IAM | CreateUser, UpdateUser - UserName, NewUserName Check

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>

Author: shirady

src/api/account_api.js

@@ -676,6 +676,9 @@ module.exports = {
                     iam_path: {
                         type: 'string',
                     },
+                    username: {
+                        type: 'string',
+                    },
                 }
             },
            reply: {

src/sdk/accountspace_fs.js

@@ -794,15 +794,34 @@ class AccountSpaceFS {
     }
 
     async _check_username_already_exists(action, params, requesting_account) {
-        const owner_account_id = this._get_owner_account_argument(requesting_account, params);
+        const owner_account_id = this._get_owner_account_argument(requesting_account);
         const username = params.username;
-        const name_exists = await this.config_fs.is_account_exists_by_name(username, owner_account_id);
-        if (name_exists) {
-            dbg.error(`AccountSpaceFS.${action} username already exists`, username);
-            const message_with_details = `User with name ${username} already exists.`;
-            const { code, http_code, type } = IamError.EntityAlreadyExists;
-            throw new IamError({ code, message: message_with_details, http_code, type });
+        const file_name_exists = await this.config_fs.is_account_exists_by_name(username, owner_account_id);
+        if (file_name_exists) {
+            this._throw_error_if_account_already_exists(action, username);
+        }
+        const is_username_lowercase_exists_under_owner = await this._check_if_account_exists_under_the_owner(
+            requesting_account, username);
+        if (is_username_lowercase_exists_under_owner) {
+            this._throw_error_if_account_already_exists(action, username);
+        }
+    }
+
+    _throw_error_if_account_already_exists(action, username) {
+        dbg.error(`AccountSpaceFS.${action} username already exists`, username);
+        const message_with_details = `User with name ${username} already exists.`;
+        const { code, http_code, type } = IamError.EntityAlreadyExists;
+        throw new IamError({ code, message: message_with_details, http_code, type });
+    }
+
+    async _check_if_account_exists_under_the_owner(requesting_account, username) {
+        const members = await this._list_config_files_for_users(requesting_account, undefined);
+        for (const member of members) {
+            if (member.username.toLowerCase() === username.toLowerCase()) {
+                return true;
+            }
         }
+        return false;
     }
 
     async _copy_data_from_requesting_account_to_account_config(action, requesting_account, params) {

src/sdk/accountspace_nb.js

@@ -45,6 +45,7 @@ class AccountSpaceNB {
                 s3_access: true,
                 allow_bucket_creation: true,
                 owner: requesting_account._id.toString(),
+                username: params.username,
                 iam_path: params.iam_path,
                 roles: ['admin'],
                 // TODO: default_resource remove

src/server/system_services/account_server.js

@@ -37,14 +37,14 @@ const check_new_azure_connection_timeout = 20 * 1000;
  *
  */
 async function create_account(req) {
-    const action = IAM_ACTIONS.CREATE_USER;
     let iam_arn;
     if (req.rpc_params.owner) {
-        const user_name = account_util.get_iam_username(req.rpc_params.email.unwrap());
+        const action = IAM_ACTIONS.CREATE_USER;
         account_util._check_if_requesting_account_is_root_account(action, req.account,
-                { username: user_name, path: req.rpc_params.iam_path });
-        account_util._check_username_already_exists(action, req.rpc_params.email, user_name);
-        iam_arn = iam_utils.create_arn_for_user(req.account._id.toString(), user_name,
+                { username: req.rpc_params.username, path: req.rpc_params.iam_path });
+        account_util._check_username_already_exists(action, req.rpc_params.email,
+            req.rpc_params.username);
+        iam_arn = iam_utils.create_arn_for_user(req.account._id.toString(), req.rpc_params.username,
                                     req.rpc_params.iam_path || IAM_DEFAULT_PATH);
     } else {
         account_util.validate_create_account_permissions(req);
@@ -1234,8 +1234,14 @@ async function update_user(req) {
     let iam_path = requested_account.iam_path;
     let user_name = account_util.get_iam_username(requested_account.name.unwrap());
     // Change to complete user name
-    const new_username = account_util.get_account_name_from_username(req.rpc_params.new_username, requesting_account._id.toString());
-    account_util._check_username_already_exists(action, new_username, req.rpc_params.new_username);
+    const is_username_update = req.rpc_params.new_username !== undefined &&
+        req.rpc_params.new_username !== req.rpc_params.username;
+    if (is_username_update) {
+        const email_new_username_wrapped = account_util.get_account_name_from_username(
+            req.rpc_params.new_username,
+            requesting_account._id.toString());
+        account_util._check_username_already_exists(action, email_new_username_wrapped, req.rpc_params.new_username);
+    }
     account_util._check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account);
     account_util._check_if_requested_is_owned_by_root_account(action, requesting_account, requested_account);
     if (req.rpc_params.new_iam_path) iam_path = req.rpc_params.new_iam_path;