From 4f8af723c6fc5dc4b689f0f1734d4e2b11dd4c82 Mon Sep 17 00:00:00 2001
From: Stu Tomlinson <stu@nosnilmot.com>
Date: Wed, 30 May 2018 15:10:25 +0100
Subject: [PATCH] Fix authentication for usernames containing uppercase
 characters

Applies to authentication methods that compare User (normalized)
and AuthzId (was not being normalized). These are external, ldap & pam.

Fixes #2280
---
 src/ejabberd_auth.erl | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
index 847549c74..39598e527 100644
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -230,19 +230,22 @@ check_password_with_authmodule(User, AuthzId, Server, Password) ->
 check_password_with_authmodule(User, AuthzId, Server, Password, Digest, DigestGen) ->
     case validate_credentials(User, Server) of
 	{ok, LUser, LServer} ->
-	    lists:foldl(
-	      fun(Mod, false) ->
-		      case db_check_password(
-			     LUser, AuthzId, LServer, Password,
+	    case jid:nodeprep(AuthzId) of
+		error ->
+		    false;
+	    LAuthzId ->
+		lists:foldl(
+		  fun(Mod, false) ->
+			case db_check_password(
+			     LUser, LAuthzId, LServer, Password,
 			     Digest, DigestGen, Mod) of
 			  true -> {true, Mod};
 			  false -> false
-		      end;
-		 (_, Acc) ->
-		      Acc
-	      end, false, auth_modules(LServer));
-	_ ->
-	    false
+			end;
+			(_, Acc) ->
+			    Acc
+		  end, false, auth_modules(LServer))
+	    end
     end.
 
 -spec set_password(binary(), binary(), password()) -> ok | {error, atom()}.