From becc6a54fdf588b3e3b08d25bcd4e60ab5e797f0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 1 Dec 2023 15:39:24 -0700
Subject: [PATCH 1/3] compare lowercase formatted users in macOS

---
 .../Radius/Functions/Public/Distribute-UserCerts.ps1  | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index c2d698df3..bc5cddd52 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -116,7 +116,14 @@ currentUser=`$(/usr/bin/stat -f%Su /dev/console)
 currentUserUID=`$(id -u "`$currentUser")
 currentCertSN="$($certHash.serial)"
 networkSsid="$($NETWORKSSID)"
-if [[ `$currentUser ==  $($user.localUsername) ]]; then
+# store orig case match value
+orig_nocasematch=`$(shopt -p nocasematch; true)
+# set to case insenitive
+shopt -s nocasematch
+userCompare="$($user.localUsername)"
+if [[ "`$currentUser" ==  "`$userCompare" ]]; then
+    # restore case match type
+    `$orig_nocasematch
     certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
     regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
     regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
@@ -213,6 +220,8 @@ if [[ `$currentUser ==  $($user.localUsername) ]]; then
         rm "/tmp/$($user.userName)-client-signed.pfx"
     fi
 else
+    # restore case match type
+    `$orig_nocasematch
     echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
     # Finally clean up files
     if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then

From 3c3b307a4709573d35e02e14f638d5c15d39b8d9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 1 Dec 2023 15:50:43 -0700
Subject: [PATCH 2/3] changelog and certificate generation update

---
 scripts/automation/Radius/Changelog.md           | 16 ++++++++++++++++
 .../Functions/Public/Distribute-UserCerts.ps1    |  8 ++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index 102653a21..2560f009e 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,3 +1,19 @@
+## 1.0.7
+
+Release Date: December 1, 2023
+
+#### RELEASE NOTES
+
+```
+In macOS, it's possible for a user to define their username as `user1234` or `USER1234`. When JumpCloud takes of a user it'll perform a case insensive string comparison and take over the account that matches the username from JumpCloud.
+
+Commands executed by JumpCloud in macOS run as shell scripts `/bin/bash` by default, this shell does not perform case-insensitive string comparisons. This patch version of the Radius Certificate Utility addresses this limitation by explicitly changing the `bash` match patterns to be case-insensitive.
+```
+
+#### Bug Fixes:
+
+- Addressed a bug were users with differing casing (`user1234` vs `USER1234`) between the system and JumpCloud username
+
 ## 1.0.6
 
 Release Date: September 25, 2023
diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index bc5cddd52..1cd42ee19 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -117,13 +117,13 @@ currentUserUID=`$(id -u "`$currentUser")
 currentCertSN="$($certHash.serial)"
 networkSsid="$($NETWORKSSID)"
 # store orig case match value
-orig_nocasematch=`$(shopt -p nocasematch; true)
-# set to case insenitive
+caseMatchOrigValue=`$(shopt -p nocasematch; true)
+# set to case-insensitive
 shopt -s nocasematch
 userCompare="$($user.localUsername)"
 if [[ "`$currentUser" ==  "`$userCompare" ]]; then
     # restore case match type
-    `$orig_nocasematch
+    `$caseMatchOrigValue
     certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
     regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
     regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
@@ -221,7 +221,7 @@ if [[ "`$currentUser" ==  "`$userCompare" ]]; then
     fi
 else
     # restore case match type
-    `$orig_nocasematch
+    `$caseMatchOrigValue
     echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
     # Finally clean up files
     if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then

From 2169801c7a5edec827105efcecb2b97d58020cc2 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 1 Dec 2023 15:56:13 -0700
Subject: [PATCH 3/3] radius config version

---
 scripts/automation/Radius/Config.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index 6b4d943fc..a99a2aaaa 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -37,7 +37,7 @@ $CertType = "UsernameCn"
 # Do not modify below
 ################################################################################
 
-$UserAgent_ModuleVersion = '1.0.6'
+$UserAgent_ModuleVersion = '1.0.7'
 $UserAgent_ModuleName = 'PasswordlessRadiusConfig'
 #Build the UserAgent string
 $UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"