Yatsuiii 63d93ff211 Normalize stored usernames on auth load ...

verify_password() and create_session() both call .strip().lower() on
the incoming username, but _load() stored keys verbatim from auth.json.
Any mixed-case key (e.g. written by manual edit or a future migration)
would never match, producing a permanent 'Invalid credentials' error.

Fix: lowercase all keys at load time so the in-memory dict always
matches what the login path expects.

Fixes #423

2026-06-02 05:50:36 +09:00

18 KiB

Raw Blame History

View Raw