The Weave.Service.account property holds whatever the user entered for email address/username. If it only contains characters valid for usernames, it is assumed to be a username. Otherwise it's SHA1 hashed and base32 encoded.
The special tab mangling (to avoid broken Basic Auth headers) is now obsolete.
--HG--
rename : services/sync/tests/unit/test_service_checkUsername.js => services/sync/tests/unit/test_service_checkAccount.js
UTF8-encode passwords when creating accounts, changing passwords, and when authenticating. Detect old low-byte only passwords on the server and reupload them as UTF8.