Upon user registration, invenio_userprofiles.ProfileForm validates the username and whether the user already exists in the database. For this, it uses the user name basically as provided by the registration form (field.data). However, usernames seem to be lowercased upon storage into the DB. This creates a divergence between what is being checked and what is actually stored into the database.
For example, let's assume there is a user with username myuser in the DB. If someone now tries to create a new user MyUser, validation will pass through, but the DB model will turn the user name into myuser which will result in:
On an InvenioRDM site (not logged into any user account), open the registration form ( /signup ).
Create a user with certain credentials.
Log out of the user account.
Again in the registration form (/signup), create a new user where the user name is similar to the one used in 2., but where at least one of the characters is different in that it is upper or lower case. Also use a different email address than the one used in 2., otherwise the error won't surface due to email address validation failing (email address already being used).
Submit the data.
On the client side, an "Internal server error" or something alike will occur. On the server side, there is a sqlalchemy.exc.IntegrityError (as mentioned above).
Expected behavior
Username validation should operate with the exact same string as the one being used for final username ingestion. That is, either should the username be lowercased upon validation, or it should be stored as is (as provided by the user) into the DB.
Package version (if known): v3.5.0
Describe the bug
Upon user registration,
invenio_userprofiles.ProfileFormvalidates the username and whether the user already exists in the database. For this, it uses the user name basically as provided by the registration form (field.data). However, usernames seem to be lowercased upon storage into the DB. This creates a divergence between what is being checked and what is actually stored into the database.For example, let's assume there is a user with username
myuserin the DB. If someone now tries to create a new userMyUser, validation will pass through, but the DB model will turn the user name intomyuserwhich will result in:Steps to Reproduce
/signup)./signup), create a new user where the user name is similar to the one used in 2., but where at least one of the characters is different in that it is upper or lower case. Also use a different email address than the one used in 2., otherwise the error won't surface due to email address validation failing (email address already being used).sqlalchemy.exc.IntegrityError(as mentioned above).Expected behavior
Username validation should operate with the exact same string as the one being used for final username ingestion. That is, either should the username be lowercased upon validation, or it should be stored as is (as provided by the user) into the DB.
Screenshots (if applicable)
Additional context