Authentication

Hello,

We identified a problem for the CAS authentication mod on moodle 1.9.5, we didn't checked on other 1.9 version.

To explain the problem the CAS authentication is done and when the cas server send back to moodle it's arrives on the moodle login page.

The problem comes from the file auth/cas/auth.php on this function :
/**
* Authenticates user againt CAS
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username
* @param string $password The password
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
$this->connectCAS();
return phpCAS::isAuthenticated() && (phpCAS::getUser() == $username);
}

The problem is that the $username is all in lower Case whereas the phpCAS::getUser() could have upper case.

$username is in lower case, like it's done on login/index.php line 109 with $frm->username = trim(moodle_strtolower($frm->username));


so to solve the problem we need to modify the return of the function user_login like this :
return phpCAS::isAuthenticated() && (trim(moodle_strtolower(phpCAS::getUser())) == $username);


I haven't account for the tracker so someone can create a ticket ?

thanks.