Fix /login issue causing wrong device list updates

[S7evinK]

Fixes #2914 and possibly #2073?

[codecov]

Codecov Report

Base: 36.48% // Head: 36.58% // Increases project coverage by +0.09% 🎉

Coverage data is based on head (c7e4a29) compared to base (f762ce1).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2922      +/-   ##
==========================================
+ Coverage   36.48%   36.58%   +0.09%     
==========================================
  Files         494      494              
  Lines       54656    54658       +2     
==========================================
+ Hits        19940    19995      +55     
+ Misses      32146    32104      -42     
+ Partials     2570     2559      -11     

Flag	Coverage Δ
unittests	36.58% <100.00%> (+0.09%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
clientapi/auth/password.go	63.01% <100.00%> (+1.04%)	⬆️
keyserver/internal/internal.go	9.76% <0.00%> (+0.16%)	⬆️
roomserver/internal/input/input_events.go	35.06% <0.00%> (+0.53%)	⬆️
roomserver/storage/shared/storage.go	46.01% <0.00%> (+0.84%)	⬆️
roomserver/storage/postgres/events_table.go	66.77% <0.00%> (+0.94%)	⬆️
federationapi/queue/destinationqueue.go	82.53% <0.00%> (+1.40%)	⬆️
roomserver/internal/input/input_latest_events.go	66.15% <0.00%> (+2.28%)	⬆️
roomserver/storage/shared/room_updater.go	59.70% <0.00%> (+2.98%)	⬆️
internal/httputil/rate_limiting.go	63.95% <0.00%> (+3.48%)	⬆️
clientapi/routing/login.go	47.54% <0.00%> (+4.91%)	⬆️
... and 2 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[kegsay]

Make PasswordRequest.Username() return the lower-cased correct username by default please. Then add something like .RawUsername() for matching when there is no matching user.

[S7evinK]

Make PasswordRequest.Username() return the lower-cased correct username by default please. Then add something like .RawUsername() for matching when there is no matching user.

I'm currently not seeing the benefit of that. With that we'd need to actually take care of those cases where we use .Username() right now. e.g. when deactivating an account, we would have to try both cases (raw and lower-cased) instead of setting it correctly once on login.

[kegsay]

The benefit is that you don't need to set the field (or forget to set the field..), and it makes it clear what is processed/validated input vs untrusted/potentially invalid input. When verifying the account exists, we are forced unfortunately to check both, but then once this check has been done then code which just wants to know the username can just call .Username()?

[kegsay]

After talking it through, LGTM