Closed MaxLeiter closed 6 years ago
Yes, we should make them case insensitive, but before I can accept the PR we also have to make sure that changePassword
, addUser
and deleteUser
are all also case insensitive. Otherwise bad things can happen.
If we're really careful we would check if there any users that would not be able to log in any more in that case (e.g. devsnd
and DEVSND
) on startup, but that's probably overkill.
I'll go ahead and put the lowers elsewhere, but this shouldn't stop anyone from logging in -- it just lowercases the username entered and the username it's fetching from the database
No point in making addUser case-insensitive, as it doesn't lookup usernames.
Updated, added to changePassword
I'll go ahead and put the lowers elsewhere, but this shouldn't stop anyone from logging in -- it just lowercases the username entered and the username it's fetching from the database
Well, if anyone would create two users MAX
and max
then both could not log in anymore, because of line 108: assert len(rows) <= 1
. So it's important to make sure that it's impossible to create this scenario by making all accesses lower-cased.
Good point -- done
Thanks, this time you get a dolphin and a fish, so you can feed it.
:dolphin: :fish:
Coverage remained the same at 73.554% when pulling 645c257cd467be169044d4182cd79be7bc6b0af0 on MaxLeiter:case-sensitive into 3d533b362fa91d4a240a665c53b6085072b279c1 on devsnd:devel.