From 74f3c59f7096b5c31d5c218310b20775eb111d0f Mon Sep 17 00:00:00 2001
From: Karl Persson <kalle.persson@grafana.com>
Date: Fri, 21 Oct 2022 14:15:21 +0200
Subject: [PATCH] [v9.0.x] Login email before username (#57406)

* Add test for username/login field conflict

* Swap order of login fields

Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>

diff --git a/pkg/services/sqlstore/user.go b/pkg/services/sqlstore/user.go
index 9cd80da396..00e3ddc2df 100644
--- a/pkg/services/sqlstore/user.go
+++ b/pkg/services/sqlstore/user.go
@@ -170,20 +170,24 @@ func (ss *SQLStore) GetUserByLogin(ctx context.Context, query *models.GetUserByL
 			return models.ErrUserNotFound
 		}
 
-		// Try and find the user by login first.
-		// It's not sufficient to assume that a LoginOrEmail with an "@" is an email.
+		var has bool
+		var err error
 		user := &models.User{Login: query.LoginOrEmail}
-		has, err := sess.Where(notServiceAccountFilter(ss)).Get(user)
-
-		if err != nil {
-			return err
-		}
 
-		if !has && strings.Contains(query.LoginOrEmail, "@") {
-			// If the user wasn't found, and it contains an "@" fallback to finding the
-			// user by email.
+		// Since username can be an email address, attempt login with email address
+		// first if the login field has the "@" symbol.
+		if strings.Contains(query.LoginOrEmail, "@") {
 			user = &models.User{Email: query.LoginOrEmail}
 			has, err = sess.Get(user)
+
+			if err != nil {
+				return err
+			}
+		}
+
+		// Lookup the login field instead of email field
+		if !has {
+			has, err = sess.Where(notServiceAccountFilter(ss)).Get(user)
 		}
 
 		if err != nil {
diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go
index d3803fa0c9..da23a7cca9 100644
--- a/pkg/services/sqlstore/user_test.go
+++ b/pkg/services/sqlstore/user_test.go
@@ -51,6 +51,45 @@ func TestIntegrationUserDataAccess(t *testing.T) {
 		require.False(t, query.Result.IsDisabled)
 	})
 
+	t.Run("Get User by login - user_2 uses user_1.email as login", func(t *testing.T) {
+		ss = InitTestDB(t)
+
+		// create user_1
+		cmd := models.CreateUserCommand{
+			Email:      "user_1@mail.com",
+			Name:       "user_1",
+			Login:      "user_1",
+			Password:   "user_1_password",
+			IsDisabled: true,
+		}
+		user_1, err := ss.CreateUser(context.Background(), cmd)
+		require.Nil(t, err)
+
+		// create user_2
+		cmd = models.CreateUserCommand{
+			Email:      "user_2@mail.com",
+			Name:       "user_2",
+			Login:      "user_1@mail.com",
+			Password:   "user_2_password",
+			IsDisabled: true,
+		}
+		user_2, err := ss.CreateUser(context.Background(), cmd)
+		require.Nil(t, err)
+
+		// query user database for user_1 email
+		query := models.GetUserByLoginQuery{LoginOrEmail: "user_1@mail.com"}
+		err = ss.GetUserByLogin(context.Background(), &query)
+		require.Nil(t, err)
+
+		// expect user_1 as result
+		require.Equal(t, user_1.Email, query.Result.Email)
+		require.Equal(t, user_1.Login, query.Result.Login)
+		require.Equal(t, user_1.Name, query.Result.Name)
+		require.NotEqual(t, user_2.Email, query.Result.Email)
+		require.NotEqual(t, user_2.Login, query.Result.Login)
+		require.NotEqual(t, user_2.Name, query.Result.Name)
+	})
+
 	t.Run("Testing DB - creates and loads disabled user", func(t *testing.T) {
 		ss = InitTestDB(t)
 		cmd := models.CreateUserCommand{