New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Case sensitive usernames when logging in with an app password via webdav #40119
Comments
The issue seems to be around the comparison done in https://github.com/owncloud/core/blob/master/lib/private/User/Session.php#L922 I propose to change
This will make the username <--> token login name comparison to be case-insensitive and will allow authentication with different case. |
See PR #40281 - it ended up being easy to demonstrate the problem with a failing test scenario, and the suggested fix makes the test scenario pass. |
@phil-davis thanks! closing then #40280 ? |
yes - sorry I didn't ping here in time to say that I was looking at a test that could demonstrate the problem, and confirm the fix. |
This issue is previously reported (here #29708), but we are now encountering it ourselves too. The way a webdav password is generated and how it is then accepted is not always consistent.
Steps to reproduce
Expected behaviour
Expected behaviour should be that both accounts should work and the casing of username doesn't makes a difference.
Actual behaviour
Depends how the webdav token is generated, how the application response;
Server configuration
Operating system:
CentOS Linux release 7.9.2009 (Core)
Web server:
Apache/2.4.6 (CentOS)
Database:
MariaDB 10.3
PHP version:
PHP 7.4.29
ownCloud version:
OwnCloud 10.9.1
The content of config/config.php:
List of activated apps:
Logs
Nothing specials in the server logs. Header response;
The text was updated successfully, but these errors were encountered: