Skip to content

fix(registry): preserve username case for ECR compatibility#4647

Merged
Siumauricio merged 1 commit into
Dokploy:canaryfrom
rafaumeu:fix/ecr-username-case
Jun 30, 2026
Merged

fix(registry): preserve username case for ECR compatibility#4647
Siumauricio merged 1 commit into
Dokploy:canaryfrom
rafaumeu:fix/ecr-username-case

Conversation

@rafaumeu

Copy link
Copy Markdown
Contributor

Problem

Closes #4632

The registry username schema applied a .toLowerCase() transform, which breaks AWS ECR authentication. ECR requires the username to be exactly AWS (uppercase). With the current code, AWS becomes aws and authentication fails.

Solution

Removed the .toLowerCase() transform from registryUsernameSchema. The schema now only trims whitespace and validates non-empty.

This is safe because:

  • AWS ECR requires AWS (uppercase) — now preserved
  • Docker Hub usernames are case-insensitive for login
  • Self-hosted registries typically accept case as-is

Testing

Added 6 unit tests in __test__/registry/registry-schema.test.ts:

  • Preserves uppercase (AWS ECR case)
  • Preserves mixed-case
  • Trims whitespace
  • Rejects empty username
  • Preserves case in apiTestRegistry too
  • Accepts lowercase (backward compat)

…4632)

Remove .toLowerCase() transform from registryUsernameSchema.
AWS ECR requires the username to be exactly 'AWS' (uppercase) for
authentication. Docker Hub usernames are case-insensitive for login,
so preserving case is safe for all providers.

Closes Dokploy#4632
@rafaumeu rafaumeu requested a review from Siumauricio as a code owner June 16, 2026 18:39
@dosubot dosubot Bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Jun 16, 2026
@Siumauricio Siumauricio merged commit ec9dd28 into Dokploy:canary Jun 30, 2026
4 checks passed
github-actions Bot pushed a commit to Bl4ckBl1zZ/dokploy that referenced this pull request Jul 13, 2026
# [0.37.0](v0.36.2...v0.37.0) (2026-07-13)

