Domainname always lower cased

[CodeInsider]

Hi,

i just tried RoundCube 0.8 and can't login, because of a casesensitive mailserverconfiguration.

If i try to login to: user@…
Even if i entered the correct password, the login failed.

I've set the error output to display, and get this error:
IMAP Error in /var/www/vhosts/MyDomain.tld/subdomains/mail/program/include/rcube_imap.php (191): Login failed for user@… from xxx.xxx.xxx.xxx. AUTHENTICATE CRAM-MD5: A0001 NO Login failed.

And as you could see, the domain is lowercased, which is rejected by my Mailserver.

By the way:
$rcmail_configlogin_lc? is set to false.

Seems that this bug is again inside roundcube. #1486393

Do you have a workaround?

[CodeInsider]

I found the bug...
/program/include/rcmail.php Line 916 f
list($local, $domain) = explode('@', $username);
$username = $local . '@' . mb_strtolower($domain);

This break the login!

I changed it to:
if($configlogin_lc?) {

list($local, $domain) = explode('@', $username);
$username = $local . '@' . mb_strtolower($domain);

}

This works for me.

[thomasb]

Domain names are by definition case-insensitive. What kind of weird email server do you use that requires case-sensitive domain parts for login?

[CodeInsider]

Replying to thomasb:

Domain names are by definition case-insensitive. What kind of weird email server do you use that requires case-sensitive domain parts for login?

Well, this "weird email server" ist a normal unix mailserver with normal administrativ software like CPanel or Plesk.
Your right, adresses are not casesensitive. I can mail to to user@… or UsEr?@myDoMAin.tLD... but that is not the login!
I require a full authorization for a correct login. This meens: User + Domain.
Both together are the userlogin.
I can't login to Windows or Linux with an lowercased username if i registered it as an uppercase user for some reasons, so you can't expect that this always work.
By the way... is there any good reason why a lowercased username should be better for roundcube or is those lowercase function just integrated to make some stringreplacements? ;-)

Well normally I expect from opensource projects, that they are happy if some other business developer use it's private time to fix a problem?

[alec]

I understand your point, but your fix isn't complete and changes behavior in non-backward compatible way. Maybe we would need a config option for this or if we decide to break backward compat. we just remove the mb_strtolower() because the whole login is lowercased before (if login_lc=true).

[CodeInsider]

Hi,

well why do you need a new config option? login_lc seems to be the right config, doesn't it?
I thought this would control the casesensitive settings for the login.

But well, this change was just a quickshot for me to fix my loginproblems.
Please, can you explaine where is the benefit from lowercasing the loginname? Is this to avoid douple logins/usernames in the database?

[thomasb]

Replying to CodeInsider:

Hi,

well why do you need a new config option? login_lc seems to be the right config, doesn't it?
I thought this would control the casesensitive settings for the login.

Because it would change the behavior of all installations having login_lc = false. And it's likely that people (unconsciously) rely on the current behavior of domain name lowercasing and thus an update would break their logins.

If you're running a standard unix mail server, I'm sure there's an option to disable that IMO stupid case-sensitive login behavior. Just a guess...

[alec]

Fixed in [c72325fa]. Modified login_lc option to support three values.