From 4d173e6746d11314e12dc9a48a8e27826ab6a5ed Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Fri, 19 Jun 2020 09:23:06 +0200
Subject: [PATCH] DbUserBackend: Lowercase usernames before fetching password
 hashes

The BINARY cast to make trailing spaces significant (#4030) also
made these queries case-sensitive. This wasn't identified at the
time because the query itself wasn't case-insensitive, but the
default collation on the `name` column. (Tests sometimes are the
perfect mitigation for this...)

fixes #4184
---
 library/Icinga/Authentication/User/DbUserBackend.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/library/Icinga/Authentication/User/DbUserBackend.php b/library/Icinga/Authentication/User/DbUserBackend.php
index bc84c7b74..58127fa64 100644
--- a/library/Icinga/Authentication/User/DbUserBackend.php
+++ b/library/Icinga/Authentication/User/DbUserBackend.php
@@ -184,9 +184,15 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec
             $columns = array('password_hash');
         }
 
+        $nameColumn = 'name';
+        if ($this->ds->getDbType() === 'mysql') {
+            $username = strtolower($username);
+            $nameColumn = 'BINARY LOWER(name)';
+        }
+
         $query = $this->ds->select()
             ->from($this->prependTablePrefix('user'), $columns)
-            ->where(($this->ds->getDbType() === 'mysql' ? 'BINARY ' : '') . 'name', $username)
+            ->where($nameColumn, $username)
             ->where('active', true);
 
         $statement = $this->ds->getDbAdapter()->prepare($query->getSelectQuery());