fix(handlers): regulation flow (#8683)

This fixes an edge case issue where the regulation flow doesn't detect the correct username.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

1 files changed, 59 insertions, 12 deletions

diff --git a/internal/handlers/handler_firstfactor_test.go b/internal/handlers/handler_firstfactor_test.go
index 6d17a71b9..1ab273318 100644
--- a/internal/handlers/handler_firstfactor_test.go
+++ b/internal/handlers/handler_firstfactor_test.go
@@ -54,6 +54,11 @@ func (s *FirstFactorSuite) TestShouldFailIfBodyIsInBadFormat() {
 func (s *FirstFactorSuite) TestShouldFailIfUserProviderCheckPasswordFail() {
 	s.mock.UserProviderMock.
 		EXPECT().
+		GetDetails(gomock.Eq("test")).
+		Return(&authentication.UserDetails{Username: "test"}, nil)
+
+	s.mock.UserProviderMock.
+		EXPECT().
 		CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
 		Return(false, fmt.Errorf("failed"))
 
@@ -83,6 +88,11 @@ func (s *FirstFactorSuite) TestShouldFailIfUserProviderCheckPasswordFail() {
 func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsNotMarkedWhenProviderCheckPasswordError() {
 	s.mock.UserProviderMock.
 		EXPECT().
+		GetDetails(gomock.Eq("test")).
+		Return(&authentication.UserDetails{Username: "test"}, nil)
+
+	s.mock.UserProviderMock.
+		EXPECT().
 		CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
 		Return(false, fmt.Errorf("invalid credentials"))
 
@@ -109,6 +119,11 @@ func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsNotMarkedWhenProviderC
 func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsMarkedWhenInvalidCredentials() {
 	s.mock.UserProviderMock.
 		EXPECT().
+		GetDetails(gomock.Eq("test")).
+		Return(&authentication.UserDetails{Username: "test"}, nil)
+
+	s.mock.UserProviderMock.
+		EXPECT().
 		CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
 		Return(false, nil)
 
@@ -135,16 +150,6 @@ func (s *FirstFactorSuite) TestShouldCheckAuthenticationIsMarkedWhenInvalidCrede
 func (s *FirstFactorSuite) TestShouldFailIfUserProviderGetDetailsFail() {
 	s.mock.UserProviderMock.
 		EXPECT().
-		CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
-		Return(true, nil)
-
-	s.mock.StorageMock.
-		EXPECT().
-		AppendAuthenticationLog(s.mock.Ctx, gomock.Any()).
-		Return(nil)
-
-	s.mock.UserProviderMock.
-		EXPECT().
 		GetDetails(gomock.Eq("test")).
 		Return(nil, fmt.Errorf("failed"))
 
@@ -155,13 +160,18 @@ func (s *FirstFactorSuite) TestShouldFailIfUserProviderGetDetailsFail() {
 	}`)
 	FirstFactorPOST(nil)(s.mock.Ctx)
 
-	AssertLogEntryMessageAndError(s.T(), s.mock.Hook.LastEntry(), "Could not obtain profile details during 1FA authentication for user 'test'", "failed")
+	AssertLogEntryMessageAndError(s.T(), s.mock.Hook.LastEntry(), "Error occurred getting details for user with username input 'test' which usually indicates they do not exist", "failed")
 	s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
 }
 
 func (s *FirstFactorSuite) TestShouldFailIfAuthenticationMarkFail() {
 	s.mock.UserProviderMock.
 		EXPECT().
+		GetDetails(gomock.Eq("test")).
+		Return(&authentication.UserDetails{Username: "test"}, nil)
+
+	s.mock.UserProviderMock.
+		EXPECT().
 		CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
 		Return(true, nil)
 
@@ -264,10 +274,47 @@ func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeUnchecked() {
 	assert.Equal(s.T(), []string{"dev", "admins"}, userSession.Groups)
 }
 
+func (s *FirstFactorSuite) TestShouldAuthenticateUserWithEmailAsUsernameInput() {
+	gomock.InOrder(
+		s.mock.UserProviderMock.
+			EXPECT().
+			GetDetails(gomock.Eq("test@example.com")).
+			Return(&authentication.UserDetails{
+				Username: "test",
+				Emails:   []string{"test@example.com"},
+				Groups:   []string{"dev", "admins"},
+			}, nil),
+		s.mock.UserProviderMock.
+			EXPECT().
+			CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
+			Return(true, nil),
+		s.mock.StorageMock.
+			EXPECT().
+			AppendAuthenticationLog(s.mock.Ctx, gomock.Eq(model.AuthenticationAttempt{Time: s.mock.Clock.Now(), Successful: true, Username: "test", Type: regulation.AuthType1FA, RemoteIP: model.NewNullIP(s.mock.Ctx.RemoteIP())})).
+			Return(nil),
+	)
+
+	s.mock.Ctx.Request.SetBodyString(`{"username":"test@example.com","password":"hello","requestMethod":"GET","keepMeLoggedIn":false}`)
+	FirstFactorPOST(nil)(s.mock.Ctx)
+
+	// Respond with 200.
+	s.Equal(fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
+	s.Equal([]byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
+
+	userSession, err := s.mock.Ctx.GetSession()
+	s.Assert().NoError(err)
+
+	s.Equal("test", userSession.Username)
+	s.Equal(false, userSession.KeepMeLoggedIn)
+	s.Equal(authentication.OneFactor, userSession.AuthenticationLevel)
+	s.Equal([]string{"test@example.com"}, userSession.Emails)
+	s.Equal([]string{"dev", "admins"}, userSession.Groups)
+}
+
 func (s *FirstFactorSuite) TestShouldSaveUsernameFromAuthenticationBackendInSession() {
 	s.mock.UserProviderMock.
 		EXPECT().
-		CheckUserPassword(gomock.Eq("test"), gomock.Eq("hello")).
+		CheckUserPassword(gomock.Eq("Test"), gomock.Eq("hello")).
 		Return(true, nil)
 
 	s.mock.UserProviderMock.