*
     * @param form the form containing duplicate host data
     * @param username the current username
     * @param currentTime the current timestamp
     * @return optional duplicate host entity
     */
    public static OptionalEntity<DuplicateHost> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE:

    }

    private String maskUsername(String username) {
        if (!maskSensitiveData || username == null) {
            return username;
        }

        // Show first and last character only
        if (username.length() <= 2) {
            return "***";
        }

        return username.charAt(0) + "***" + username.charAt(username.length() - 1);
    }

	conn, err := l.LDAP.Connect()
	if err != nil {
		return nil, err
	}
	defer conn.Close()

	// Bind to the lookup user account
	if err = l.LDAP.LookupBind(conn); err != nil {
		return nil, err
	}

	// Check if the passed in username is a valid DN.
	if !l.ParsesAsDN(username) {
		// We consider it as a login username and attempt to check it exists in
		// the directory.

    assertThat(parse("http://username:@host/path"))
      .isEqualTo(parse("http://username@host/path"))
  }

  @Test
  fun passwordWithEmptyUsername() {
    // Chrome doesn't mind, but Firefox rejects URLs with empty usernames and non-empty passwords.
    assertThat(parse("http://:@host/path"))
      .isEqualTo(parse("http://host/path"))
    assertThat(parse("http://:password@@host/path").encodedPassword)

 * Side Public License, v 1.
 */

import org.elasticsearch.gradle.testclusters.StandaloneRestIntegTestTask

def clusterCredentials = [
        username: providers.systemProperty('tests.rest.cluster.username')
                .forUseAtConfigurationTime()
                .getOrElse('test_admin'),
        password: providers.systemProperty('tests.rest.cluster.password')

To upgrade, refer to this documentation _For core Kubernetes:_ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster 

### Detection

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact ******@****.***

#### Additional Details

app = FastAPI()

oid = OpenIdConnect(openIdConnectUrl="/openid", auto_error=False)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str | None = Security(oid)):
    if oauth_header is None:
        return None
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User | None = Depends(get_current_user)):

        TermQueryBuilder builder = regTermQ("username", username);
        if (opLambda != null) {
            opLambda.callback(builder);
        }
    }

    public void setUsername_NotEqual(String username) {
        setUsername_NotTerm(username, null);
    }

    public void setUsername_NotTerm(String username) {
        setUsername_NotTerm(username, null);

     *
     * @param form the create form
     * @param username the current username
     * @param currentTime the current time
     * @return optional key match entity
     */
    public static OptionalEntity<KeyMatch> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE:

So, let's review it from that simplified point of view:

* The user types the `username` and `password` in the frontend, and hits `Enter`.
* The frontend (running in the user's browser) sends that `username` and `password` to a specific URL in our API (declared with `tokenUrl="token"`).
* The API checks that `username` and `password`, and responds with a "token" (we haven't implemented any of this yet).