### Bug Fixes

* add docker cleanup toggle to remote server creation ([Dokploy#4559](https://github.com/Bl4ckBl1zZ/dokploy/issues/4559)) ([e6fc3db](e6fc3db))
* add method="post" to auth forms to prevent credential leak in URL ([Dokploy#4683](https://github.com/Bl4ckBl1zZ/dokploy/issues/4683)) ([8b64815](8b64815))
* add tls=true label for domains when certificateType is none ([Dokploy#4018](https://github.com/Bl4ckBl1zZ/dokploy/issues/4018)) ([Dokploy#4474](https://github.com/Bl4ckBl1zZ/dokploy/issues/4474)) ([103e2f7](103e2f7))
* add type="button" to TooltipTrigger in form components to prevent accidental submission ([Dokploy#4422](https://github.com/Bl4ckBl1zZ/dokploy/issues/4422)) ([f6e6e5c](f6e6e5c))
* **ai:** allow configFiles to be null in template generator Details type ([Dokploy#4736](https://github.com/Bl4ckBl1zZ/dokploy/issues/4736)) ([38de9ef](38de9ef))
* **ai:** allow Ollama Cloud API key in AI settings ([Dokploy#4262](https://github.com/Bl4ckBl1zZ/dokploy/issues/4262)) ([ca2708a](ca2708a))
* **ai:** use nullable instead of optional for configFiles in AI suggestion schema ([Dokploy#4732](https://github.com/Bl4ckBl1zZ/dokploy/issues/4732)) ([3e11c0a](3e11c0a)), closes [Dokploy#4267](https://github.com/Bl4ckBl1zZ/dokploy/issues/4267)
* allow members with git providers permission to create and delete their own ([Dokploy#4713](https://github.com/Bl4ckBl1zZ/dokploy/issues/4713)) ([aa72091](aa72091)), closes [Dokploy#4695](https://github.com/Bl4ckBl1zZ/dokploy/issues/4695)
* allow square brackets in zip path validation for Next.js dynamic routes ([Dokploy#4468](https://github.com/Bl4ckBl1zZ/dokploy/issues/4468)) ([af8072d](af8072d))
* automatically converting username to lowercase both in creation of register, and build for extra. ([Dokploy#4382](https://github.com/Bl4ckBl1zZ/dokploy/issues/4382)) ([6e342ee](6e342ee))
* **backup:** redact S3 credentials from logs and error output ([Dokploy#4648](https://github.com/Bl4ckBl1zZ/dokploy/issues/4648)) ([f8a3561](f8a3561)), closes [Dokploy#4621](https://github.com/Bl4ckBl1zZ/dokploy/issues/4621) [Dokploy#4621](https://github.com/Bl4ckBl1zZ/dokploy/issues/4621)
* copy Dokploy server IP when clicking server badge ([Dokploy#4390](https://github.com/Bl4ckBl1zZ/dokploy/issues/4390)) ([8d88a34](8d88a34))
* correct deriveCookieSecret test to validate 16-byte hex secret as per oauth2-proxy requirements ([dfbae18](dfbae18))
* correct git provider access check for existing deploys ([Dokploy#4570](https://github.com/Bl4ckBl1zZ/dokploy/issues/4570)) ([e9a0932](e9a0932)), closes [Dokploy#4469](https://github.com/Bl4ckBl1zZ/dokploy/issues/4469)
* **databases:** resolve crash when opening rebuild database dialog ([4e3a6db](4e3a6db))
* **databases:** update default Redis version from 7 to 8 ([Dokploy#4224](https://github.com/Bl4ckBl1zZ/dokploy/issues/4224)) ([475a01c](475a01c)), closes [Dokploy#4172](https://github.com/Bl4ckBl1zZ/dokploy/issues/4172)
* **deployment:** resolve schedule to its service before permission check in allByType ([Dokploy#4733](https://github.com/Bl4ckBl1zZ/dokploy/issues/4733)) ([8a0e442](8a0e442))
* **domain:** validate hostname format to reject invalid characters ([Dokploy#4729](https://github.com/Bl4ckBl1zZ/dokploy/issues/4729)) ([b2692cd](b2692cd)), closes [Dokploy#4716](https://github.com/Bl4ckBl1zZ/dokploy/issues/4716)
* don't let ssh-keyscan abort SSH git clones ([Dokploy#4605](https://github.com/Bl4ckBl1zZ/dokploy/issues/4605)) ([8d44c6a](8d44c6a))
* enable comment toggle shortcut in env variable editor ([Dokploy#4402](https://github.com/Bl4ckBl1zZ/dokploy/issues/4402)) ([Dokploy#4473](https://github.com/Bl4ckBl1zZ/dokploy/issues/4473)) ([34d38cf](34d38cf))
* enforce docker:read on container start/stop/kill/restart mutations ([Dokploy#4568](https://github.com/Bl4ckBl1zZ/dokploy/issues/4568)) ([a0288f8](a0288f8))
* grant create and delete SSH key permissions when canAccessToSSHKeys is enabled for members ([Dokploy#4512](https://github.com/Bl4ckBl1zZ/dokploy/issues/4512)) ([4ba0f71](4ba0f71))
* **migrate-auth-secret:** exit cleanly when there are no 2FA records ([9f10f0f](9f10f0f)), closes [Dokploy#4392](https://github.com/Bl4ckBl1zZ/dokploy/issues/4392)
* preserve HOME in compose deploy so --with-registry-auth can read docker config ([Dokploy#4485](https://github.com/Bl4ckBl1zZ/dokploy/issues/4485)) ([85211af](85211af)), closes [Dokploy#4401](https://github.com/Bl4ckBl1zZ/dokploy/issues/4401)
* prevent registry password from appearing in error messages and shell commands ([Dokploy#4579](https://github.com/Bl4ckBl1zZ/dokploy/issues/4579)) ([1f4f940](1f4f940))
* prevent request path truncation in request logs ([Dokploy#4643](https://github.com/Bl4ckBl1zZ/dokploy/issues/4643)) ([1bf661b](1bf661b)), closes [Dokploy#4642](https://github.com/Bl4ckBl1zZ/dokploy/issues/4642)
