Auth: support case insensitive username matching on LDAP+TOTP. closes https://github.com/opnsense/core/issues/4451

2026-03-17 10:04:41 +00:00 · 2020-11-10 09:21:21 +01:00 · 2020-11-10 09:21:21 +01:00 · d992cfc2a2
commit d992cfc2a2
parent ff728e837c
2 changed files with 24 additions and 4 deletions
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
@ -38,6 +38,11 @@ use OPNsense\Core\Config;
 */
 abstract class Base
 {
+    /**
+     * @var bool match usernames case insensitive
+     */
+    protected $caseInSensitiveUsernames = false;
+
    /**
     * return group memberships
     * @param string $username username to find
@ -111,10 +116,15 @@ abstract class Base
        $configObj = Config::getInstance()->object();
        $userObject = null;
        foreach ($configObj->system->children() as $key => $value) {
-            if ($key == 'user' && !empty($value->name) && (string)$value->name == $username) {
-                // user found, stop search
-                $userObject = $value;
-                break;
+            if ($key == 'user' && !empty($value->name)) {
+                // depending on caseInSensitiveUsernames setting match exact or case-insensitive
+                if ((string)$value->name == $username ||
+                    ($this->caseInSensitiveUsernames && strtolower((string)$value->name) == strtolower($username))
+                ) {
+                    // user found, stop search
+                    $userObject = $value;
+                    break;
+                }
            }
        }
        return $userObject;
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAPTOTP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAPTOTP.php
@ -63,6 +63,9 @@ class LDAPTOTP extends LDAP
    public function setProperties($config)
    {
        parent::setProperties($config);
+        if (!empty($config['caseInSensitiveUsernames'])) {
+            $this->caseInSensitiveUsernames = true;
+        }
        $this->setTOTPProperties($config);
    }

@ -73,6 +76,13 @@ class LDAPTOTP extends LDAP
    public function getConfigurationOptions()
    {
        $options = $this->getTOTPConfigurationOptions();
+        $options["caseInSensitiveUsernames"] = array();
+        $options["caseInSensitiveUsernames"]["name"] = gettext("Match case insensitive");
+        $options["caseInSensitiveUsernames"]["help"] = gettext("Allow mixed case input when gathering local user settings.");
+        $options["caseInSensitiveUsernames"]["type"] = "checkbox";
+        $options["caseInSensitiveUsernames"]["validate"] = function ($value) {
+            return array();
+        };
        return $options;
    }
 }