Fix case sensitivity issue in username handling #1146

tdrivas · 2025-03-10T05:06:54Z

This PR resolves an issue where Django Allauth was treating all usernames as lowercase during authentication, preventing users with capital letters in their usernames from logging in.

The problem
Usernames were correctly stored in the database with their original case (e.g., Bob), but authentication failed if users entered their names with uppercase letters.

Solution
Updated ACCOUNT_PRESERVE_USERNAME_CASING to True so to ensure usernames are not altered during authentication and are matched exactly as stored in the database.

Impact

Users can now login using the their, exact case, username as stored in the db.
No impact on existing stored usernames as only the authentication behavior has been adjusted.

Test new functionality (Manual tests)

Tested logging in with usernames having uppercase letters
Ensured that new users can sign up and log in as expected.
Verified password reset still works with case-sensitive usernames

duke-nyuki · 2025-03-10T05:06:57Z

Task linked: QF-4962 Cannot login to admin if the username starts with a Capital letter

suricactus

I am only afraid what will be the implications of such change. Let us discuss in the next meeting.

Btw, would you mind adding the docs in settings file since you are on it?

docker-app/qfieldcloud/settings.py

gounux · 2025-03-11T07:19:38Z

Could test locally, auth with uppercases in the login username seems to work fine !

I am only afraid what will be the implications of such change

Feeling the same.

suricactus · 2025-03-11T12:15:57Z

@tdrivas let us know what tests you have performed to ensure no regressions are there.

tdrivas · 2025-03-11T13:44:58Z

@tdrivas let us know what tests you have performed to ensure no regressions are there.

Check updated description please!

suricactus · 2025-03-11T16:45:09Z

Test new functionality (Manual tests)
Tested logging in with usernames having uppercase letters
Ensured that new users can sign up and log in as expected.
Verified password reset still works with case-sensitive usernames

A few other manual tests on top of the ones you performed:

ensure usernames with lowercase letters can login
ensure that username "SURICACTUS" or similar can access their profile no matter if they are written in lowercase or uppercase in the login form for:
a) Django admin
b) app.qfiled.cloud login
ensure that after login, one can load host.com/a/SURICACTUS and host.com/a/suricactus with the same result.

I believe we can write a new test function similar to

QFieldCloud/docker-app/qfieldcloud/authentication/tests/test_authentication.py

Line 63 in d092586

def test_login_logout(self):

with username with capitals.

docker-app/qfieldcloud/authentication/tests/test_authentication.py

suricactus

Last two bits and we are ready.

…ess for clarity and group login-related tests together

…th_session_case_insensitive to the end of login tests

suricactus · 2025-03-24T11:34:39Z

I will leave this one for the next release. Not huge risk, but still sounds like an imporant settings we change.

Fix case sensitivity issue in username handling

3c55580

tdrivas self-assigned this Mar 10, 2025

tdrivas requested review from suricactus and gounux March 10, 2025 05:07

suricactus reviewed Mar 10, 2025

View reviewed changes

docker-app/qfieldcloud/settings.py Show resolved Hide resolved

Add comments about the change of username casing setting

6754665

Add tests for authentication

afe2e0c

tdrivas requested a review from suricactus March 18, 2025 08:46