Make LoginRateLimiter case insentive

Author: jderusse

RateLimiter/DefaultLoginRateLimiter.php

@@ -41,7 +41,7 @@ protected function getLimiters(Request $request): array
     {
         return [
             $this->globalFactory->create($request->getClientIp()),
-            $this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).'-'.$request->getClientIp()),
+            $this->localFactory->create(strtolower($request->attributes->get(Security::LAST_USERNAME)).'-'.$request->getClientIp()),
         ];
     }
 }

Tests/EventListener/LoginThrottlingListenerTest.php

@@ -73,6 +73,21 @@ public function testPreventsLoginWhenOverLocalThreshold()
         $this->listener->checkPassport($this->createCheckPassportEvent($passport));
     }
 
+    public function testPreventsLoginWithMultipleCase()
+    {
+        $request = $this->createRequest();
+        $passports = [$this->createPassport('wouter'), $this->createPassport('Wouter'), $this->createPassport('wOuter')];
+
+        $this->requestStack->push($request);
+
+        for ($i = 0; $i < 3; ++$i) {
+            $this->listener->checkPassport($this->createCheckPassportEvent($passports[$i % 3]));
+        }
+
+        $this->expectException(TooManyLoginAttemptsAuthenticationException::class);
+        $this->listener->checkPassport($this->createCheckPassportEvent($passports[0]));
+    }
+
     public function testPreventsLoginWhenOverGlobalThreshold()
     {
         $request = $this->createRequest();