[BUG] login confuses usernames that differ in terms of upper/lower case

[mishaschwartz]

Describe the bug

Ziggurat foundation converts usernames to lowercase before looking them up in the database: https://github.com/ergo/ziggurat_foundations/blob/0.9.1/ziggurat_foundations/models/services/user.py#L326-L328

This means:

• if a user named "Test" exists, logging in with any of "test", "TEST", "tEst", etc. will all log in as the "Test" user
• if users named "test" and "Test" exist, both users will be logged in as the "test" user ("Test" will never be able to log in)

To Reproduce
Steps to reproduce the behavior:

1. Create a user "Test"
2. Log in with the username "test" (result: login success as the user "Test")
3. Create a user "test" with a different password than "Test"
4. Log in with the username "Test" (result: login failure)

Expected behavior

Users whose usernames differ in terms of capitalization only, should be treated as distinct users in all parts of the application, including logins.

[fmigneault]

Is the wrong UserService used somewhere?
This implementation that overrides and extends by_user_name should be used instead:

Magpie/magpie/models.py

Line 434 in c6909c1

class UserSearchService(UserService):

[fmigneault]

Oh, never mind. I just saw the super(UserSearchService, cls).by_user_name(...) call.

[mishaschwartz]

@fmigneault I've added a PR to fix this here: #596

I don't know if you saw it buy I'm not a member or this github organization so I can't request a reviewer

[tlvu]

@fmigneault I've added a PR to fix this here: #596

I don't know if you saw it buy I'm not a member or this github organization so I can't request a reviewer

@mishaschwartz You have write access to this repo now. For future PR, you can push directly to this repo, no need to use your fork anymore.