Make getting a user by the username case insensitive

app/controllers/autocomplete_controller.rb

@@ -20,7 +20,7 @@ class AutocompleteController < ApplicationController
   end
   def user
-    user = UserFinder.new(params).execute!
+    user = UserFinder.new(params[:id]).find_by_id!
     render json: UserSerializer.new.represent(user)
   end

app/controllers/profiles/keys_controller.rb

@@ -38,7 +38,7 @@ class Profiles::KeysController < Profiles::ApplicationController
   def get_keys
     if params[:username].present?
       begin
-        user = User.find_by_username(params[:username])
+        user = UserFinder.new(params[:username]).find_by_username
         if user.present?
           render text: user.all_ssh_keys.join("\n"), content_type: "text/plain"
         else

app/controllers/snippets_controller.rb

@@ -26,12 +26,9 @@ class SnippetsController < ApplicationController
   layout 'snippets'
   respond_to :html
-  # rubocop: disable CodeReuse/ActiveRecord
   def index
     if params[:username].present?
-      @user = User.find_by(username: params[:username])
-
-      return render_404 unless @user
+      @user = UserFinder.new(params[:username]).find_by_username!
       @snippets = SnippetsFinder.new(current_user, author: @user, scope: params[:scope])
         .execute.page(params[:page])
@@ -41,7 +38,6 @@ class SnippetsController < ApplicationController
       redirect_to(current_user ? dashboard_snippets_path : explore_snippets_path)
     end
   end
-  # rubocop: enable CodeReuse/ActiveRecord
   def new
     @snippet = PersonalSnippet.new

app/finders/issuable_finder.rb

@@ -256,7 +256,7 @@ class IssuableFinder
       if assignee_id?
         User.find_by(id: params[:assignee_id])
       elsif assignee_username?
-        User.find_by(username: params[:assignee_username])
+        User.find_by_username(params[:assignee_username])
       else
         nil
       end
@@ -284,7 +284,7 @@ class IssuableFinder
       if author_id?
         User.find_by(id: params[:author_id])
       elsif author_username?
-        User.find_by(username: params[:author_username])
+        User.find_by_username(params[:author_username])
       else
         nil
       end

app/finders/user_finder.rb

@@ -7,22 +7,52 @@
 # times we may want to exclude blocked user. By using this finder (and extending
 # it whenever necessary) we can keep this logic in one place.
 class UserFinder
-  attr_reader :params
-  def initialize(params)
-    @params = params
+  def initialize(username_or_id)
+    @username_or_id = username_or_id
+  end
+
+  # Tries to find a User by id, returning nil if none could be found.
+  def find_by_id
+    User.find_by_id(@username_or_id)
+  end
+  # Tries to find a User by id, raising a `ActiveRecord::RecordNotFound` if it could
+  # not be found.
+  def find_by_id!
+    User.find(@username_or_id)
   end
-  # Tries to find a User, returning nil if none could be found.
-  # rubocop: disable CodeReuse/ActiveRecord
-  def execute
-    User.find_by(id: params[:id])
+  # Tries to find a User by username, returning nil if none could be found.
+  def find_by_username
+    User.find_by_username(@username_or_id)
   end
-  # rubocop: enable CodeReuse/ActiveRecord
-  # Tries to find a User, raising a `ActiveRecord::RecordNotFound` if it could
+  # Tries to find a User by username, raising a `ActiveRecord::RecordNotFound` if it could
   # not be found.
-  def execute!
-    User.find(params[:id])
+  def find_by_username!
+    User.find_by_username!(@username_or_id)
+  end
+
+  # Tries to find a User by username or id, returning nil if none could be found.
+  def find_by_id_or_username
+    if input_is_id?
+      find_by_id
+    else
+      find_by_username
+    end
+  end
+
+  # Tries to find a User by username or id, raising a `ActiveRecord::RecordNotFound` if it could
+  # not be found.
+  def find_by_id_or_username!
+    if input_is_id?
+      find_by_id!
+    else
+      find_by_username!
+    end
+  end
+
+  def input_is_id?
+    @username_or_id.is_a?(Numeric) || @username_or_id =~ /^\d+$/
   end
 end

app/finders/users_finder.rb

@@ -43,13 +43,11 @@ class UsersFinder
   private
-  # rubocop: disable CodeReuse/ActiveRecord
   def by_username(users)
     return users unless params[:username]
-    users.where(username: params[:username])
+    users.by_username(params[:username])
   end
-  # rubocop: enable CodeReuse/ActiveRecord
   def by_search(users)
     return users unless params[:search].present?

app/models/user.rb

@@ -264,7 +264,7 @@ class User < ActiveRecord::Base
   scope :order_recent_sign_in, -> { reorder(Gitlab::Database.nulls_last_order('current_sign_in_at', 'DESC')) }
   scope :order_oldest_sign_in, -> { reorder(Gitlab::Database.nulls_last_order('current_sign_in_at', 'ASC')) }
   scope :confirmed, -> { where.not(confirmed_at: nil) }
-  scope :by_username, -> (usernames) { iwhere(username: usernames) }
+  scope :by_username, -> (usernames) { iwhere(username: Array(usernames).map(&:to_s)) }
   scope :for_todos, -> (todos) { where(id: todos.select(:user_id)) }
   # Limits the users to those that have TODOs, optionally in the given state.

