There is a weird bug that I discovered in which the system is neither crashing nor logging in properly when I either register or login with mixed case for user login accounts. I’m not sure of the reason but I assume that everyone here doesn’t want ThisLogin to be different from thislogin and so my suggestion is to use lowercase on all the signup / login endpoints by default (all transitions, REST, etc …)
This bug was detected specifically because in iOS apps, the first letter is always capitalized which exposed this anomaly. WDYT?
Yes, we have seen this problem. Actually, looking at the code, this is not the intended behavior, as moqui ensures uniqueness of the username and emailAddress fields in UserAccount, and even does case-insensitive search in the MoquiShiroRealm code for login. The login actually succeeds, but the username recorded in the session (as handled by Shiro) is the original username of the request (which does not match the username in the DB using case-sensitive search) and this makes the authentication to fail after the redirection of the successful login.
So, my thought is that the case-insensitive search should be done before calling Apache Shiro methods, so the username recorded will be the case-sensitively correct one.
The fix makes sense, so instead of lowercasing you simply ignore the case upon login and hence preserve the way the user stored their credentials. I hope this gets merged, but meanwhile I will add this as a patch on our system