feat: allow non-ASCII characters in username (#1235 )

feat: add arm docker (#1236 )
feat: non root user for casdoor image (#1234 )
2025-07-09 01:13:41 +08:00 · 2022-10-22 20:46:50 +08:00 · 2022-10-22 11:08:29 +08:00 · 2022-10-21 17:19:58 +08:00 · 2022-10-20 14:47:08 +08:00 · 2022-10-20 01:14:38 +08:00
17 changed files with 151 additions and 60 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -125,26 +125,36 @@ jobs:
              
          fi

+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          version: latest
+
      - name: Log in to Docker Hub
        uses: docker/login-action@v1
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' &&steps.should_push.outputs.push=='true'
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

-
      - name: Push to Docker Hub
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          target: STANDARD
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest

      - name: Push All In One Version to Docker Hub
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          target: ALLINONE
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest
--- a/.gitignore
+++ b/.gitignore
@ -27,3 +27,6 @@ logs/
 files/
 lastupdate.tmp
 commentsRouter*.go
+
+# ignore build result
+casdoor
--- a/20
+++ b/20
@ -2,7 +2,7 @@ FROM node:16.13.0 AS FRONT
 WORKDIR /web
 COPY ./web .
 RUN yarn config set registry https://registry.npmmirror.com
-RUN yarn install && yarn run build
+RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build


 FROM golang:1.17.5 AS BACK
@ -13,16 +13,26 @@ RUN ./build.sh

 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
+ARG USER=casdoor

 RUN sed -i 's/https/http/' /etc/apk/repositories
+RUN apk add --update sudo
 RUN apk add curl
 RUN apk add ca-certificates && update-ca-certificates

+RUN adduser -D $USER -u 1000 \
+    && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
+    && chmod 0440 /etc/sudoers.d/$USER \
+    && mkdir logs \
+    && chown -R $USER:$USER logs
+
+USER 1000
 WORKDIR /
-COPY --from=BACK /go/src/casdoor/server ./server
-COPY --from=BACK /go/src/casdoor/swagger ./swagger
-COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=FRONT /web/build ./web/build
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server ./server
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
+COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
+
 ENTRYPOINT ["/server"]


--- a/BIN
+++ b/BIN
--- a/controllers/account.go
+++ b/controllers/account.go
@ -203,12 +203,6 @@ func (c *ApiController) Signup() {
 		}
 	}

-	msg = object.CheckUsername(user.Name)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
 	affected := object.AddUser(user)
 	if !affected {
 		c.ResponseError(fmt.Sprintf("Failed to create user, user information is invalid: %s", util.StructToJson(user)))
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -411,12 +411,6 @@ func (c *ApiController) Login() {
 				// sync info from 3rd-party if possible
 				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)

-				msg := object.CheckUsername(user.Name)
-				if msg != "" {
-					c.ResponseError(msg)
-					return
-				}
-
 				affected := object.AddUser(user)
 				if !affected {
 					c.ResponseError(fmt.Sprintf("Failed to create user, user information is invalid: %s", util.StructToJson(user)))
--- a/controllers/user.go
+++ b/controllers/user.go
@ -158,12 +158,6 @@ func (c *ApiController) UpdateUser() {
 		columns = strings.Split(columnsStr, ",")
 	}

-	msg := object.CheckUsername(user.Name)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
 	isGlobalAdmin := c.IsGlobalAdmin()
 	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
 	if affected {
--- a/idp/goth.go
+++ b/idp/goth.go
@ -282,7 +282,7 @@ func getUser(gothUser goth.User, provider string) *UserInfo {
 		}
 	}
 	if provider == "steam" {
-		user.Username = user.DisplayName
+		user.Username = user.Id
 		user.Email = ""
 	}
 	return &user
--- a/object/adapter.go
+++ b/object/adapter.go
@ -19,11 +19,13 @@ import (
 	"runtime"

