From 6a14b98dc67d80f61c814921b59078346eb67eab Mon Sep 17 00:00:00 2001 From: Stratop0w Date: Tue, 16 Jul 2024 14:07:00 +0200 Subject: [PATCH 1/3] feat(add option for case sensitive login) --- lib/Config.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/Config.php b/lib/Config.php index cbd0191..ed7b24c 100644 --- a/lib/Config.php +++ b/lib/Config.php @@ -35,6 +35,7 @@ class Config const CONFIG_KEY_DB_PASSWORD = 'db_password'; const CONFIG_KEY_DB_PASSWORD_FILE = 'db_password_file'; const CONFIG_KEY_HASH_ALGORITHM_FOR_NEW_PASSWORDS = 'hash_algorithm_for_new_passwords'; + const CONFIG_KEY_FORCE_LOWERCASE_LOGIN = 'force_lowercase_login'; const CONFIG_KEY_QUERIES = 'queries'; const CONFIG_KEY_GET_PASSWORD_HASH_FOR_USER = 'get_password_hash_for_user'; @@ -339,4 +340,10 @@ private function normalize($string) return strtolower(preg_replace("/[-_]/", "", $string)); } + // Nextcloud usualy don't use case sensitive login, so here is the option to keep + // standard behavior + public function forceLowercaseLogin() : bool { + return $this->getConfigValueOrFalse(self::CONFIG_KEY_FORCE_LOWERCASE_LOGIN) !== false; + } + } From dabad97a7c4dc2ac421728e52825936f6b36a10c Mon Sep 17 00:00:00 2001 From: Stratop0w Date: Tue, 16 Jul 2024 14:40:58 +0200 Subject: [PATCH 2/3] feat(case sensitivity login) --- lib/UserBackend.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/UserBackend.php b/lib/UserBackend.php index 8bd833a..bca7cca 100644 --- a/lib/UserBackend.php +++ b/lib/UserBackend.php @@ -87,6 +87,10 @@ public function checkPassword($providedUsername, $providedPassword) } if (password_verify($providedPassword, $retrievedPasswordHash)) { + if ($this->config->forceLowercaseLogin()) { + $providedUsername = strtolower($providedUsername); + } + return $providedUsername; } else { return false; From 847046163fee37fc12df0e4e7b0986ff179cdc3c Mon Sep 17 00:00:00 2001 From: Stratop0w Date: Tue, 16 Jul 2024 14:44:47 +0200 Subject: [PATCH 3/3] update(add lowercase login readme) --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fc1b539..8b7f902 100644 --- a/README.md +++ b/README.md @@ -62,10 +62,11 @@ This app has no user interface. All configuration is done via Nextcloud's system //'create_user' => 'INSERT INTO users (local, domain, password_hash) VALUES (split_part(:username, \'@\', 1), split_part(:username, \'@\', 2), :password_hash)', ), //'hash_algorithm_for_new_passwords' => 'bcrypt', + //'force_lowercase_login' => true, ), ``` -There are three types of configuration parameters: +There are four types of configuration parameters: ### 1. Database @@ -167,6 +168,17 @@ The config values are `md5`, `sha256`, `sha512`, `argon2i`, `argon2id` respectiv user's password is changed, it will be updated to the configured hash algorithm. This eases migration to more modern algorithms. +### 4. Optional features + + +##### `force_lowercase_login` + +Default behavior of Nextcloud instance with internal user database is to apply submitted login information to lower case, so usernames are case insensitive. + +By design, this extention by default will transmit submitted usernames to Nextcloud once authenticated without lowercasing. + +If you want to keep default Nextcloud behavior, enable option `force_lowercase_login` and set it's value to `true`. + ## Security * Password length is limited to 100 characters to prevent denial of service attacks against the