Project

General

Profile

Actions

Feature #12029

open

Allow lower case logins only

Added by Roy Sindre Norangshol over 11 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

Hey

We're running 1.3.2 with some custom own made patches, and we recently noticed an annoying 'feature' by redmine we categorize as a redmine bug. This bug seems to also be in the latest devel version according to github sources.

TLDR? We want login name sent from login/registration form to be downcased so users in redmine will always have usernames downcased.

Story:

In redmine users can have mixed-case login names ... this is not really an 'issue' in the standard redmine, but for us who write some custom extensions to it.

We currently have some scripts maintaining a sync. for certain LDAP groups and it's membership in redmine.
Since redmine pr. default allow you to login as BLUPPIDAPP when username is bluppidapp, how it is stored in the database doesn't matter for you. (assume this is active record magic or something).
It even tells you your username is 'bluppidapp' and not BLUPPIDAPP which is «fine» for the normal users, but not fine for us who do modifications to redmine.

Now, the interesting problem raises when you have 'create users on the fly' enabled and you fetch users from LDAP.
LDAP matches also incasesenstive on ldap search's, so when the user on his first login types "Foo" instead of "foo" (as everyone else have done until now…), the user is created with the username "Foo".

This caused issues for us where we expect usernames to be lowercase.

Fix: downcase 'login' in https://github.com/redmine/redmine/blob/master/app/models/user.rb#L156

(Our scripts plugs into redmine's internal functions, calling the same methods as redmine does for certain functions, so it's not possible for us to say «You can just downcase database results and problem is solved.»)

Note: it's bad IMHO also to allow caSeSenSiTIvE user names. I havent tested if redmine allow to have users both as "FOO" and "foo", but it's still bad and usernames should be downcased.

Actions #1

Updated by Jean-Philippe Lang over 11 years ago

  • Tracker changed from Defect to Feature
  • Subject changed from Username caSeSenSiTiVe login name, should downcase user.login to Allow lower case logins only
  • Category set to Accounts / authentication
Actions #2

Updated by Kelvin Lomberg over 2 years ago

+1 for this feature. Sometimes causes headaches for us if we accidentally use an uppercase character.

Actions

Also available in: Atom PDF