 	"github.com/beego/beego"
+	xormadapter "github.com/casbin/xorm-adapter/v3"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	_ "github.com/denisenkom/go-mssqldb" // db = mssql
 	_ "github.com/go-sql-driver/mysql"   // db = mysql
 	_ "github.com/lib/pq"                // db = postgres
+	"xorm.io/xorm/migrate"
 	//_ "github.com/mattn/go-sqlite3"    // db = sqlite3
 	"xorm.io/core"
 	"xorm.io/xorm"
@ -40,6 +42,7 @@ func InitConfig() {
 	beego.BConfig.WebConfig.Session.SessionOn = true

 	InitAdapter(true)
+	initMigrations()
 }

 func InitAdapter(createDatabase bool) {
@ -214,6 +217,11 @@ func (a *Adapter) createTable() {
 	if err != nil {
 		panic(err)
 	}
+
+	err = a.Engine.Sync2(new(xormadapter.CasbinRule))
+	if err != nil {
+		panic(err)
+	}
 }

 func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
@ -239,3 +247,22 @@ func GetSession(owner string, offset, limit int, field, value, sortField, sortOr
 	}
 	return session
 }
+
+func initMigrations() {
+	migrations := []*migrate.Migration{
+		{
+			ID: "20221015CasbinRule--fill ptype field with p",
+			Migrate: func(tx *xorm.Engine) error {
+				_, err := tx.Cols("ptype").Update(&xormadapter.CasbinRule{
+					Ptype: "p",
+				})
+				return err
+			},
+			Rollback: func(tx *xorm.Engine) error {
+				return tx.DropTables(&xormadapter.CasbinRule{})
+			},
+		},
+	}
+	m := migrate.New(adapter.Engine, migrate.DefaultOptions, migrations)
+	m.Migrate()
+}
--- a/object/avatar.go
+++ b/object/avatar.go
@ -50,7 +50,7 @@ func downloadFile(url string) (*bytes.Buffer, error) {
 	return fileBuffer, nil
 }

-func getPermanentAvatarUrl(organization string, username string, url string) string {
+func getPermanentAvatarUrl(organization string, username string, url string, upload bool) string {
 	if url == "" {
 		return ""
 	}
@ -62,6 +62,14 @@ func getPermanentAvatarUrl(organization string, username string, url string) str
 	fullFilePath := fmt.Sprintf("/avatar/%s/%s.png", organization, username)
 	uploadedFileUrl, _ := getUploadFileUrl(defaultStorageProvider, fullFilePath, false)

+	if upload {
+		DownloadAndUpload(url, fullFilePath)
+	}
+
+	return uploadedFileUrl
+}
+
+func DownloadAndUpload(url string, fullFilePath string) {
 	fileBuffer, err := downloadFile(url)
 	if err != nil {
 		panic(err)
@ -71,6 +79,4 @@ func getPermanentAvatarUrl(organization string, username string, url string) str
 	if err != nil {
 		panic(err)
 	}
-
-	return uploadedFileUrl
 }
--- a/object/avatar_test.go
+++ b/object/avatar_test.go
@ -32,7 +32,7 @@ func TestSyncPermanentAvatars(t *testing.T) {
 			continue
 		}

-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
 		updateUserColumn("permanent_avatar", user)
 		fmt.Printf("[%d/%d]: Update user: [%s]'s permanent avatar: %s\n", i, len(users), user.GetId(), user.PermanentAvatar)
 	}
--- a/object/check.go
+++ b/object/check.go
@ -59,6 +59,11 @@ func CheckUserSignup(application *Application, organization *Organization, usern
 		if reWhiteSpace.MatchString(username) {
 			return "username cannot contain white spaces"
 		}
+		msg := CheckUsername(username)
+		if msg != "" {
+			return msg
+		}
+
 		if HasUserByField(organization.Name, "name", username) {
 			return "username already exists"
 		}
@ -314,16 +319,21 @@ func CheckAccessPermission(userId string, application *Application) (bool, error
 	return allowed, err
 }

-func CheckUsername(name string) string {
-	if name == "" {
+func CheckUsername(username string) string {
+	if username == "" {
 		return "Empty username."
-	} else if len(name) > 39 {
+	} else if len(username) > 39 {
 		return "Username is too long (maximum is 39 characters)."
 	}

+	exclude, _ := regexp.Compile("^[\u0021-\u007E]+$")
+	if !exclude.MatchString(username) {
+		return ""
+	}
+
 	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
 	re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
-	if !re.MatchString(name) {
+	if !re.MatchString(username) {
 		return "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline."
 	}