bin/profile-url

@@ -48,7 +48,7 @@ require File.expand_path('../config/environment', File.dirname(__FILE__))
 result = Gitlab::Profiler.profile(options[:url],
                                   logger: Logger.new(options[:sql_output]),
                                   post_data: options[:post_data],
-                                  user: User.find_by_username(options[:username]),
+                                  user: UserFinder.new(options[:username]).find_by_username,
                                   private_token: ENV['PRIVATE_TOKEN'])
 printer = RubyProf::CallStackPrinter.new(result)

changelogs/unreleased/38304-username-API-call-case-sensitive.yml

+---
+title: "Use case insensitve username lookups"
+merge_request: 21728
+author: William George
+type: fixed
\ No newline at end of file

doc/api/README.md

@@ -233,7 +233,10 @@ provided you are authenticated as an administrator with an OAuth or Personal Acc
 You need to pass the `sudo` parameter either via query string or a header with an ID/username of
 the user you want to perform the operation as. If passed as a header, the
-header name must be `Sudo`.
+header name must be `Sudo`. 
+
+NOTE: **Note:**
+Usernames are case insensitive.
 If a non administrative access token is provided, an error message will
 be returned with status code `403`:

doc/api/users.md

@@ -59,6 +59,9 @@ GET /users?active=true
 GET /users?blocked=true
 ```
+NOTE: **Note:**
+Username search is case insensitive.
+
 ### For admins
 ```

lib/api/features.rb

@@ -20,7 +20,7 @@ module API
       def gate_targets(params)
         targets = []
         targets << Feature.group(params[:feature_group]) if params[:feature_group]
-        targets << User.find_by_username(params[:user]) if params[:user]
+        targets << UserFinder.new(params[:user]).find_by_username if params[:user]
         targets
       end

lib/api/helpers.rb

@@ -96,15 +96,9 @@ module API
       LabelsFinder.new(current_user, search_params).execute
     end
-    # rubocop: disable CodeReuse/ActiveRecord
     def find_user(id)
-      if id =~ /^\d+$/
-        User.find_by(id: id)
-      else
-        User.find_by(username: id)
-      end
+      UserFinder.new(id).find_by_id_or_username
     end
-    # rubocop: enable CodeReuse/ActiveRecord
     # rubocop: disable CodeReuse/ActiveRecord
     def find_project(id)

lib/api/internal.rb

@@ -40,7 +40,7 @@ module API
           elsif params[:user_id]
             User.find_by(id: params[:user_id])
           elsif params[:username]
-            User.find_by_username(params[:username])
+            UserFinder.new(params[:username]).find_by_username
           end
         protocol = params[:protocol]
@@ -154,7 +154,7 @@ module API
         elsif params[:user_id]
           user = User.find_by(id: params[:user_id])
         elsif params[:username]
-          user = User.find_by(username: params[:username])
+          user = UserFinder.new(params[:username]).find_by_username
         end
         present user, with: Entities::UserSafe

lib/api/users.rb

@@ -155,7 +155,6 @@ module API
         requires :username, type: String, desc: 'The username of the user'
         use :optional_attributes
       end
-      # rubocop: disable CodeReuse/ActiveRecord
       post do
         authenticated_as_admin!
@@ -166,17 +165,16 @@ module API
           present user, with: Entities::UserPublic, current_user: current_user
         else
           conflict!('Email has already been taken') if User
-              .where(email: user.email)
-              .count > 0
+            .by_any_email(user.email.downcase)
+            .any?
           conflict!('Username has already been taken') if User
-              .where(username: user.username)
-              .count > 0
+            .by_username(user.username)
+            .any?
           render_validation_error!(user)
         end
       end
-      # rubocop: enable CodeReuse/ActiveRecord
       desc 'Update a user. Available only for admins.' do
         success Entities::UserPublic
@@ -198,11 +196,11 @@ module API
         not_found!('User') unless user
         conflict!('Email has already been taken') if params[:email] &&
-            User.where(email: params[:email])
+            User.by_any_email(params[:email].downcase)
                 .where.not(id: user.id).count > 0
         conflict!('Username has already been taken') if params[:username] &&
-            User.where(username: params[:username])
+            User.by_username(params[:username])
                 .where.not(id: user.id).count > 0
         user_params = declared_params(include_missing: false)

lib/gitlab/google_code_import/importer.rb

@@ -102,7 +102,7 @@ module Gitlab
             if username.start_with?("@")
               username = username[1..-1]
-              if user = User.find_by(username: username)
+              if user = UserFinder.new(username).find_by_username
                 assignee_id = user.id
               end
             end

lib/gitlab/metrics/influx_db.rb

@@ -86,7 +86,7 @@ module Gitlab
         # Example:
         #
         #     Gitlab::Metrics.measure(:find_by_username_duration) do
-        #       User.find_by_username(some_username)
+        #       UserFinder.new(some_username).find_by_username
         #     end
         #
         # name - The name of the field to store the execution time in.

