lowercase all hashes

server.py

@@ -59,7 +59,7 @@ def api_method(function):
                 if not user:
                     raise BBJUserError("User %s is not registered" % username)
 
-                elif auth != user["auth_hash"]:
+                elif auth.lower() != user["auth_hash"].lower():
                     raise BBJException(5, "Invalid authorization key for user.")
 
             # api_methods may choose to bind a usermap into the thread_data
@@ -233,7 +233,7 @@ class API(object):
         """
         validate(args, ["target_user", "target_hash"])
         user = db.user_resolve(database, args["target_user"], return_false=False)
-        return args["target_hash"] == user["auth_hash"]
+        return args["target_hash"].lower() == user["auth_hash"].lower()
 
 
     @api_method

src/db.py

@@ -338,7 +338,7 @@ def user_register(connection, user_name, auth_hash):
         raise BBJUserError("Username already registered")
 
     scheme = schema.user_internal(
-        uuid1().hex, user_name, auth_hash,
+        uuid1().hex, user_name, auth_hash.lower(),
         "", "", 0, False, time())
 
     connection.execute("""
@@ -391,6 +391,8 @@ def user_update(connection, user_object, parameters):
         # bool(0) == False hur hur hurrrrrr ::drools::
         if value == 0 or value:
             validate([(key, value)])
+            if key == "auth_hash":
+                value = value.lower()
             user_object[key] = value
 
     values = ordered_keys(user_object,

src/schema.py

@@ -83,7 +83,7 @@ def user_internal(
     return {
         "user_id":   user_id,
         "user_name": user_name,
-        "auth_hash": auth_hash,
+        "auth_hash": auth_hash.lower(),
         "quip":      quip,
         "bio":       bio,
         "color":     color,