diff --git a/app/classes/web/api_handler.py b/app/classes/web/api_handler.py index ae525dbb..43af4ae8 100644 --- a/app/classes/web/api_handler.py +++ b/app/classes/web/api_handler.py @@ -338,7 +338,7 @@ class CreateUser(ApiHandler): self.access_denied(user) return - new_username = self.get_argument("username") + new_username = self.get_argument("username").lower() new_pass = self.get_argument("password") if new_username: diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index ed8f3a73..94cd12a7 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -1774,7 +1774,7 @@ class PanelHandler(BaseHandler): "system user is not editable" ) user_id = bleach.clean(self.get_argument("id", None)) - username = bleach.clean(self.get_argument("username", None)) + username = bleach.clean(self.get_argument("username", None).lower()) password0 = bleach.clean(self.get_argument("password0", None)) password1 = bleach.clean(self.get_argument("password1", None)) email = bleach.clean(self.get_argument("email", "default@example.com")) @@ -1943,7 +1943,7 @@ class PanelHandler(BaseHandler): self.finish() elif page == "add_user": - username = bleach.clean(self.get_argument("username", None)) + username = bleach.clean(self.get_argument("username", None).lower()) if username.lower() == "system": self.redirect( "/panel/error?error=Unauthorized access: " diff --git a/app/classes/web/routes/api/users/index.py b/app/classes/web/routes/api/users/index.py index 4c5a85a2..3e4cfdab 100644 --- a/app/classes/web/routes/api/users/index.py +++ b/app/classes/web/routes/api/users/index.py @@ -95,6 +95,7 @@ class ApiUsersIndexHandler(BaseApiHandler): ) username = data["username"] + username = str(username).lower() password = data["password"] email = data.get("email", "default@example.com") enabled = data.get("enabled", True)