Defect #2473

Login and mail should not be case sensitive

Added by Teddy L almost 9 years ago. Updated over 7 years ago.

Status:ClosedStart date:2009-01-08
Priority:HighDue date:
Assignee:Eric Davis% Done:

100%

Category:Accounts / authentication
Target version:1.0.0 (RC)
Resolution:Fixed Affected version:

Description

Actually, uniqueness tests on login and mail fields are case sensitive, so you can have many accounts with same login and/or mail. And the "=" statement isn't case sensitive for strings on all databases, the method find_by_login need a fix to be case insensitive like find_by_mail.

For example, when i use Redmine with sqlite3, there are sides effects with "On the fly" ldap acounts creation and with SVN users automatic assignement because of find_by_login matching "login" with "login" but not "login" with "Login" ...

user_rb.patch Magnifier - Patch file for user.rb generated by TortoiseSVN 1.5.6 (1.56 KB) Teddy L, 2009-01-08 21:24

redmine-0.9-stable-r3695-login_case_insensitive.patch Magnifier - Case insensitive login patch for the Redmine 0.9-stable (1.18 KB) Stanislav German-Evtushenko, 2010-04-29 13:25


Related issues

Related to Redmine - Patch #4732: Make login case-insensitive also for PostgreSQL Closed 2010-02-03
Duplicated by Redmine - Feature #2330: Option for able to turn on case insensitive login Closed 2008-12-12

Associated revisions

Revision 2253
Added by Jean-Philippe Lang almost 9 years ago

Makes email adress uniqueness case-insensitive (#2473).

Revision 3807
Added by Eric Davis over 7 years ago

Change User#login to be case-insensitive. #2473

This change also overrides User#find_by_login to give priority to exact
matches in the login.

Contributed by Greg Mefford

Revision 3813
Added by Eric Davis over 7 years ago

Force string comparison for login search to be case sensitive on MySQL. #2473

Contributed by Holger Just.

History

#2 Updated by Tony Arnold almost 9 years ago

Is this patch going to be included in the core redmine product? We're having problems with our LDAP logins at present - we treat usernames as being case-insensitive, however redmine currently does not.

#3 Updated by Stanislav German-Evtushenko almost 8 years ago

Tony Arnold wrote:

Is this patch going to be included in the core redmine product? We're having problems with our LDAP logins at present - we treat usernames as being case-insensitive, however redmine currently does not.

It will be great if it's included in redmine. We have the same problem.

#4 Updated by Stanislav German-Evtushenko almost 8 years ago

Teddy L wrote:

Actually, uniqueness tests on login and mail fields are case sensitive, so you can have many accounts with same login and/or mail. And the "=" statement isn't case sensitive for strings on all databases, the method find_by_login need a fix to be case insensitive like find_by_mail.

For example, when i use Redmine with sqlite3, there are sides effects with "On the fly" ldap acounts creation and with SVN users automatic assignement because of find_by_login matching "login" with "login" but not "login" with "Login" ...

Thank you, Teddy! Your patch works with 0.8-stable!

#6 Updated by Marcel Waldvogel over 7 years ago

Patch #4732 addresses the same problem, but there at least PostgreSQL and MySQL should use the index instead of a table scan.

Dear maintainers: Please do include one of those fixes!

#7 Updated by Eric Voisard over 7 years ago

Just a comment: In the SMTP point of view, the local part of email addresses IS case-sensitive (RFC821, RFC822, RFC2821). is not the same mailbox as . Don't you think considering email addresses as case insensitive could have some undesired side effects?...

#8 Updated by Felix Schäfer over 7 years ago

  • Target version set to 1.0.0 (RC)

#10 Updated by Eric Davis over 7 years ago

  • Status changed from New to Closed
  • Assignee set to Eric Davis
  • % Done changed from 0 to 100
  • Resolution set to Fixed

I've committed a patch by Greg Mefford that makes the user login's case insensitive (r3807).

Also available in: Atom PDF