From 1e38927e8f80b06b97d10f313bbe2ece25aa5a71 Mon Sep 17 00:00:00 2001
From: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>
Date: Thu, 18 Aug 2022 12:15:55 -0300
Subject: [PATCH 1/3] claims: Use case insensitive checks for group mapping

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>
---
 claims/claims.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/claims/claims.go b/claims/claims.go
index ba51890..8a2edc7 100644
--- a/claims/claims.go
+++ b/claims/claims.go
@@ -8,6 +8,7 @@ package claims
 import (
 	"fmt"
 	"path"
+	"strings"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 )
@@ -33,13 +34,16 @@ func FilterGroups(groups []string, allowed []string, denied []string) []string {
 	var new_groups []string
 group_loop:
 	for _, group := range groups {
+		group_lc := strings.ToLower(group)
 		for _, pattern := range denied {
-			if match, _ := path.Match(pattern, group); match {
+			pattern_lc := strings.ToLower(pattern)
+			if match, _ := path.Match(pattern_lc, group_lc); match {
 				continue group_loop
 			}
 		}
 		for _, pattern := range allowed {
-			if match, _ := path.Match(pattern, group); match {
+			pattern_lc := strings.ToLower(pattern)
+			if match, _ := path.Match(pattern_lc, group_lc); match {
 				new_groups = append(new_groups, group)
 			}
 		}
@@ -53,6 +57,9 @@ func MapGroups(groups []string, group_map map[string]string) []string {
 	var new_groups []string
 	for _, group := range groups {
 		mapped, ok := group_map[group]
+		if !ok {
+			mapped, ok = group_map[strings.ToLower(group)]
+		}
 		if ok {
 			new_groups = append(new_groups, mapped)
 		} else {
@@ -65,7 +72,9 @@ func MapGroups(groups []string, group_map map[string]string) []string {
 func VerifyGroups(groups []string, required []string) bool {
 req_loop:
 	for _, req_group := range required {
+		req_group = strings.ToLower(req_group)
 		for _, group := range groups {
+			group = strings.ToLower(group)
 			if match, _ := path.Match(req_group, group); match {
 				continue req_loop
 			}
-- 
GitLab


From e3005ad6c7d0a9f1e1683645d5184bfa6207b328 Mon Sep 17 00:00:00 2001
From: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>
Date: Thu, 18 Aug 2022 12:16:41 -0300
Subject: [PATCH 2/3] gitlab: Always create groups using lowercase names

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>
---
 gitlab/gitlaber.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/gitlab/gitlaber.go b/gitlab/gitlaber.go
index a5c4db0..7571ebb 100644
--- a/gitlab/gitlaber.go
+++ b/gitlab/gitlaber.go
@@ -8,6 +8,7 @@ package gitlab
 import (
 	"fmt"
 	"net/url"
+	"strings"
 
 	"github.com/xanzy/go-gitlab"
 )
@@ -45,13 +46,16 @@ func (glc *gitlabClient) GetUsers(email string) ([]*gitlab.User, error) {
 }
 
 func (glc *gitlabClient) GetGroup(path string) (*gitlab.Group, error) {
+	// GetGroup is already case insensitive
 	grp, _, err := glc.client.Groups.GetGroup(url.PathEscape(path))
 	return grp, err
 }
 
 func (glc *gitlabClient) CreateGroup(path string) (*gitlab.Group, error) {
 	safepath := url.PathEscape(path)
-	grp, _, err := glc.client.Groups.CreateGroup(&gitlab.CreateGroupOptions{Name: &safepath, Path: &safepath})
+	// let's always create groups using lowercase names
+	grp_name := strings.ToLower(safepath)
+	grp, _, err := glc.client.Groups.CreateGroup(&gitlab.CreateGroupOptions{Name: &grp_name, Path: &safepath})
 	return grp, err
 }
 
-- 
GitLab


From e8ea0da104c049acd7464e4a327d25a7a8b2e450 Mon Sep 17 00:00:00 2001
From: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>
Date: Thu, 18 Aug 2022 12:16:54 -0300
Subject: [PATCH 3/3] obs: Always create groups using lowercase names

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>
---
 obs/obser.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/obs/obser.go b/obs/obser.go
index 6d4cce1..e5246be 100644
--- a/obs/obser.go
+++ b/obs/obser.go
@@ -59,11 +59,13 @@ func (oc *obsClient) GetUser(email string) (*obs.User, error) {
 }
 
 func (oc *obsClient) GetGroup(name string) (*obs.Group, error) {
+	// GetGroup is already case insensitive
 	return oc.client.GetGroup(name)
 }
 
 func (oc *obsClient) CreateGroup(name string) error {
-	return oc.client.NewGroup(name)
+	// let's always create groups using lowercase names
+	return oc.client.NewGroup(strings.ToLower(name))
 }
 
 func (oc *obsClient) AddGroupMember(gid, uid string) error {
-- 
GitLab