Enforce lowercase usernames everywhere.

diff --git a/pgweb/account/forms.py b/pgweb/account/forms.py
index 1f4e4bf482741b49d6f5ce6cd4352ec34c2b57e9..1e623436c255beec5953d740fe7506b0674a9b7d 100644 (file)
--- a/pgweb/account/forms.py
+++ b/pgweb/account/forms.py
@@ -22,7 +22,7 @@ class SignupForm(forms.Form):
                return email2
 
        def clean_username(self):
-               username = self.cleaned_data['username']
+               username = self.cleaned_data['username'].lower()
 
                try:
                        u = User.objects.get(username=username)

diff --git a/pgweb/account/views.py b/pgweb/account/views.py
index 5597094de3040d786d6958fb20036346e25ee001..ed01e68818a999567c2a1c28b2d797e1c34f24e9 100644 (file)
--- a/pgweb/account/views.py
+++ b/pgweb/account/views.py
@@ -93,7 +93,7 @@ def signup(request):
                        # Attempt to create the user here
                        # XXX: Do we need to validate something else?
 
-                       user = User.objects.create_user(form.cleaned_data['username'], form.cleaned_data['email'])
+                       user = User.objects.create_user(form.cleaned_data['username'].lower(), form.cleaned_data['email'])
                        user.first_name = form.cleaned_data['first_name']
                        user.last_name = form.cleaned_data['last_name']
                        user.save()

diff --git a/pgweb/util/auth.py b/pgweb/util/auth.py
index d1de7fe0dd37a44c8f27a09e09a28a8a8f07c817..397c971b438547cd89d761676c5c7956e59455c2 100644 (file)
--- a/pgweb/util/auth.py
+++ b/pgweb/util/auth.py
@@ -8,7 +8,7 @@ from django.db import connection
 class AuthBackend(ModelBackend):
        def authenticate(self, username=None, password=None):
                try:
-                       user = User.objects.get(username=username)
+                       user = User.objects.get(username=username.lower())
 
                        # If user is found, check the password using the django
                        # methods alone.
@@ -21,7 +21,7 @@ class AuthBackend(ModelBackend):
                        # User does not exist. See if it exists in the old system,
                        # and if it does, migrate it to the new one.
                        curs = connection.cursor()
-                       curs.execute('SELECT * FROM community_login_old(%s,%s)', (username, password))
+                       curs.execute('SELECT * FROM community_login_old(%s,%s)', (username.lower(), password))
                        rows = curs.fetchall()
 
                        if len(rows) != 1:
@@ -33,12 +33,12 @@ class AuthBackend(ModelBackend):
                                # we can think of.
                                namepieces = rows[0][2].split(None, 2)
                                if len(namepieces) == 1: namepieces[1] = ''
-                               user = User(username=username, email=rows[0][3], first_name=namepieces[0], last_name=namepieces[1])
+                               user = User(username=username.lower(), email=rows[0][3], first_name=namepieces[0], last_name=namepieces[1])
                                user.set_password(password)
                                user.save()
 
                                # Now delete the user in the old system so nobody can use it
-                               curs.execute('SELECT * FROM community_login_old_delete(%s)', (username, ))
+                               curs.execute('SELECT * FROM community_login_old_delete(%s)', (username.lower(), ))
 
                                return user
                        # Any other value in field 1 means login failed, so tell django we did

diff --git a/sql/community_login.sql b/sql/community_login.sql
index 1eab47eaeb0a198ead06eb73b0fd656c055de746..09eeb926092a5bae7ab4a17706d6f1389e544afa 100644 (file)
--- a/sql/community_login.sql
+++ b/sql/community_login.sql
@@ -11,7 +11,7 @@ RETURNS record
 AS $$
 BEGIN
    SELECT
-     auth_user.username,
+     lower(auth_user.username),
      trim(auth_user.first_name || ' ' || auth_user.last_name),
      auth_user.email,
      '', -- we don't do authorblurbs anymore, but the API has them...