(tooling-trusted-release) branch main updated: Fix problems with case when setting and comparing key values

Wed, 18 Jun 2025 09:24:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git


The following commit(s) were added to refs/heads/main by this push:
     new f42b2d0  Fix problems with case when setting and comparing key values
f42b2d0 is described below

commit f42b2d0db9e90e5ff48be8e3d4463865a8296d2e
Author: Sean B. Palmer <[email protected]>
AuthorDate: Wed Jun 18 17:23:24 2025 +0100

    Fix problems with case when setting and comparing key values
---
 atr/db/interaction.py |  5 +++--
 atr/routes/keys.py    | 10 ++++++----
 atr/util.py           |  9 +++++----
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/atr/db/interaction.py b/atr/db/interaction.py
index 3e935ea..cff67ae 100644
--- a/atr/db/interaction.py
+++ b/atr/db/interaction.py
@@ -75,6 +75,7 @@ async def key_user_add(
     ldap_data: dict[str, str] | None = None,
     update_existing: bool = False,
 ) -> list[dict]:
+    session_asf_uid = session_asf_uid.lower() if session_asf_uid else None
     if not public_key:
         raise PublicKeyError("Public key is required")
 
@@ -157,7 +158,7 @@ async def key_user_session_add(
                 existing.expires = expires
                 existing.primary_declared_uid = uids[0] if uids else None
                 existing.secondary_declared_uids = uids[1:]
-                existing.apache_uid = asf_uid
+                existing.apache_uid = asf_uid.lower() if asf_uid else None
                 existing.ascii_armored_key = (
                     public_key.decode("utf-8", errors="replace") if 
isinstance(public_key, bytes) else public_key
                 )
@@ -178,7 +179,7 @@ async def key_user_session_add(
                 expires=expires,
                 primary_declared_uid=uids[0] if uids else None,
                 secondary_declared_uids=uids[1:],
-                apache_uid=asf_uid,
+                apache_uid=asf_uid.lower() if asf_uid else None,
                 ascii_armored_key=public_key,
             )
             data.add(key_record)
diff --git a/atr/routes/keys.py b/atr/routes/keys.py
index 246ae7f..da2dbe9 100644
--- a/atr/routes/keys.py
+++ b/atr/routes/keys.py
@@ -241,7 +241,7 @@ async def delete(session: routes.CommitterSession) -> 
response.Response:
     async with db.session() as data:
         async with data.begin():
             # Try to get an OpenPGP key first
-            key = await data.public_signing_key(fingerprint=fingerprint, 
apache_uid=session.uid).get()
+            key = await data.public_signing_key(fingerprint=fingerprint, 
apache_uid=session.uid.lower()).get()
             if key:
                 # Delete the OpenPGP key
                 await data.delete(key)
@@ -411,7 +411,7 @@ async def keys(session: routes.CommitterSession) -> str:
     update_committee_keys_form = await UpdateCommitteeKeysForm.create_form()
 
     async with db.session() as data:
-        user_keys = await data.public_signing_key(apache_uid=session.uid, 
_committees=True).all()
+        user_keys = await 
data.public_signing_key(apache_uid=session.uid.lower(), _committees=True).all()
         user_ssh_keys = await data.ssh_key(asf_uid=session.uid).all()
         user_committees_with_keys = await 
data.committee(name_in=committees_to_query, _public_signing_keys=True).all()
     for key in user_keys:
@@ -656,7 +656,9 @@ async def _key_and_is_owner(
 
     # Allow owners and committee members to view the key
     authorised = False
-    is_owner = key.apache_uid == session.uid
+    is_owner = False
+    if key.apache_uid and session.uid:
+        is_owner = key.apache_uid.lower() == session.uid.lower()
     if is_owner:
         authorised = True
     else:
@@ -690,7 +692,7 @@ async def _keys_formatter(committee_name: str, data: 
db.Session) -> str:
 
     keys_content_list = []
     for key in sorted_keys:
-        apache_uid = key.apache_uid
+        apache_uid = key.apache_uid.lower() if key.apache_uid else None
         # TODO: What if there is no email?
         email = util.email_from_uid(key.primary_declared_uid or "") or ""
         comments = []
diff --git a/atr/util.py b/atr/util.py
index f25f9e9..3a73356 100644
--- a/atr/util.py
+++ b/atr/util.py
@@ -158,6 +158,7 @@ async def asf_uid_from_uids(
     # Determine ASF UID if not provided
     emails = []
     for uid_str in uids:
+        # This returns a lower case email address, no matter what the case of 
the input UID
         if email := email_from_uid(uid_str):
             if email.endswith("@apache.org"):
                 return email.removesuffix("@apache.org")
@@ -276,7 +277,7 @@ async def create_hard_link_clone(
 
 def email_from_uid(uid: str) -> str | None:
     if m := re.search(r"<([^>]+)>", uid):
-        return m.group(1)
+        return m.group(1).lower()
     return None
 
 
@@ -305,11 +306,11 @@ async def email_to_uid_map() -> dict[str, str]:
     for entry in ldap_params.results_list:
         uid = entry.get("uid", [""])[0]
         if mail := get(entry, "mail"):
-            email_to_uid[mail] = uid
+            email_to_uid[mail.lower()] = uid.lower()
         if alt_email := get(entry, "asf-altEmail"):
-            email_to_uid[alt_email] = uid
+            email_to_uid[alt_email.lower()] = uid.lower()
         if committer_email := get(entry, "asf-committer-email"):
-            email_to_uid[committer_email] = uid
+            email_to_uid[committer_email.lower()] = uid.lower()
     return email_to_uid
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to