* prevent webhook deploy crash when commit data lacks modified files ([Dokploy#4470](https://github.com/Bl4ckBl1zZ/dokploy/issues/4470)) ([b06138b](b06138b))
* **projects:** make project cards grid fill available width on wide screens ([Dokploy#4731](https://github.com/Bl4ckBl1zZ/dokploy/issues/4731)) ([b96c5e8](b96c5e8))
* refine permission check for privileged static roles in permission service ([95633b4](95633b4))
* **registry:** preserve username case for ECR compatibility ([Dokploy#4632](https://github.com/Bl4ckBl1zZ/dokploy/issues/4632)) ([Dokploy#4647](https://github.com/Bl4ckBl1zZ/dokploy/issues/4647)) ([ec9dd28](ec9dd28))
* **requests:** remove nested ResponsiveContainer breaking chart height ([c9ac723](c9ac723))
* resolve server from parent entity in deployment.readLogs ([Dokploy#4689](https://github.com/Bl4ckBl1zZ/dokploy/issues/4689)) ([b4e2d27](b4e2d27)), closes [Dokploy#4687](https://github.com/Bl4ckBl1zZ/dokploy/issues/4687)
* resolve traefik container dynamically in access-log cleanup ([Dokploy#4646](https://github.com/Bl4ckBl1zZ/dokploy/issues/4646)) ([d87229c](d87229c)), closes [Dokploy#4620](https://github.com/Bl4ckBl1zZ/dokploy/issues/4620)
* respect gitProviders permissions in git provider UI ([Dokploy#4561](https://github.com/Bl4ckBl1zZ/dokploy/issues/4561)) ([c377be0](c377be0))
* responsive layout ([Dokploy#4391](https://github.com/Bl4ckBl1zZ/dokploy/issues/4391)) ([ef0cf9b](ef0cf9b))
* scope dokploy-server schedules to organization instead of user ([Dokploy#4526](https://github.com/Bl4ckBl1zZ/dokploy/issues/4526)) ([c73632c](c73632c)), closes [Dokploy#4300](https://github.com/Bl4ckBl1zZ/dokploy/issues/4300)
* scope dokploy-server schedules to organization instead of user ([Dokploy#4526](https://github.com/Bl4ckBl1zZ/dokploy/issues/4526)) ([6ff2ca0](6ff2ca0)), closes [Dokploy#4300](https://github.com/Bl4ckBl1zZ/dokploy/issues/4300)
* **server-setup:** report the installed Docker version in the setup banner ([Dokploy#4723](https://github.com/Bl4ckBl1zZ/dokploy/issues/4723)) ([db0cb66](db0cb66))
* **sso:** apply trusted origin changes without server restart ([b3621bc](b3621bc))
* strip credentials from gitProvider.getAll API response ([Dokploy#4569](https://github.com/Bl4ckBl1zZ/dokploy/issues/4569)) ([6b68fca](6b68fca))
* strip credentials from service-level API responses ([Dokploy#4564](https://github.com/Bl4ckBl1zZ/dokploy/issues/4564)) ([c968a27](c968a27))
* swarm health check fields not resetting to default values ([Dokploy#4558](https://github.com/Bl4ckBl1zZ/dokploy/issues/4558)) ([57ef96a](57ef96a)), closes [Dokploy#4553](https://github.com/Bl4ckBl1zZ/dokploy/issues/4553)
* **tag-filter:** update no tags message and improve layout ([8c90040](8c90040))
* **ui:** adjust button container to grid layout to prevent overflow in 2FA screen ([01ac309](01ac309))
* **ui:** enable vertical scroll on collapsed sidebar ([a296407](a296407))
* **ui:** improve select component behavior and styling across various providers ([8db1250](8db1250))
* **ui:** prevent scrollbar layout shift ([71bbbb4](71bbbb4))
* **ui:** resolve CommandDialog crash on ⌘J shortcut ([17fdd64](17fdd64))
* **ui:** update project name display in environment page ([d7b9f01](d7b9f01))
* update deriveCookieSecret to meet oauth2-proxy requirements ([c1c887d](c1c887d))
* update schedule scoping from user to organization ([6a0acd9](6a0acd9))
* use create permission for basic auth delete instead of delete ([Dokploy#4513](https://github.com/Bl4ckBl1zZ/dokploy/issues/4513)) ([d7d6422](d7d6422))
* use github owner login for webhook deploy matching ([Dokploy#4674](https://github.com/Bl4ckBl1zZ/dokploy/issues/4674)) ([f5ded8b](f5ded8b))
* use stop-first update order for all database services ([Dokploy#4560](https://github.com/Bl4ckBl1zZ/dokploy/issues/4560)) ([e944603](e944603)), closes [Dokploy#4550](https://github.com/Bl4ckBl1zZ/dokploy/issues/4550)
* use swarm advertise address in docker swarm join command ([Dokploy#4567](https://github.com/Bl4ckBl1zZ/dokploy/issues/4567)) ([4900204](4900204))
* **user:** scope user.get relation columns to reduce SSR payload size ([Dokploy#4730](https://github.com/Bl4ckBl1zZ/dokploy/issues/4730)) ([3e74f9a](3e74f9a))
* **validation:** allow hashtag in git branch names ([Dokploy#4714](https://github.com/Bl4ckBl1zZ/dokploy/issues/4714)) ([6431e9b](6431e9b)), closes [feat#123](https://github.com/feat/issues/123) [feat#123](https://github.com/feat/issues/123) [Dokploy#4585](https://github.com/Bl4ckBl1zZ/dokploy/issues/4585)
* wrap long server names and keep actions menu visible ([Dokploy#4434](https://github.com/Bl4ckBl1zZ/dokploy/issues/4434)) ([ad680ae](ad680ae))

