Skip to content

login case insensitive feature #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,11 @@ This app has no user interface. All configuration is done via Nextcloud's system
//'create_user' => 'INSERT INTO users (local, domain, password_hash) VALUES (split_part(:username, \'@\', 1), split_part(:username, \'@\', 2), :password_hash)',
),
//'hash_algorithm_for_new_passwords' => 'bcrypt',
//'force_lowercase_login' => true,
),
```

There are three types of configuration parameters:
There are four types of configuration parameters:

### 1. Database

Expand Down Expand Up @@ -167,6 +168,17 @@ The config values are `md5`, `sha256`, `sha512`, `argon2i`, `argon2id` respectiv
user's password is changed, it will be updated to the configured hash algorithm. This eases
migration to more modern algorithms.

### 4. Optional features


##### `force_lowercase_login`

Default behavior of Nextcloud instance with internal user database is to apply submitted login information to lower case, so usernames are case insensitive.

By design, this extention by default will transmit submitted usernames to Nextcloud once authenticated without lowercasing.

If you want to keep default Nextcloud behavior, enable option `force_lowercase_login` and set it's value to `true`.

## Security

* Password length is limited to 100 characters to prevent denial of service attacks against the
Expand Down
7 changes: 7 additions & 0 deletions lib/Config.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ class Config
const CONFIG_KEY_DB_PASSWORD = 'db_password';
const CONFIG_KEY_DB_PASSWORD_FILE = 'db_password_file';
const CONFIG_KEY_HASH_ALGORITHM_FOR_NEW_PASSWORDS = 'hash_algorithm_for_new_passwords';
const CONFIG_KEY_FORCE_LOWERCASE_LOGIN = 'force_lowercase_login';

const CONFIG_KEY_QUERIES = 'queries';
const CONFIG_KEY_GET_PASSWORD_HASH_FOR_USER = 'get_password_hash_for_user';
Expand Down Expand Up @@ -339,4 +340,10 @@ private function normalize($string)
return strtolower(preg_replace("/[-_]/", "", $string));
}

// Nextcloud usualy don't use case sensitive login, so here is the option to keep
// standard behavior
public function forceLowercaseLogin() : bool {
return $this->getConfigValueOrFalse(self::CONFIG_KEY_FORCE_LOWERCASE_LOGIN) !== false;
}

}
4 changes: 4 additions & 0 deletions lib/UserBackend.php
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,10 @@ public function checkPassword($providedUsername, $providedPassword)
}

if (password_verify($providedPassword, $retrievedPasswordHash)) {
if ($this->config->forceLowercaseLogin()) {
$providedUsername = strtolower($providedUsername);
}

return $providedUsername;
} else {
return false;
Expand Down