- u = user.User(request, auth_username=username, auth_method=self.name, auth_attribs=('name', 'password', 'email'))
+ # We use the username from the database (real_username)
+ # here, since the username from the request might have
+ # "wrong" casing (and ACL checks are case sensitive).
+ u = user.User(request, auth_username=real_username, auth_method=self.name, auth_attribs=('name', 'password', 'email'))