View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0010837||mantisbt||authentication||public||2009-08-14 18:20||2017-10-23 06:09|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Summary||0010837: mantisbt username validation is case sensitive - undesired feature?|
had a user who reported he could not log in with a mantis 1.2.0rc1 installation (had previously logged in successfully)
turns out the user was using an all lowercase username when attempting to login but the username listed in the db (the one used when signing up) contained mix case;
not sure it makes sense for the username to be case sensitive or if it does maybe i am missing it and am interested in an option to disable case sensitivity with the username
Parts of discussion from:
|Tags||No tags attached.|
also attempted to assign a user to the monitor list
noticed username was shown in the drop down as all lowercase
selected, clicked add to monitor list
mantis reported back that the all lowercase username does not exist
In our environment, we have external autentication via LDAP.
We are using Mediawiki as a user provisioning system. With the help of some Mediawiki plugins, we are able to maintain users in our LDAP repository, provide self-service user registration and password reset. So, it's a very convenient zero-administration thing.
The problem is that all wikis AFAIK employ capitalized identifiers. Being an username just another identifier, comes that user "jmsmith" is displayed as "Jsmith" and also stored as "Jsmith" internally, in the Mediawiki database I mean. It also implies that the username is stored as "JSmith" in LDAP.
We changed the Mediawiki LDAP plugin in order to force usernames to be stored as all lowercase, no matter the way it was entered by the user. So, no matter if it was typed "jsmith", "Jsmith", "JSmith", "JSMITH" or whatever, Mediawiki will store intenally as "Jsmith" (as usual) and it will be stored in LDAP as "jsmith".
As I said in the beginning, our Mantis installation is using and external LDAP repository. So, it would be extremally convenient to first convert to lowercase before doing anything else.
What I observed is that Mantis created 2 users in it's internal database because a certain user typed it in different ways. When Mantis queried LDAP, it performed a non-case sensitive query and matched both "John" and "john", which implies that 2 users were created in Mantis database.
Thanks a lot :)
I've circunvented the problem.
Explanation: function auth_prepare_username is called just after the user fills in the login form and before the authentication request. Doing so, no matter what the user types, it will be considered all lowercase.
I imagine this problem is going to require changes to a lot more than just the code dealing with user logins. We would need to go through the entirity of Mantis to ensure that every time we make a username comparison or lookup, we convert both strings being compared to either lowercase or uppercase.
Re-targeted for 1.3.x, this will require a lot of testing to make sure we don't break anything or have one use "John", login as another "john". I also don't consider it blocking in anyway for the 1.2.x release.
Well, I have all users with usernames in upper case, just because these are their company mnemonics (nicknames, abbreviations, whatever) and read so much better in upper case.
But many of them forget to type it upper case at login. So I'd like to support this request for an option to ignore the case of usernames.
Added parts of Github PR discussion in additional information.
|2009-08-14 18:20||yw84ever||New Issue|
|2009-08-17 21:06||yw84ever||Note Added: 0022743|
|2009-08-18 02:15||vboctor||Status||new => acknowledged|
|2009-08-18 02:15||vboctor||Target Version||=> 1.2.2|
|2009-09-05 08:18||rgomes1997||Note Added: 0022886|
|2009-09-05 09:12||rgomes1997||Note Added: 0022887|
|2009-10-06 16:49||jreese||Target Version||1.2.0 RC2 => 1.2.2|
|2009-12-16 21:22||dhx||Note Added: 0023923|
|2010-01-02 00:44||vboctor||Note Added: 0024019|
|2010-01-02 00:44||vboctor||Target Version||1.2.2 => 1.3.0-beta.1|
|2011-04-08 10:01||bodowenzel||Note Added: 0028571|
|2013-10-25 16:30||atrol||Relationship added||has duplicate 0016536|
|2014-01-21 17:00||atrol||Target Version||1.3.0-beta.1 =>|
|2014-04-28 01:25||atrol||Note Added: 0040179|
|2014-04-28 01:25||atrol||Additional Information Updated||View Revisions|
|2017-10-23 06:09||atrol||Relationship added||has duplicate 0023515|