From 3d44c7c6e852140f89c4cd23f658c0582a67beb9 Mon Sep 17 00:00:00 2001
From: Philippe PITTOLI <karchnu@karchnu.fr>
Date: Mon, 1 Jul 2024 20:39:32 +0200
Subject: [PATCH] Change login policy: accept more characters and don't mind
 the order.

---
 bin/migration-filter.awk | 19 +++++++++++++++++++
 makefile                 |  4 ++--
 src/configuration.cr     | 17 +++++++++++++++++
 src/requests/register.cr |  2 +-
 src/requests/search.cr   |  3 +++
 src/service.cr           | 16 +---------------
 6 files changed, 43 insertions(+), 18 deletions(-)
 create mode 100755 bin/migration-filter.awk
 create mode 100644 src/configuration.cr

diff --git a/bin/migration-filter.awk b/bin/migration-filter.awk
new file mode 100755
index 0000000..c9185ba
--- /dev/null
+++ b/bin/migration-filter.awk
@@ -0,0 +1,19 @@
+#!/usr/bin/gawk -f
+
+BEGIN {
+	OFS="\t"
+	should_print = 0
+}
+
+$1 ~ /^[-_ %ùÙêÊçÇéÉàÀ+a-zA-Z0-9'@.,;&]+$/ {
+	should_print = 1
+}
+
+should_print == 0 {
+	print "INVALID:", $1, $2
+}
+
+should_print == 1 {
+	print $1 "\t" $2
+	should_print = 0
+}
diff --git a/makefile b/makefile
index 05bc98c..f155f5c 100644
--- a/makefile
+++ b/makefile
@@ -43,8 +43,8 @@ register:; $(Q)./bin/authc user register $(NAME) $(EMAIL)
 validate:; $(Q)./bin/authc user validate $(NAME) $(ACTIVATION_KEY)
 get-user:; $(Q)./bin/authc user get $(NAME) $(LOGIN_OPT)
 
-USER_DB ?= /tmp/authd-migration-user-db.txt
-$(USER_DB): ; cat /tmp/usrdb | awk '{ print $$1 "\t" $$2 }' | sort | uniq > $(USER_DB)
+USER_DB ?= /tmp/migration-authd-user-db.txt
+$(USER_DB): ; ./bin/migration-filter.awk < /tmp/usrdb | grep -a -v "^INVALID" | sort | uniq > $(USER_DB)
 migration-file: $(USER_DB)
 migrate-user:;      ./bin/authc user migrate $(NAME) $(PASSWORD_HASH) $(LOGIN_OPT)
 migrate-all-users:; ./bin/authc migration-script $(USER_DB) $(LOGIN_OPT)
diff --git a/src/configuration.cr b/src/configuration.cr
new file mode 100644
index 0000000..885add5
--- /dev/null
+++ b/src/configuration.cr
@@ -0,0 +1,17 @@
+require "baguette-crystal-base"
+
+class Baguette::Configuration
+	class Auth < IPC
+		property service_name            : String        = "auth"
+		property recreate_indexes        : Bool          = false
+		property storage                 : String        = "storage"
+		property registrations           : Bool          = false
+		property require_email           : Bool          = false
+		property activation_template     : String        = "email-activation"
+		property recovery_template       : String        = "email-recovery"
+		property mailer_exe              : String        = "/usr/local/bin/mailer"
+		property read_only_profile_keys  : Array(String) = Array(String).new
+
+		property print_password_recovery_parameters : Bool = false
+	end
+end
diff --git a/src/requests/register.cr b/src/requests/register.cr
index 9ebea28..4cbd90b 100644
--- a/src/requests/register.cr
+++ b/src/requests/register.cr
@@ -17,7 +17,7 @@ class AuthD::Request
 				return Response::ErrorAlreadyUsedLogin.new
 			end
 
-			acceptable_login_regex = "[a-zA-Z][-_ a-zA-Z0-9']*[a-zA-Z0-9]"
+			acceptable_login_regex = "[-_ %ùÙêÊçÇéÉàÀ+a-zA-Z0-9'@.,;&]+"
 			pattern = Regex.new acceptable_login_regex, Regex::Options::IGNORE_CASE
 			return Response::ErrorInvalidLoginFormat.new unless pattern =~ @login
 
diff --git a/src/requests/search.cr b/src/requests/search.cr
index ce82e3d..474ddf3 100644
--- a/src/requests/search.cr
+++ b/src/requests/search.cr
@@ -21,14 +21,17 @@ class AuthD::Request
 			result = if regex = @regex
 				pattern = Regex.new regex, Regex::Options::IGNORE_CASE
 				users.each do |u|
+					puts "trying to match user #{u.login}"
 					if pattern =~ u.login || u.profile.try do |profile|
 								full_name = profile["full_name"]?
+								puts "login didn't work, trying to match its full name: #{full_name}"
 								if full_name.nil?
 									false
 								else
 									pattern =~ full_name.as_s
 								end
 							end || u.contact.email.try do |email|
+								puts "full name didn't work, trying to match its email: #{email}"
 								pattern =~ email
 							end
 						Baguette::Log.debug "#{u.login} matches #{pattern}"
diff --git a/src/service.cr b/src/service.cr
index ea93a26..9e27909 100644
--- a/src/service.cr
+++ b/src/service.cr
@@ -3,21 +3,7 @@ require "sodium"
 
 extend AuthD
 
-class Baguette::Configuration
-	class Auth < IPC
-		property service_name            : String        = "auth"
-		property recreate_indexes        : Bool          = false
-		property storage                 : String        = "storage"
-		property registrations           : Bool          = false
-		property require_email           : Bool          = false
-		property activation_template     : String        = "email-activation"
-		property recovery_template       : String        = "email-recovery"
-		property mailer_exe              : String        = "/usr/local/bin/mailer"
-		property read_only_profile_keys  : Array(String) = Array(String).new
-
-		property print_password_recovery_parameters : Bool = false
-	end
-end
+require "./configuration"
 
 # Provides a JWT-based authentication scheme for service-specific users.
 class AuthD::Service < IPC