CamelCase usernames get added as lower-case into DB and result in access issues

[pat-s]

Component

server

Describe the bug

When a username is in camel-case, e.g. MyUser, the user get's added as myuser into the DB (e.g. the orgs table).

This causes access issues during use. Users only see the generic "an unknown error occured" when accessing their own user org and other access-restricted parts within WP.

We have hundreds of these cases in the Codeberg instance (https://codeberg.org/Codeberg-CI/feedback/issues/149). Additionally, I also verified this behavior with a new user on my own private instance.

Not sure if it is forge-related, but it at least affects Gitea/Forgejo.

System Info

WP 2.4.1 but at least 2.3.x and likely also previous versions are affected

Additional context

No response

Validations

• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Checked that the bug isn't fixed in the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]

[qwerty287]

Users only see the generic "an unknown error occured" when accessing their own user org

Isn't this independent from the names? It should use IDs.

Which tables does this affect? Only orgs or users too?

Because looking at the code, there's no ToLowerCase. The migration doesn't change it, the registration API doesn't change it, and the Gitea driver doesn't change it too (it takes the API field directly).

[pat-s]

Which tables does this affect? Only orgs or users too?

I focused on orgs for now but I guess its the same for users.

I don't know yet where the issue is coming from and what causes it. The only thing I can say that I could reproduce it in my private instance (creating a new user with a CamelCase name) and patching usernames from lowercase to CamelCase fixed a lot of access issues the respective users in the CB instance.

[zc-devs]

Start is in 3328, continues in 3342.