Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Web client does not look up email for user name with capitalized letters #18227

Closed
clcain opened this issue Aug 12, 2015 · 13 comments
Closed

Web client does not look up email for user name with capitalized letters #18227

clcain opened this issue Aug 12, 2015 · 13 comments

Comments

@clcain
Copy link

clcain commented Aug 12, 2015

I can log in to the web client (example.com/owncloud) and see my files using user name "Username", or I can use "username" (note the difference in capitalization) and both capitalizations log me in as the same user. However, when I click the link to reset password via email, user name "username" works, and user name "Username" returns the error dialog "Couldn't send reset email because there is no email address for this username. Please contact your administrator." The user name is listed on the admin page in all lower-case, as "username". This happens with every account I have on my server.

This was confusing at first, as I was always attempting to log in with a capitalized first letter, and receiving the error message.

I am using ownCloud 8.1.1.

@karlitschek
Copy link
Contributor

@blizzz Can you have a look please?

@DeepDiver1975 DeepDiver1975 added this to the 8.2-current milestone Aug 12, 2015
@blizzz
Copy link
Contributor

blizzz commented Aug 12, 2015

IIRC accepting user names on login with a capital letter is a UX feature with mobile phones in mind. Now I assume we just don't do it when looking up email for password reset. I understand this is confusing, and we better go for consistency. I don't think you have reservations @LukasReschke ?

@DeepDiver1975 DeepDiver1975 self-assigned this Sep 23, 2015
@DeepDiver1975
Copy link
Member

This is the ever returning nightmare of case insensitive username.

The proper solution is to finally introduce the accounts table which uses a proper integer based id.

see #19053 (comment)

@DeepDiver1975
Copy link
Member

I'd like to move this to 9.0

@DeepDiver1975
Copy link
Member

@cmonteroluque @karlitschek

@karlitschek
Copy link
Contributor

would be fine for me. @MTRichards what do you think?

@MTRichards
Copy link
Contributor

yes, workaround: use other letters.

@MTRichards MTRichards modified the milestones: 9.0-next, 8.2-current Sep 23, 2015
@ghost
Copy link

ghost commented Sep 24, 2015

it is. I share the dislike for this behavior, though... Shouldn't even be an issue with mobile phones if the right keyboard is used. Fine, let's hope for 9.0

@MTRichards
Copy link
Contributor

I was being a tad flip, but yes - not the best behavior, just trimming to the critical ones for the here and now.

@ghost ghost modified the milestones: 9.1-next, 9.0-current Feb 22, 2016
@PVince81
Copy link
Contributor

PVince81 commented Jul 6, 2016

This is the ever returning nightmare of case insensitive username.

It still is, moving to 9.2

@PVince81 PVince81 modified the milestones: 9.2, 9.1 Jul 6, 2016
@PVince81
Copy link
Contributor

PVince81 commented Apr 7, 2017

In newer versions of OC the error message is actually hidden to prevent hackers trying different user names to guess them. This makes this issue even worse because now the user will see a message "email sent" even if none is sent, then they'll wait longer and see they got nothing before trying again, not even having a clue that it was a problem with the user name.

@PVince81 PVince81 modified the milestones: 10.0.1, 10.0 Apr 7, 2017
@PVince81 PVince81 modified the milestones: backlog, 10.0.1 May 17, 2017
@ownclouders
Copy link
Contributor

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

@lock
Copy link

lock bot commented Jul 31, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jul 31, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

7 participants