From 13c9a73842e78a649633d69cdd3f0695182f6e85 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Thu, 20 Mar 2025 16:20:59 +0100
Subject: [PATCH 1/2] DbUserBackend: Match usernames case-insensitive on pgsql

---
 .../Icinga/Authentication/User/DbUserBackend.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/library/Icinga/Authentication/User/DbUserBackend.php b/library/Icinga/Authentication/User/DbUserBackend.php
index 0e8cc6a54..6cf56a844 100644
--- a/library/Icinga/Authentication/User/DbUserBackend.php
+++ b/library/Icinga/Authentication/User/DbUserBackend.php
@@ -11,6 +11,7 @@ use Icinga\Exception\AuthenticationException;
 use Icinga\Repository\DbRepository;
 use Icinga\User;
 use PDO;
+use Zend_Db_Expr;
 
 class DbUserBackend extends DbRepository implements UserBackendInterface, Inspectable
 {
@@ -179,23 +180,24 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec
     {
         if ($this->ds->getDbType() === 'pgsql') {
             // Since PostgreSQL version 9.0 the default value for bytea_output is 'hex' instead of 'escape'
-            $columns = array('password_hash' => 'ENCODE(password_hash, \'escape\')');
+            $columns = ['password_hash' => new Zend_Db_Expr('ENCODE(password_hash, \'escape\')')];
         } else {
-            $columns = array('password_hash');
+            $columns = ['password_hash'];
         }
 
-        $nameColumn = 'name';
+        $nameColumn = 'user';
         if ($this->ds->getDbType() === 'mysql') {
             $username = strtolower($username);
-            $nameColumn = 'BINARY LOWER(name)';
+            $nameColumn = new Zend_Db_Expr('BINARY LOWER(name)');
         }
 
-        $query = $this->ds->select()
-            ->from($this->prependTablePrefix('user'), $columns)
+        $query = $this
+            ->select()
+            ->from('user', $columns)
             ->where($nameColumn, $username)
             ->where('active', true);
 
-        $statement = $this->ds->getDbAdapter()->prepare($query->getSelectQuery());
+        $statement = $this->ds->getDbAdapter()->prepare($query->getQuery()->getSelectQuery());
         $statement->execute();
         $statement->bindColumn(1, $lob, PDO::PARAM_LOB);
         $statement->fetch(PDO::FETCH_BOUND);

From 92dad17a2b9deb46519cbfabb6413636d37823c5 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Thu, 20 Mar 2025 16:21:38 +0100
Subject: [PATCH 2/2] DbUserGroupBackend: Match memberships case-insensitive on
 pgsql

---
 library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
index 5299bbb7a..d42f275d1 100644
--- a/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
@@ -204,7 +204,7 @@ class DbUserGroupBackend extends DbRepository implements Inspectable, UserGroupB
         $membershipQuery = $this
             ->select()
             ->from('group_membership', array('group_name'))
-            ->where('user_name', $user->getUsername());
+            ->where('user', $user->getUsername());
 
         $memberships = array();
         foreach ($membershipQuery as $membership) {