diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index c5a00aedcc6..7c2b17c49c2 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -809,7 +809,7 @@ class Session implements IUserSession, Emitter { * Check if login names match */ private function validateTokenLoginName(?string $loginName, IToken $token): bool { - if ($token->getLoginName() !== $loginName) { + if (strtolower($token->getLoginName() ?? '') !== strtolower($loginName ?? '')) { // TODO: this makes it impossible to use different login names on browser and client // e.g. login by e-mail 'user@example.com' on browser for generating the token will not // allow to use the client token with the login name 'user'.