Details
-
Bug
-
Resolution: Fixed
-
HCDC 3.1.1
-
None
-
Severity 2 - Major
Description
Summary
- On the HipChat Server's MariaDB, we had case insensitive database collation. This allowed users to log into the application with any casing possible.
- It prevented casing-related variations in LDAP / Active Directory from creating two different users when using admin@EXAMPLE. com and admin@example.com
- On PostgreSQL this is not the case. PostgreSQL by default does not have case insensitive collations, which means that all of the queries are now case sensitive. admin@example.com and admin@EXAMPLE.COM are not the same.
- This is a regression from HipChat Server that can affect user authentication after a migration to HipChat Data Center
Environment
- HipChat Data Center 3.0.0
- HipChat Data Center 3.0.1
Steps to Reproduce
- Create a user with an email address admin@example.com
- Once created, authenticate using admin@EXAMPLE.COM through the log in screen
Expected Results
The log in should be successful
Actual Results
The log in will fail with the following error:
The following ERROR will be logged under the /var/log/hipchat/atlassian-crowd.log:
atlassian-crowd.log
2017-10-02 00:22:40,714 http-bio-8095-exec-3 INFO [hipchat.server.rest.HipChatCrowdAuthenticateResource] [7vRPr4AL] Initiating authentication for user 'admin@EXAMPLE.COM' 2017-10-02 00:22:40,724 http-bio-8095-exec-3 INFO [hipchat.server.rest.HipChatCrowdAuthenticateResource] [7vRPr4AL] Authentication for 'admin@EXAMPLE.COM' failed. HTTP code: 404, XMPP error: not-authorized, message: null
Workaround
Users will have to authenticate using the specific email address that is mapped to their account for now until the internal change to the database collation is made