From 759e944729fbd869d84cd84fee884b423b1768a7 Mon Sep 17 00:00:00 2001
From: Andrew Dryga <a@firezone.dev>
Date: Tue, 1 Oct 2024 16:08:42 -0600
Subject: [PATCH] fix(portal): Change provider_identifier type to citext
 (#6901)

Closes #6872
---
 ...entities_provider_identifier_to_citext.exs | 11 +++++++++
 elixir/apps/domain/test/domain/auth_test.exs  | 23 +++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 elixir/apps/domain/priv/repo/migrations/20241001171626_change_auth_identities_provider_identifier_to_citext.exs

diff --git a/elixir/apps/domain/priv/repo/migrations/20241001171626_change_auth_identities_provider_identifier_to_citext.exs b/elixir/apps/domain/priv/repo/migrations/20241001171626_change_auth_identities_provider_identifier_to_citext.exs
new file mode 100644
index 000000000..f6d9f67ac
--- /dev/null
+++ b/elixir/apps/domain/priv/repo/migrations/20241001171626_change_auth_identities_provider_identifier_to_citext.exs
@@ -0,0 +1,11 @@
+defmodule Domain.Repo.Migrations.ChangeAuthIdentitiesProviderIdentifierToCitext do
+  use Ecto.Migration
+
+  def change do
+    execute("CREATE EXTENSION IF NOT EXISTS citext")
+
+    alter table(:auth_identities) do
+      modify(:provider_identifier, :citext)
+    end
+  end
+end
diff --git a/elixir/apps/domain/test/domain/auth_test.exs b/elixir/apps/domain/test/domain/auth_test.exs
index 002b820cd..94bd03af8 100644
--- a/elixir/apps/domain/test/domain/auth_test.exs
+++ b/elixir/apps/domain/test/domain/auth_test.exs
@@ -3069,6 +3069,29 @@ defmodule Domain.AuthTest do
       assert token.created_by_remote_ip.address == context.remote_ip
     end
 
+    test "provider identifier is not case sensitive", %{
+      account: account,
+      provider: provider,
+      user_agent: user_agent,
+      remote_ip: remote_ip
+    } do
+      nonce = "test_nonce_for_firezone"
+      context = %Auth.Context{type: :browser, user_agent: user_agent, remote_ip: remote_ip}
+
+      identity = Fixtures.Auth.create_identity(account: account, provider: provider)
+      {:ok, identity} = Domain.Auth.Adapters.Email.request_sign_in_token(identity, context)
+      secret = identity.provider_virtual_state.nonce <> identity.provider_virtual_state.fragment
+
+      assert {:ok, _token_identity, _fragment} =
+               sign_in(
+                 provider,
+                 String.upcase(identity.provider_identifier),
+                 nonce,
+                 secret,
+                 context
+               )
+    end
+
     test "allows using identity id", %{
       account: account,
       provider: provider,