From c3847e6001fb286732d94aae7d21534b1a6d9747 Mon Sep 17 00:00:00 2001 From: Owen Date: Wed, 25 Feb 2026 15:36:22 -0800 Subject: [PATCH] Prefix usernames --- server/private/routers/ssh/signSshKey.ts | 26 +++++++++++++----------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/server/private/routers/ssh/signSshKey.ts b/server/private/routers/ssh/signSshKey.ts index aa556228..501b29bd 100644 --- a/server/private/routers/ssh/signSshKey.ts +++ b/server/private/routers/ssh/signSshKey.ts @@ -176,7 +176,7 @@ export async function signSshKey( } else if (req.user?.username) { usernameToUse = req.user.username; // We need to clean out any spaces or special characters from the username to ensure it's valid for SSH certificates - usernameToUse = usernameToUse.replace(/[^a-zA-Z0-9_-]/g, ""); + usernameToUse = usernameToUse.replace(/[^a-zA-Z0-9_-]/g, "-"); if (!usernameToUse) { return next( createHttpError( @@ -185,17 +185,6 @@ export async function signSshKey( ) ); } - - // save it to the database for future use so we dont have to keep doing this - await db - .update(userOrgs) - .set({ pamUsername: usernameToUse }) - .where( - and( - eq(userOrgs.orgId, orgId), - eq(userOrgs.userId, userId) - ) - ); } else { return next( createHttpError( @@ -205,6 +194,9 @@ export async function signSshKey( ); } + // prefix with p- + usernameToUse = `p-${usernameToUse}`; + // check if we have a existing user in this org with the same const [existingUserWithSameName] = await db .select() @@ -250,6 +242,16 @@ export async function signSshKey( ); } } + + await db + .update(userOrgs) + .set({ pamUsername: usernameToUse }) + .where( + and( + eq(userOrgs.orgId, orgId), + eq(userOrgs.userId, userId) + ) + ); } else { usernameToUse = userOrg.pamUsername; }