Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usernames should not be case-sensitive when logging in #14586

Open
shane-tang opened this issue Apr 13, 2023 · 2 comments · May be fixed by #14585
Open

Usernames should not be case-sensitive when logging in #14586

shane-tang opened this issue Apr 13, 2023 · 2 comments · May be fixed by #14585
Labels
priority: minor section: Login/Statics status: issue: needs investigation

Comments

@shane-tang
Copy link

shane-tang commented Apr 13, 2023
edited
Loading

Affected Platforms

  • All (server issue)

Description

Today, you cannot register as USERNAME if someone else already registered as username. Most of the codebase now enforces case-insensitive username uniqueness. Account login is one of the few places that is still case-sensitive to usernames. If you registered as Username then you cannot log in as username. This is problematic for a couple of reasons:

  • Users may not be aware of the exact casing they used for their usernames during initial registration
  • Users typing on a phone or smartwatch are less likely to be precise about their capitalizations.
    • For example, phones and wearables auto-capitalize the first letter of an input field by default, which may cause confusion when a user's login fails because their username starts with a lowercase character

Caveats

Even though new account usernames cannot collide with existing account usernames, I acknowledge there's a chance that username collisions might exist from before this constraint was implemented. We can't naively say that all usernames are currently case-insensitively unique. Unless there has been some server backfill to address this, there are undoubtedly a small handful of colliding usernames. I'd bet there are users with the usernames bob and Bob.

However, it should be possible to use case-insensitive logins when there is exactly one user with the "same" username, then fallback to case-sensitive logins when there are multiple users with the "same" username.

For example:

  • If I am the only user with some permutation of the username Unique then I should be able to log in using unique or UNIQUE or uNiQuE.
  • If there is a user named collision and another user named COLLISION, then both of these users should follow the existing login behavior and should only be able to log in using their case-sensitive username. A login attempt with the username Collision should always fail because it's ambiguous which user model should be retrieved.

Additional Notes

The reason I'm posting this as a GitHub issue is because I already have a PR fix up.
@shane-tang shane-tang linked a pull request Apr 13, 2023 that will close this issue
Open
@bilalshaikh292
Copy link

heyy I would like to contribute ?

ilyassBZ added a commit to ilyassBZ/habitica that referenced this issue Dec 27, 2023
@ilyassBZ
fix(login): fixing logging with username (HabitRPG#14586)
1d33bab
@Maanit491
Copy link

Hello, I would like to contribute on this error:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: minor section: Login/Statics status: issue: needs investigation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support case-insensitive username logins shane-tang/habitica
4 participants
@shane-tang @CuriousMagpie @bilalshaikh292 @Maanit491