transpiler is always case-sensitive.
It looks like it would be simple to make it always case-insensitive, by changing = to ILIKE, != to NOT ILIKE, and LIKE to ILIKE, with a corresponding adjustment to the 'LIKE' == op_sql condition and matching_op_by_scim_op.
I’m not sure if that’s the desired behavior.
ILIKE would seem simpler (though possibly still not quite easy if it was to be handled fully correctly, since the transpiler would have to be aware that it should do this only in the case of userName but not other attributes 🤔 ) - but given that it's pattern matching rather than equality, I wonder if special characters wouldn't become an issue in some way.
Nice find @mateuszmandera. This is indeed tricky. It's been a while since I've touched this code. Let me see what I can come up with.
A patch is up on the scim2-filter-parser repo.
That patch is broken from the start. I'm going to reattempt next week. Please post further comments to that issue as the problem is in that project, not this one.