--- a/object/syncer_user.go
+++ b/object/syncer_user.go
@ -120,7 +120,7 @@ func (syncer *Syncer) updateUserForOriginalFields(user *User) (bool, error) {
 	}

 	if user.Avatar != oldUser.Avatar && user.Avatar != "" {
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
 	}

 	columns := syncer.getCasdoorColumns()
--- a/object/user.go
+++ b/object/user.go
@ -386,7 +386,7 @@ func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) boo
 	user.UpdateUserHash()

 	if user.Avatar != oldUser.Avatar && user.Avatar != "" && user.PermanentAvatar != "*" {
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)
 	}

 	if len(columns) == 0 {
@ -419,7 +419,7 @@ func UpdateUserForAllFields(id string, user *User) bool {
 	user.UpdateUserHash()

 	if user.Avatar != oldUser.Avatar && user.Avatar != "" {
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)
 	}

 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(user)
@ -449,7 +449,7 @@ func AddUser(user *User) bool {
 	user.UpdateUserHash()
 	user.PreHash = user.Hash

-	user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+	user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)

 	user.Ranking = GetUserCount(user.Owner, "", "") + 1

@ -474,7 +474,7 @@ func AddUsers(users []*User) bool {
 		user.UpdateUserHash()
 		user.PreHash = user.Hash

-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
 	}

 	affected, err := adapter.Engine.Insert(users)
--- a/web/src/CropperDiv.js
+++ b/web/src/CropperDiv.js
@ -12,19 +12,21 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-import React, {useState} from "react";
+import React, {useEffect, useState} from "react";
 import Cropper from "react-cropper";
 import "cropperjs/dist/cropper.css";
 import * as Setting from "./Setting";
-import {Button, Col, Modal, Row} from "antd";
+import {Button, Col, Modal, Row, Select} from "antd";
 import i18next from "i18next";
 import * as ResourceBackend from "./backend/ResourceBackend";

 export const CropperDiv = (props) => {
+  const [loading, setLoading] = useState(true);
+  const [options, setOptions] = useState([]);
  const [image, setImage] = useState("");
  const [cropper, setCropper] = useState();
-  const [visible, setVisible] = React.useState(false);
-  const [confirmLoading, setConfirmLoading] = React.useState(false);
+  const [visible, setVisible] = useState(false);
+  const [confirmLoading, setConfirmLoading] = useState(false);
  const {title} = props;
  const {user} = props;
  const {buttonText} = props;
@ -60,7 +62,7 @@ export const CropperDiv = (props) => {
      ResourceBackend.uploadResource(user.owner, user.name, "avatar", "CropperDiv", fullFilePath, blob)
        .then((res) => {
          if (res.status === "ok") {
-            window.location.href = "/account";
+            window.location.href = window.location.pathname;
          } else {
            Setting.showMessage("error", res.msg);
          }
@ -88,6 +90,48 @@ export const CropperDiv = (props) => {
    uploadButton.click();
  };

