Ticket #616 (closed Bug report: fixed)

Opened 10 years ago

Last modified 10 years ago

Username and Emails case sensitive... sometimes OR add the possibility to have case-insensitive networks

Reported by: gbastien Owned by: gbastien
Priority: normal Milestone: WifiDog Auth Server 1.0
Component: Auth server, Authentication, permissions and access control Version: scc
Keywords: Cc:

Description

A new user can signup with a username different only by case from an existing user.

Since many queries afterwards use an ILike with the username and expect only one result to come back, this situation can be problematic.

A solution would be to not allow usernames differing only by case.

Change History

Changed 10 years ago by a@…

There's a similar problem with email addresses. A user can create an account with an address, say user@server .tld and create another account by putting USER@SERVER .TLD in the email field.

Changed 10 years ago by networkfusion

To fix this, change the sql statements to use ILIKE instead of LIKE or = . e.g. in user.php "SELECT user_id FROM users WHERE username = '$username_str' AND account_origin = '$account_origin_str'" would become "SELECT user_id FROM users WHERE username ILike '$username_str' AND account_origin ILike '$account_origin_str'"

Changed 10 years ago by networkfusion

  • summary changed from Username case sensitive... sometimes to Username and Emails case sensitive... sometimes
  • milestone changed from Not yet assigned to a Milestone to WifiDog Auth Server 1.0

Changed 10 years ago by gbastien

  • owner set to gbastien
  • summary changed from Username and Emails case sensitive... sometimes to Username and Emails case sensitive... sometimes OR add the possibility to have case-insensitive networks

There has been requests from groups to add the possibility to have case-insensitive networks (many support requests from people who have problems with username because they forgot the casing the initially used)

The '=' or 'Ilike' in the queries above would be dependent upon the case-sensitiveness of the origin network.

Problem would arise when passing from a case-sensitive network to a case-insensitive one. If some usernames differ only by case, we would need to do something with those users... My idea would be to issue a warning before changing the case-sensitiveness to ask what to do.

1- Nothing, stay case-sensitive, just give a list of problematic usernames so the admin can do whatever they wish with it. 2- Execute a one-time script to add a number after those usernames so that they are different and send an email to those users telling them their usernames have been change and they can change it back at next login.

Changed 10 years ago by gbastien

  • status changed from new to closed
  • version set to scc
  • resolution set to fixed
  • severity set to sergio

Networks can now be made case insensitive, but if some users pose problems, an error is issued with a list of those users and the network stays case sensitive.

Note: See TracTickets for help on using tickets.