From b8cbb167d493191eee2dafec1949fcdd47dddaca Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Fri, 16 Aug 2024 14:28:20 +0300
Subject: enforce lowercase usernames while keeping backwards-compatibility for
 authentication

---
 classes/UserHelper.php         | 3 ++-
 plugins/auth_internal/init.php | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/classes/UserHelper.php b/classes/UserHelper.php
index 92c397764..0c2ed349b 100644
--- a/classes/UserHelper.php
+++ b/classes/UserHelper.php
@@ -62,6 +62,7 @@ class UserHelper {
 		if (!Config::get(Config::SINGLE_USER_MODE)) {
 			$user_id = false;
 			$auth_module = false;
+			$login = mb_strtolower($login);
 
 			PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_AUTH_USER,
 				function ($result, $plugin) use (&$user_id, &$auth_module) {
@@ -222,7 +223,7 @@ class UserHelper {
 
 	static function find_user_by_login(string $login): ?int {
 		$user = ORM::for_table('ttrss_users')
-			->where('login', $login)
+			->where_raw('LOWER(login) = LOWER(?)', [$login])
 			->find_one();
 
 		if ($user)
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index 881d867cf..6dd79373d 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -116,7 +116,7 @@ class Auth_Internal extends Auth_Base implements IAuthModule2 {
 
 		if ($login) {
 			$user = ORM::for_table('ttrss_users')
-				->where('login', $login)
+				->where_raw('LOWER(login) = LOWER(?)', [$login])
 				->find_one();
 
 			if ($user) {
-- 
cgit v1.2.3-54-g00ecf