+  const getOptions = (data) => {
+    const options = [];
+    if (props.account.organization.defaultAvatar !== null) {
+      options.push({value: props.account.organization.defaultAvatar});
+    }
+    for (let i = 0; i < data.length; i++) {
+      if (data[i].fileType === "image") {
+        const url = `${data[i].url}`;
+        options.push({
+          value: url,
+        });
+      }
+    }
+    return options;
+  };
+
+  const getBase64Image = (src) => {
+    return new Promise((resolve) => {
+      const image = new Image();
+      image.src = src;
+      image.setAttribute("crossOrigin", "anonymous");
+      image.onload = () => {
+        const canvas = document.createElement("canvas");
+        canvas.width = image.width;
+        canvas.height = image.height;
+        const ctx = canvas.getContext("2d");
+        ctx.drawImage(image, 0, 0, image.width, image.height);
+        const dataURL = canvas.toDataURL("image/png");
+        resolve(dataURL);
+      };
+    });
+  };
+
+  useEffect(() => {
+    setLoading(true);
+    ResourceBackend.getResources(props.account.owner, props.account.name, "", "", "", "", "", "")
+      .then((res) => {
+        setLoading(false);
+        setOptions(getOptions(res));
+      });
+  }, []);
+
  return (
    <div>
      <Button type="default" onClick={showModal}>
@ -105,10 +149,20 @@ export const CropperDiv = (props) => {
          [<Button block key="submit" type="primary" onClick={handleOk}>{i18next.t("user:Set new profile picture")}</Button>]
        }
      >
-        <Col style={{margin: "0px auto 40px auto", width: 1000, height: 300}}>
+        <Col style={{margin: "0px auto 60px auto", width: 1000, height: 350}}>
          <Row style={{width: "100%", marginBottom: "20px"}}>
            <input style={{display: "none"}} ref={input => uploadButton = input} type="file" accept="image/*" onChange={onChange} />
            <Button block onClick={selectFile}>{i18next.t("user:Select a photo...")}</Button>
+            <Select
+              style={{width: "100%"}}
+              loading={loading}
+              placeholder={i18next.t("user:Please select avatar from resources")}
+              onChange={(async value => {
+                setImage(await getBase64Image(value));
+              })}
+              options={options}
+              allowClear={true}
+            />
          </Row>
          <Cropper
            style={{height: "100%"}}
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -17,7 +17,6 @@ import {Button, Card, Col, Input, Result, Row, Select, Spin, Switch} from "antd"
 import * as UserBackend from "./backend/UserBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
-import {LinkOutlined} from "@ant-design/icons";
 import i18next from "i18next";
 import CropperDiv from "./CropperDiv.js";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
@ -232,16 +231,6 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Avatar"), i18next.t("general:Avatar - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {i18next.t("general:URL")}:
-              </Col>
-              <Col span={22} >
-                <Input prefix={<LinkOutlined />} value={this.state.user.avatar} onChange={e => {
-                  this.updateUserField("avatar", e.target.value);
-                }} />
-              </Col>
-            </Row>
            <Row style={{marginTop: "20px"}} >
              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                {i18next.t("general:Preview")}:
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -156,8 +156,8 @@ class LoginPage extends React.Component {
      values["type"] = "saml";
    }

-    if (this.state.owner !== null && this.state.owner !== undefined) {
-      values["organization"] = this.state.owner;
+    if (this.state.application.organization !== null && this.state.application.organization !== undefined) {
+      values["organization"] = this.state.application.organization;
    }
  }
  postCodeLoginAction(res) {
Author	SHA1	Message	Date
cofecatt	19d351d157	feat: allow non-ASCII characters in username (#1235 )	2022-10-22 20:46:50 +08:00
Bingchang Chen	d0751bf2fa	feat: add arm docker (#1236 )	2022-10-22 11:08:29 +08:00
Bingchang Chen	290cc60f00	feat: non root user for casdoor image (#1234 ) Signed-off-by: abingcbc <abingcbc626@gmail.com> Signed-off-by: abingcbc <abingcbc626@gmail.com>	2022-10-21 17:19:58 +08:00
Yaodong Yu	6a1ec51978	feat: fix SSRF when download avatar (#1193 )	2022-10-20 14:47:08 +08:00
chao	dffa68cbce	feat: fix SAML login error bug (#1228 ) * Update LoginPage.js * fix saml login error	2022-10-20 01:14:38 +08:00
Gucheng Wang	fad209a7a3	Don't check username in UpdateUser() API	2022-10-19 22:50:19 +08:00
Gucheng Wang	8b222ce2e3	Use Steam ID as username	2022-10-18 22:07:20 +08:00
YunShu	c5293f428d	fix: delete this accidentally added files (#1229 ) * fix: delete this accidentally added files * fix: ignore build result * fix: remove unnecessary asterisk	2022-10-18 21:55:34 +08:00
Gucheng	146aec9ee8	feat: skip username restriction for new users coming from OAuth providers. (#1225 )	2022-10-17 18:01:01 +08:00
Mr Forest	50a52de856	feat: support database version control (#1221 ) * feat: support Database version control * Update adapter.go * fix review problems * Update adapter.go Co-authored-by: Yang Luo <hsluoyz@qq.com>	2022-10-15 17:20:20 +08:00