lib/tasks/import.rake

@@ -9,7 +9,7 @@ class GithubImport
   def initialize(token, gitlab_username, project_path, extras)
     @options = { token: token }
     @project_path = project_path
-    @current_user = User.find_by(username: gitlab_username)
+    @current_user = UserFinder.new(gitlab_username).find_by_username
     raise "GitLab user #{gitlab_username} not found. Please specify a valid username." unless @current_user

spec/finders/user_finder_spec.rb

@@ -3,40 +3,176 @@
 require 'spec_helper'
 describe UserFinder do
-  describe '#execute' do
+  set(:user) { create(:user) }
+
+  describe '#find_by_id' do
+    context 'when the user exists' do
+      it 'returns the user' do
+        found = described_class.new(user.id).find_by_id
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user exists (id as string)' do
+      it 'returns the user' do
+        found = described_class.new(user.id.to_s).find_by_id
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user does not exist' do
+      it 'returns nil' do
+        found = described_class.new(1).find_by_id
+
+        expect(found).to be_nil
+      end
+    end
+  end
+
+  describe '#find_by_username' do
     context 'when the user exists' do
       it 'returns the user' do
-        user = create(:user)
-        found = described_class.new(id: user.id).execute
+        found = described_class.new(user.username).find_by_username
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user does not exist' do
+      it 'returns nil' do
+        found = described_class.new("non_existent_username").find_by_username
+
+        expect(found).to be_nil
+      end
+    end
+  end
+
+  describe '#find_by_id_or_username' do
+    context 'when the user exists (id)' do
+      it 'returns the user' do
+        found = described_class.new(user.id).find_by_id_or_username
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user exists (id as string)' do
+      it 'returns the user' do
+        found = described_class.new(user.id.to_s).find_by_id_or_username
         expect(found).to eq(user)
       end
     end
+    context 'when the user exists (username)' do
+      it 'returns the user' do
+        found = described_class.new(user.username).find_by_id_or_username
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user does not exist (username)' do
+      it 'returns nil' do
+        found = described_class.new("non_existent_username").find_by_id_or_username
+
+        expect(found).to be_nil
+      end
+    end
+
     context 'when the user does not exist' do
       it 'returns nil' do
-        found = described_class.new(id: 1).execute
+        found = described_class.new(1).find_by_id_or_username
         expect(found).to be_nil
       end
     end
   end
-  describe '#execute!' do
+  describe '#find_by_id!' do
+    context 'when the user exists' do
+      it 'returns the user' do
+        found = described_class.new(user.id).find_by_id!
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user exists (id as string)' do
+      it 'returns the user' do
+        found = described_class.new(user.id.to_s).find_by_id!
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user does not exist' do
+      it 'raises ActiveRecord::RecordNotFound' do
+        finder = described_class.new(1)
+
+        expect { finder.find_by_id! }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+
+  describe '#find_by_username!' do
     context 'when the user exists' do
       it 'returns the user' do
-        user = create(:user)
-        found = described_class.new(id: user.id).execute!
+        found = described_class.new(user.username).find_by_username!
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user does not exist' do
+      it 'raises ActiveRecord::RecordNotFound' do
+        finder = described_class.new("non_existent_username")
+
+        expect { finder.find_by_username! }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+
+  describe '#find_by_id_or_username!' do
+    context 'when the user exists (id)' do
+      it 'returns the user' do
+        found = described_class.new(user.id).find_by_id_or_username!
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user exists (id as string)' do
+      it 'returns the user' do
+        found = described_class.new(user.id.to_s).find_by_id_or_username!
         expect(found).to eq(user)
       end
     end
+    context 'when the user exists (username)' do
+      it 'returns the user' do
+        found = described_class.new(user.username).find_by_id_or_username!
+
+        expect(found).to eq(user)
+      end
+    end
+
+    context 'when the user does not exist (username)' do
+      it 'raises ActiveRecord::RecordNotFound' do
+        finder = described_class.new("non_existent_username")
+
+        expect { finder.find_by_id_or_username! }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
     context 'when the user does not exist' do
       it 'raises ActiveRecord::RecordNotFound' do
-        finder = described_class.new(id: 1)
-        expect { finder.execute! }.to raise_error(ActiveRecord::RecordNotFound)
+        finder = described_class.new(1)
+        expect { finder.find_by_id_or_username! }.to raise_error(ActiveRecord::RecordNotFound)
       end
     end
   end

spec/finders/users_finder_spec.rb

@@ -22,6 +22,12 @@ describe UsersFinder do
         expect(users).to contain_exactly(user1)
       end
+      it 'filters by username (case insensitive)' do
+        users = described_class.new(user, username: 'joHNdoE').execute
+
+        expect(users).to contain_exactly(user1)
+      end
+
       it 'filters by search' do
         users = described_class.new(user, search: 'orando').execute