### Features

* add claim mapping functionality to OIDC registration dialog ([Dokploy#4712](https://github.com/Bl4ckBl1zZ/dokploy/issues/4712)) ([c2a9587](c2a9587))
* add self-hosted enterprise restrictions (remote-servers-only, enforce-sso) ([Dokploy#4511](https://github.com/Bl4ckBl1zZ/dokploy/issues/4511)) ([8018027](8018027))
* add SQL migration for lucky echo and update foreign key constraints ([aa545ec](aa545ec))
* **ci:** attach install.sh from website repo to each release ([d3e0b10](d3e0b10))
* **ci:** pin install.sh release asset to the released version ([9749d86](9749d86))
* **compose:** add import from base64 in create service dropdown ([754774e](754774e))
* **databases:** add copy button to User and Database Name fields ([Dokploy#4735](https://github.com/Bl4ckBl1zZ/dokploy/issues/4735)) ([cb23d72](cb23d72)), closes [Dokploy#4495](https://github.com/Bl4ckBl1zZ/dokploy/issues/4495)
* **deployment:** add readLogs procedure to fetch deployment logs ([558d809](558d809))
* **deployment:** add server access validation for deployment actions ([aff200f](aff200f))
* encrypt environment variables at rest with AES-256-GCM ([1cb9491](1cb9491))
* enhance container dashboard with new features ([1c44141](1c44141))
* enhance TLS certificate selection UI in AddDomain component ([Dokploy#4705](https://github.com/Bl4ckBl1zZ/dokploy/issues/4705)) ([ed0abb2](ed0abb2))
* export full keyring in backup encryption key file ([c04d56b](c04d56b))
* implement forward authentication settings and UI components ([41c09cd](41c09cd))
* make concurrent builds an OSS feature without license gating ([8d0ae19](8d0ae19))
* optionally include encryption key in web server backups ([2e867c5](2e867c5))
* **organization:** prevent inviting users with owner role ([67278d8](67278d8))
* **scim:** implement SCIM 2.0 user provisioning support ([d831607](d831607))
* **settings:** add copy button to server IP in web server settings ([Dokploy#4397](https://github.com/Bl4ckBl1zZ/dokploy/issues/4397)) ([a50f958](a50f958))
* **sidebar:** add enterprise badge for valid license in sidebar ([86f941d](86f941d))
* **user:** implement session cleanup on user update ([1fdbe87](1fdbe87))
* **whitelabeling:** implement public whitelabeling configuration retrieval ([8f9be16](8f9be16))

### Performance Improvements

* share db, docker and auth singletons across duplicated bundles ([7924794](7924794))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

AWS ECR authentication fails because registry usernames are forcibly lowercased

2 participants