API should treat CRSIds and last names as case insensitive
Description
The CRSId as an object is case insensitive and the last names in the Account model are being used as a credential key, therefore both should be considered equal if they are otherwise identical but with differently cased letters.
Primary rationale for this is that users may not be aware they need to capitalise (or not) these strings, and CRSIds in particular are often capitalised by external systems for seemingly no reason.
Further details
This doesn't necessarily need a change to the database models, although we might want to consider changing that as well. Currently, as crsid is the primary key, accounts MK2155 and mk2155 are considered different - which is not correct! As we receive this data from Jackdaw we might not want to edit it for insertion into the database and we can rely on Jackdaw not sending us duplicate data, but this does worry me.
I think there was quite a lot of discussion around last name collation in the database, and I believe this is definitely correct and should not change.
Task list
Acceptance criteria
-
Calls to the /token/endpoint are successfully authenticated if the CRSId or last name matches an account case-insensitively and the other authentication credentials are correct.