From aaf7eb01f1ca6be21f03b748273f21e2e689d154 Mon Sep 17 00:00:00 2001
From: Adam Lantos <adam.lantos@playma.org>
Date: Mon, 3 Jan 2011 15:28:12 +0100
Subject: [PATCH] Use case-insensitive comparison in session_changed.

Redmine login name is case-insensitive, so the previous
code could cause issues when different upper case and lower
case characters are used in the authentication layer.

This commit hopefully fixes 'invalid form authenticity token'
issues.
---
 lib/http_auth_patch.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/http_auth_patch.rb b/lib/http_auth_patch.rb
index 7dad7f2..0b30763 100644
--- a/lib/http_auth_patch.rb
+++ b/lib/http_auth_patch.rb
@@ -75,7 +75,7 @@ def session_changed?(user, remote_username)
       if user.nil?
         true
       else
-        use_email? ? user.mail != remote_username : user.login != remote_username
+        use_email? ? user.mail.casecmp(remote_username) != 0 : user.login.casecmp(remote_username) != 0
       end
     end