Merge pull request #2433 from mathiash98/mathias/Auth-case-insensitive-login

Auth: Case insensitive login check on username

db/patch-user-username-case-insensitive.sql

@@ -0,0 +1,47 @@
+CREATE TABLE [temp_user](
+  [id] INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+  [username] VARCHAR(255) NOT NULL UNIQUE COLLATE NOCASE,
+  [password] VARCHAR(255),
+  [active] BOOLEAN NOT NULL DEFAULT 1,
+  [timezone] VARCHAR(150),
+  twofa_secret VARCHAR(64),
+  twofa_status BOOLEAN default 0 NOT NULL,
+  twofa_last_token VARCHAR(6)
+);
+
+INSERT INTO [temp_user] SELECT
+[id],
+[username],
+[password],
+[active],
+[timezone],
+twofa_secret,
+twofa_status,
+twofa_last_token
+ FROM user;
+
+DROP TABLE user;
+
+CREATE TABLE [user](
+  [id] INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+  [username] VARCHAR(255) NOT NULL UNIQUE COLLATE NOCASE,
+  [password] VARCHAR(255),
+  [active] BOOLEAN NOT NULL DEFAULT 1,
+  [timezone] VARCHAR(150),
+  twofa_secret VARCHAR(64),
+  twofa_status BOOLEAN default 0 NOT NULL,
+  twofa_last_token VARCHAR(6)
+);
+
+INSERT INTO [user] SELECT
+[id],
+[username],
+[password],
+[active],
+[timezone],
+twofa_secret,
+twofa_status,
+twofa_last_token
+ FROM [temp_user];
+
+DROP TABLE [temp_user];

server/auth.js

@@ -15,7 +15,7 @@ exports.login = async function (username, password) {
         return null;
     }
 
-    let user = await R.findOne("user", " username = ? AND active = 1 ", [
+    let user = await R.findOne("user", " username = ? AND active = 1", [
         username,
     ]);
 

server/database.js

@@ -66,6 +66,7 @@ class Database {
         "patch-add-radius-monitor.sql": true,
         "patch-monitor-add-resend-interval.sql": true,
         "patch-maintenance-table2.sql": true,
+        "patch-user-username-case-insensitive.sql": { parents: [ "patch-2fa-invalidate-used-token.sql", "patch-2fa.sql" ] }
     };
 
     /**