Permissions checks should be case-insensitive against login email

Hi,

One of our users reported they were being rejected with 403 Unauthorized when moderating a list they're an owner of.

We're using Ubuntu SSO for login purposes, and we noticed they had an uppercase letter in their email in both account_emailaddress and auth_user tables. We asked them to add the lowercase version of their email and remove the other one, but mailman complained email address is already attached to their account.

We then did some db surgery, updating their email to the lowercase version in both tables, and it resolved their issue.

Authentication should probably do a case-insensitive check of login email against auth database. We're using mailman version: 3.1.1-9 Ubuntu package

On a sidenote: email address was in both account_emailaddress and auth_user, auth_user could also be updated, so it uses account_emailaddress.id instead of having duplicate data.

Could you please let us know if there are other occurrences of email in the schema, and if we should replicate our manual changes in some other tables ?

Thank you! Loïc