From 3c3d2051807b8db5726e18238384e435aa9191b7 Mon Sep 17 00:00:00 2001
From: Michael Brown <supermathie@gmail.com>
Date: Fri, 9 Mar 2018 16:06:55 -0500
Subject: [PATCH] FIX: sso_overrides_username may inappropriately change the
 username if the case changed

---
 app/models/discourse_single_sign_on.rb       |  8 ++++++--
 spec/models/discourse_single_sign_on_spec.rb | 21 ++++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/app/models/discourse_single_sign_on.rb b/app/models/discourse_single_sign_on.rb
index 16496c8e80a..64f77a5839d 100644
--- a/app/models/discourse_single_sign_on.rb
+++ b/app/models/discourse_single_sign_on.rb
@@ -181,8 +181,12 @@ class DiscourseSingleSignOn < SingleSignOn
       user.active = false if require_activation
     end
 
-    if SiteSetting.sso_overrides_username && user.username != username && username.present?
-      user.username = UserNameSuggester.suggest(username || name || email, user.username)
+    if SiteSetting.sso_overrides_username?
+      if user.username.downcase == username.downcase
+        user.username = username # there may be a change of case
+      elsif user.username != username && username.present?
+        user.username = UserNameSuggester.suggest(username || name || email, user.username)
+      end
     end
 
     if SiteSetting.sso_overrides_name && user.name != name && name.present?
diff --git a/spec/models/discourse_single_sign_on_spec.rb b/spec/models/discourse_single_sign_on_spec.rb
index 06c718d560e..a85806e9379 100644
--- a/spec/models/discourse_single_sign_on_spec.rb
+++ b/spec/models/discourse_single_sign_on_spec.rb
@@ -166,6 +166,27 @@ describe DiscourseSingleSignOn do
     expect(add_group4.usernames).to eq(user.username)
   end
 
+  it 'can override username properly when only the case changes' do
+    SiteSetting.sso_overrides_username = true
+
+    sso = DiscourseSingleSignOn.new
+    sso.username = "testuser"
+    sso.name = "test user"
+    sso.email = "test@test.com"
+    sso.external_id = "100"
+    sso.bio = "This **is** the bio"
+    sso.suppress_welcome_message = true
+
+    # create the original user
+    user = sso.lookup_or_create_user(ip_address)
+    expect(user.username).to eq "testuser"
+
+    # change the username case
+    sso.username = "TestUser"
+    user = sso.lookup_or_create_user(ip_address)
+    expect(user.username).to eq "TestUser"
+  end
+
   it "can override name / email / username" do
     admin = Fabricate(:admin)