From 285b177c852df28117c3dab4e35022856c9ac965 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Wed, 3 Jul 2019 17:28:04 +0100
Subject: [PATCH] Always convert usernames to lowercase in form input

---
 server/login.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/login.go b/server/login.go
index f82cca9..d840a0b 100644
--- a/server/login.go
+++ b/server/login.go
@@ -199,7 +199,8 @@ func (l *loginHandler) dispatch(w http.ResponseWriter, req *http.Request, sessio
 
 // Handle password-based login.
 func (l *loginHandler) handlePassword(w http.ResponseWriter, req *http.Request, session *loginSession) (loginState, []byte, error) {
-	username := req.FormValue("username")
+	// Case-fold usernames to lowercase.
+	username := strings.ToLower(req.FormValue("username"))
 	password := req.FormValue("password")
 
 	// If the request is a POST, attempt login with username/password.
-- 
GitLab