From 281bef48bf44aa38b7e94f28433b4b8968b4ccb8 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Thu, 28 Jun 2018 16:47:45 +0200
Subject: [PATCH] Fix #339: Subsonic API login is now case insensitive

---
 api/funkwhale_api/subsonic/authentication.py |  2 +-
 api/tests/subsonic/test_authentication.py    | 12 ++++++++++++
 changes/changelog.d/339.bugfix               |  1 +
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 changes/changelog.d/339.bugfix

diff --git a/api/funkwhale_api/subsonic/authentication.py b/api/funkwhale_api/subsonic/authentication.py
index a573a109..d6edb90c 100644
--- a/api/funkwhale_api/subsonic/authentication.py
+++ b/api/funkwhale_api/subsonic/authentication.py
@@ -19,7 +19,7 @@ def authenticate(username, password):
             password = password.replace("enc:", "", 1)
             password = binascii.unhexlify(password).decode("utf-8")
         user = User.objects.get(
-            username=username, is_active=True, subsonic_api_token=password
+            username__iexact=username, is_active=True, subsonic_api_token=password
         )
     except (User.DoesNotExist, binascii.Error):
         raise exceptions.AuthenticationFailed("Wrong username or password.")
diff --git a/api/tests/subsonic/test_authentication.py b/api/tests/subsonic/test_authentication.py
index b2d2c040..b0c6b1b3 100644
--- a/api/tests/subsonic/test_authentication.py
+++ b/api/tests/subsonic/test_authentication.py
@@ -63,3 +63,15 @@ def test_auth_with_inactive_users(api_request, factories):
     authenticator = authentication.SubsonicAuthentication()
     with pytest.raises(exceptions.AuthenticationFailed):
         authenticator.authenticate(request)
+
+
+def test_auth_case_insensitive(api_request, factories):
+    user = factories["users.User"](username="Hello")
+    user.subsonic_api_token = "password"
+    user.save()
+    request = api_request.get("/", {"u": "hello", "p": "password"})
+
+    authenticator = authentication.SubsonicAuthentication()
+    u, _ = authenticator.authenticate(request)
+
+    assert user == u
diff --git a/changes/changelog.d/339.bugfix b/changes/changelog.d/339.bugfix
new file mode 100644
index 00000000..3f4d82ea
--- /dev/null
+++ b/changes/changelog.d/339.bugfix
@@ -0,0 +1 @@
+Subsonic API login is now case insensitive (#339)
-- 
GitLab