XML API queries with correct username and password, but where username is not in all lowercase, returns User {0} cannot assume specified role {1}
Background
Legacy usernames seem to be case sensitive, but we don't produce a meaningful error message if a username is supplied with upper case letters
Observed behavior
or
Both return
<crossref_result xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.0" xsi:schemaLocation="http://www.crossref.org/qrschema/2.0 http://www.crossref.org/qrschema/crossref_query_output2.0.xsd">
<query_result version="2.0">
<head>
<email_address>admin@crossref.org</email_address>
<doi_batch_id>none</doi_batch_id>
</head>
<body>
<query status="permission-error">
<msg>User {0} cannot assume specified role {1}</msg>
</query>
</body>
</query_result>
</crossref_result>
In contrast, if you use a completely incorrect username https://doi.crossref.org/search/doi?usr=rdepfix&pwd={password}&format=unixsd&doi=10.1162%2FGLEP_a_00256
Or an incorrect password with a valid username, you get this
<crossref_result xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.0" xsi:schemaLocation="http://www.crossref.org/qrschema/2.0 http://www.crossref.org/qrschema/crossref_query_output2.0.xsd">
<query_result version="2.0">
<head>
<email_address>admin@crossref.org</email_address>
<doi_batch_id>none</doi_batch_id>
</head>
<body>
<query status="permission-error">
<msg>Wrong credentials. Incorrect username or password.</msg>
</query>
</body>
</query_result>
</crossref_result>
So, somehow we recognize that "Crdepfix" is an okay username and that the password provided matches it, but that's not good enough to actually provide the requested response.
Expected behavior
Either usernames should be case insensitive and we should return the requested query results when the username has one or more capital letters, or we should return a message that explains that the username must be in all lowercase letters.
How urgent
Definition of ready
-
Product owner: @ppolischuk1 / @SaraBowman -
Tech lead: -
Service:: or C:: label applied -
Definition of done updated -
Acceptance testing plan: -
Weight applied
Definition of done
-
Unit tests identified, implemented, and passing -
Code reviewed -
Available for acceptance testing via a staging URL, or otherwise -
Consider any impacts to current or future architecture/infrastructure, and update specifications and documentation as needed -
Knowledge base reviewed and updated -
Public documentation reviewed and updated -
Acceptance criteria met -
AC 1 -
AC 2
-
-
Acceptance testing passed -
Deployed to production