diff options
| author | Cleopatra Enjeck M. <patrathewhiz@gmail.com> | 2025-02-24 06:17:00 +0000 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2025-03-05 06:20:07 +0000 |
| commit | 449676be7cd9d8138885d41551dbfe3d7c171aa2 (patch) | |
| tree | d12ceb5c237bd0791433c8ff271eb5ec8954e585 | |
| parent | ea24143154791d435ad4cb63d7f36f1bef50b558 (diff) | |
| download | nextcloud-server-449676be7cd9d8138885d41551dbfe3d7c171aa2.tar.gz nextcloud-server-449676be7cd9d8138885d41551dbfe3d7c171aa2.zip | |
fix: Use case insensitive check when validating login name
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
| -rw-r--r-- | lib/private/User/Session.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 408ebffb390..77993f737a5 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -780,7 +780,7 @@ class Session implements IUserSession, Emitter { * Check if login names match */ private function validateTokenLoginName(?string $loginName, IToken $token): bool { - if ($token->getLoginName() !== $loginName) { + if (strtolower($token->getLoginName() ?? '') !== strtolower($loginName ?? '')) { // TODO: this makes it impossible to use different login names on browser and client // e.g. login by e-mail 'user@example.com' on browser for generating the token will not // allow to use the client token with the login name 'user'. |