You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
create a user with an uppercase letter in the username
create an app token for that user
attempt to log in via a desktop or mobile app, writing the username in lowercase
the login will fail, while switching to uppercase will fix that
Expected behaviour
Nextcloud handles logins in its own apps and the web UI with ignored upper/lower case. Thus, a user will expect to be able to log in as "tony_stark" instead of "Tony_Stark". While it is debatable rather this is a good approach to usernames per se, it is the approach taken by Nextcloud. This only becomes obvious when observing the "user" field in the app token creation view.
Actual behaviour
Login is rejected due to username "missmatch", even though the same typing of that username is accepted in the web UI and clients. This is particularly an issue with app/desktop clients: Existing connections will no longer work, as the username used for login cannot be altered. So the user will have to remove the connection and re-add it with the "correct" spelling. Which may, depending on the user, not be obvious. Users thus may proceed to disable TFO again, assuming it is broken. If this occurs on all clients, the user is effectively locked out from his account, unless he uses a recover code generated earlier!
Server configuration
Standard Nextcloud 16.0.0 installation with PHP 7.3 in a webspace, using the Apache-PHP runtime.
The text was updated successfully, but these errors were encountered:
Steps to reproduce
Expected behaviour
Nextcloud handles logins in its own apps and the web UI with ignored upper/lower case. Thus, a user will expect to be able to log in as "tony_stark" instead of "Tony_Stark". While it is debatable rather this is a good approach to usernames per se, it is the approach taken by Nextcloud. This only becomes obvious when observing the "user" field in the app token creation view.
Actual behaviour
Login is rejected due to username "missmatch", even though the same typing of that username is accepted in the web UI and clients. This is particularly an issue with app/desktop clients: Existing connections will no longer work, as the username used for login cannot be altered. So the user will have to remove the connection and re-add it with the "correct" spelling. Which may, depending on the user, not be obvious. Users thus may proceed to disable TFO again, assuming it is broken. If this occurs on all clients, the user is effectively locked out from his account, unless he uses a recover code generated earlier!
Server configuration
Standard Nextcloud 16.0.0 installation with PHP 7.3 in a webspace, using the Apache-PHP runtime.
The text was updated successfully, but these errors were encountered: