From 073fb16e203b8f47a76b059a85cb19ca25e23b08 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 25 Sep 2024 10:26:26 -0400
Subject: [PATCH] lowercase email when looking up ID; allow uppercase emails
 when modifying existing users but not when adding new users

---
 salt/manager/tools/sbin/so-user | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/salt/manager/tools/sbin/so-user b/salt/manager/tools/sbin/so-user
index 40e0b01f8..e4b2b7464 100755
--- a/salt/manager/tools/sbin/so-user
+++ b/salt/manager/tools/sbin/so-user
@@ -173,7 +173,7 @@ function verifyEnvironment() {
 }
 
 function findIdByEmail() {
-  email=$1
+  email=${1,,}
 
   response=$(curl -Ss -L ${kratosUrl}/identities)
   identityId=$(echo "${response}" | jq -r ".[] | select(.verifiable_addresses[0].value == \"$email\") | .id")
@@ -195,12 +195,13 @@ function validatePassword() {
 
 function validateEmail() {
   email=$1
+  requireLower=$2
   # (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
   if [[ ! "$email" =~ ^[[:alnum:]._%+-]+@[[:alnum:].-]+\.[[:alpha:]]{2,}$ ]]; then
     fail "Email address is invalid"
   fi
 
-  if [[ "$email" =~ [A-Z] ]]; then
+  if [[ "$requireLower" == "true" && "$email" =~ [A-Z] ]]; then
     fail "Email addresses cannot contain uppercase letters"
   fi
 }
@@ -581,7 +582,7 @@ case "${operation}" in
     [[ "$email" == "" ]] && fail "Email address must be provided"
 
     lock
-    validateEmail "$email"
+    validateEmail "$email" true
     updatePassword
     createUser "$email" "${role:-$DEFAULT_ROLE}" "${firstName}" "${lastName}" "${note}"
     syncAll
@@ -687,13 +688,13 @@ case "${operation}" in
     ;;
 
   "validate")
-    validateEmail "$email"
+    validateEmail "$email" true
     updatePassword
     echo "Email and password are acceptable"
     ;;
 
   "valemail")
-    validateEmail "$email"
+    validateEmail "$email" true
     echo "Email is acceptable"
     ;;