[BUG]: Usernames should not be case-sensitive when logging in

[stuartchris]

How are you running AnythingLLM?

Docker (remote machine)

What happened?

Today, you can register as USERNAME even if someone else is already registered as username. Username should be case insensitive and unique.

Are there known steps to reproduce?

1. Create a user with username "admin
2. Create another user with username "Admin" starting with uppercase "A" This should not be allowed, an error should be displayed that the user already exists.

[timothycarambat]

Closing this as wontfix I think it is a credible issue, but its not a bug or a showstopper. The issue is that was have probably north of 100K running instances of AnythingLLM and enforcing this post-fact will break so many instances its not worth the lift.

• names with spaces are okay, we can at least patch new
• We can at most force new accounts to be lowercase and no-spaces.

If we make this check for everyone going forward we either cannot migrate the existing usernames without a large lift or a migration script the user must run, which will be painful for many. Neither of these things is a high priority right now and the most we can do is apply these rules on newly-created usernames, but we cannot enforce it on the login moment as we need to support both pre-fix and post-fix usernames, where case sensitivity still matters.

I think at most we can patch new user creation, but we cannot patch login case-sensitivity.