From 6d4d2177d0010ef79f90fc6d7124be1e62a0b3ae Mon Sep 17 00:00:00 2001
From: ErickSkrauch <erickskrauch@yandex.ru>
Date: Fri, 20 Oct 2017 15:19:39 +0300
Subject: [PATCH] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=B5=D0=BD=D0=B0=20=D0=BE=D0=B1=D1=80=D0=B0=D0=B1=D0=BE=D1=82?=
 =?UTF-8?q?=D0=BA=D0=B0=20=D1=81=D0=B8=D1=82=D1=83=D0=B0=D1=86=D0=B8=D0=B8?=
 =?UTF-8?q?,=20=D0=BA=D0=BE=D0=B3=D0=B4=D0=B0=20=D0=BF=D1=80=D0=B8=20?=
 =?UTF-8?q?=D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0?=
 =?UTF-8?q?=D0=BD=D0=B8=D0=B8=20=D1=81=D1=82=D0=B0=D1=80=D0=BE=D0=B3=D0=BE?=
 =?UTF-8?q?=20=D0=BF=D1=80=D0=BE=D1=82=D0=BE=D0=BA=D0=BE=D0=BB=D0=B0=20?=
 =?UTF-8?q?=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8=D0=B7=D0=B0=D1=86=D0=B8?=
 =?UTF-8?q?=D0=B8=20=D0=BD=D0=B0=20=D1=81=D0=B5=D1=80=D0=B2=D0=B5=D1=80?=
 =?UTF-8?q?=D0=B5=20=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82?=
 =?UTF-8?q?=D0=B5=D0=BB=D1=8C=20=D0=BF=D0=B5=D1=80=D0=B5=D0=B4=D0=B0=D0=B2?=
 =?UTF-8?q?=D0=B0=D0=BB=20=D1=81=D0=B2=D0=BE=D0=B9=20=D0=BD=D0=B8=D0=BA=20?=
 =?UTF-8?q?=D0=B2=20=D0=BD=D0=B5=D0=BF=D1=80=D0=B0=D0=B2=D0=B8=D0=BB=D1=8C?=
 =?UTF-8?q?=D0=BD=D0=BE=D0=BC=20=D1=80=D0=B5=D0=B3=D0=B8=D1=81=D1=82=D1=80?=
 =?UTF-8?q?=D0=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/modules/session/models/JoinForm.php               |  2 +-
 .../api/functional/sessionserver/JoinLegacyCest.php   | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/api/modules/session/models/JoinForm.php b/api/modules/session/models/JoinForm.php
index b8b2aff..2676fb2 100644
--- a/api/modules/session/models/JoinForm.php
+++ b/api/modules/session/models/JoinForm.php
@@ -134,7 +134,7 @@ class JoinForm extends Model {
             throw new ForbiddenOperationException('Wrong selected_profile.');
         }
 
-        if (!$isUuid && $account->username !== $selectedProfile) {
+        if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower($selectedProfile)) {
             Session::error(
                 "User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," .
                 " but access_token issued to account with username = '{$account->username}'."
diff --git a/tests/codeception/api/functional/sessionserver/JoinLegacyCest.php b/tests/codeception/api/functional/sessionserver/JoinLegacyCest.php
index a04cbc0..27fe28c 100644
--- a/tests/codeception/api/functional/sessionserver/JoinLegacyCest.php
+++ b/tests/codeception/api/functional/sessionserver/JoinLegacyCest.php
@@ -30,6 +30,17 @@ class JoinLegacyCest {
         $this->expectSuccessResponse($I);
     }
 
+    public function joinByOauth2TokenAndDifferentLetterCase(AuthserverSteps $I) {
+        $I->wantTo('join to server by legacy protocol, using legacy authserver access token and different letter case');
+        [$accessToken] = $I->amAuthenticated();
+        $this->route->joinLegacy([
+            'sessionId' => $accessToken,
+            'user' => 'admin',
+            'serverId' => Uuid::uuid(),
+        ]);
+        $this->expectSuccessResponse($I);
+    }
+
     public function joinByNewSessionFormat(AuthserverSteps $I) {
         $I->wantTo('join to server by legacy protocol with new launcher session format, using legacy authserver');
         [$accessToken] = $I->amAuthenticated();