update w.r.t. /private config

waTeim · waTeim · commit eb74e2e7aa39 · 2026-04-06T14:06:48.000-04:00
diff --git a/appstore/core/tests.py b/appstore/core/tests.py
@@ -43,6 +43,20 @@ def test_auth_nonloggedin_user(self):
         self.assertTrue(isinstance(response, HttpResponseRedirect))
         self.assertEqual(response.url, "/accounts/login?next=/auth/")
 
+    def test_auth_normalizes_remote_user_to_lowercase(self):
+        mixed_user = User.objects.create_superuser(
+            username="waTeim",
+            email="wateim@example.com",
+            password="admin2",
+        )
+        self.client.login(username="waTeim", password="admin2")
+
+        response = self.client.get("/auth/")
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.headers.get("REMOTE_USER"), "wateim")
+        mixed_user.delete()
+
     @patch("core.views._get_helxinst_manager")
     def test_private_route_redirects_guid_to_controller_uuid(self, mock_get_helxinst_manager):
         mock_mgr = Mock()
diff --git a/appstore/core/views.py b/appstore/core/views.py
@@ -74,7 +74,7 @@ def auth_identity(request):
         token = UserIdentityToken.objects.get(token=raw_token)
         if not token.valid:
             return HttpResponse("The token is expired. Try restarting the app.", status=401)
-        remote_user = token.user.get_username()
+        remote_user = token.user.get_username().lower()
         response = HttpResponse(remote_user, status=200)
         response["REMOTE_USER"] = remote_user
         response["ACCESS_TOKEN"] = token.token
@@ -90,23 +90,24 @@ def auth(request):
     used to test authentication of a principal before proxying a request upstream."""
     if request.user and request.user.is_authenticated:
         try:
+            remote_user = request.user.get_username().lower()
             response = HttpResponse(content_type="application/json", status=200)
-            response["REMOTE_USER"] = request.user
+            response["REMOTE_USER"] = remote_user
             access_token = get_access_token(request)
             response["ACCESS_TOKEN"] = access_token
             logger.debug(
                 f"----------> remote user and corresponding access token added to the response ----- {response['REMOTE_USER']}"
             )
         except Exception as e:
             response = HttpResponse(content_type="application/json", status=403)
-            response["REMOTE_USER"] = request.user
+            response["REMOTE_USER"] = request.user.get_username().lower()
             logger.debug(
                 f"----------> exception {e.__class__.__name__} \
                 with the remote user ----- {request.user} "
             )
     else:
         response = HttpResponse(content_type="application/json", status=403)
-        response["REMOTE_USER"] = request.user
+        response["REMOTE_USER"] = str(request.user).lower()
         logger.debug(
             f"----------> user is not authenticated on the server ----- {request.user}"
         )
