Trying to log in using my username ____ doesn't work, it displays this error (this bug has existed since I created the account):
Today I discovered a workaround, I can log in if I prepend a \ to my username:
It also works if I write my username like this \_\_\_\_
Using a single _ for the username (and removing the minlength of 3 of the field with the html inspector) logs me in too, but not into this account, I get logged in into my @Lee account that has the same password:
I haven't read the code (I don't think I can, I never managed to learn Rust) but my theory is that _ is being used as a placeholder or matchall value when comparing usernames and emails. If I escape it with \ it works because it matches my username. If I write a single unescaped _ it logs me into my other account because the email of that account is set to a single character "@" which should match a single matchall underscore.
Edit: the autocomplete field in the block users page seems to confirm my theory as it matches any username as long or longer than the number of underscores I write:
We did originally want to force usernames to be lowercase (to prevent confusing name conflicts, but haven't forced any DB constraints on that yet, only for the actor_id column it looks like). For now due to the security implications, it makes sense to use
eqinstead ofilike.