Login using MFA does not respect the uppercase of the email address.
Mattermost Server 5.23.0
Google Authenticator MFA
Create an account with uppercase email address. For example - `ahmadDANIAL@mattermost.com`
Once done, log in with the email address above and configure MFA. In my case, I used Google Authenticator
Log in with the google authenticator and enter the code
The Enter a valid email or username and/or password error is displayed on the UI.
The entries that I am getting in the mattermost.log when the issue was reproduced:
The email address that is stored in the Users table was converted to all small case characters.
No issues when logging in with the lowercase email address.
This issue was originally discussed in the Ask R&D channel.
Based on 's feedback on this issue:
It is common practice to compare emails in lowercase so users don't have to worry how they wrote it the first time (emails are case insensitive). If using capital letters anywhere in the email (whether it is during registration or when authenticating) prevents authentication, it is a bug.
Verify on a postgres server that LDAP + MFA works with mixed-case login and still works with all lowercase login. Check LDAP login without MFA and also email login with mixed- and lowercase as well, to verify no regression there.
Do further regression tests, including on a mysql server.