kallithea Changeset - 2cb54d157d62

Changeset - 2cb54d157d62

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Mads Kiilerich - 6 years ago 2020-03-23 14:32:06
mads@kiilerich.com

Grafted from: 1c4406f918ca

user: make get_by_username_or_email default to treat username case insensitive

The get_by_username_or_email is a flexible function, intended to find users in
multiple ways, suitable for login prompts. The function was sometimes used
with case sensitive user lookup, sometimes without. Instead, be consistent and
just default to be insensitive.

3 files changed with 2 insertions and 5 deletions:

kallithea/controllers/login.py

kallithea/lib/auth_modules/__init__.py

kallithea/model/db.py

0 comments (0 inline, 0 general)

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -73,25 +73,25 @@ class LoginController(BaseController): @@
                 log.error('Invalid came_from (not server-relative): %r', c.came_from)
                 raise HTTPBadRequest()
         else:
             c.came_from = url('home')
         if request.POST:
             # import Login Form validator class
             login_form = LoginForm()()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
                 username = c.form_result['username']
-                user = User.get_by_username_or_email(username, case_insensitive=True)
                 user = User.get_by_username_or_email(username)
                 assert user is not None  # the same user get just passed in the form validation
             except formencode.Invalid as errors:
                 defaults = errors.value
                 # remove password from filling in form again
                 defaults.pop('password', None)
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8",
                     force_defaults=False)

kallithea/lib/auth_modules/__init__.py

➞

Show inline comments

@@ @@ -127,27 +127,24 @@ class KallitheaAuthPluginBase(object): @@
         Helper method for user fetching in plugins, by default it's using
         simple fetch by username, but this method can be customized in plugins
         eg. container auth plugin to fetch user by environ params
         :param username: username if given to fetch from database
         :param kwargs: extra arguments needed for user fetching.
         """
         user = None
         log.debug('Trying to fetch user `%s` from Kallithea database',
                   username)
         if username:
             user = User.get_by_username_or_email(username)
             if user is None:
                 log.debug('Fallback to fetch user in case insensitive mode')
                 user = User.get_by_username(username, case_insensitive=True)
         else:
             log.debug('provided username:`%s` is empty skipping...', username)
         return user
     def settings(self):
         """
         Return a list of the form:
+        [
+            {
                 "name": "OPTION_NAME",
                 "type": "[bool|password|string|int|select]",
                 ["values": ["opt1", "opt2", ...]]

kallithea/model/db.py

➞

Show inline comments

@@ @@ -540,25 +540,25 @@ class User(Base, BaseDbModel): @@
     @classmethod
     def get_or_404(cls, id_, allow_default=True):
         '''
         Overridden version of BaseDbModel.get_or_404, with an extra check on
         the default user.
         '''
         user = super(User, cls).get_or_404(id_)
         if not allow_default and user.is_default_user:
             raise DefaultUserException()
         return user
     @classmethod
-    def get_by_username_or_email(cls, username_or_email, case_insensitive=False, cache=False):
+    def get_by_username_or_email(cls, username_or_email, case_insensitive=True, cache=False):
         """
         For anything that looks like an email address, look up by the email address (matching
         case insensitively).
         For anything else, try to look up by the user name.
         This assumes no normal username can have '@' symbol.
         """
         if '@' in username_or_email:
             return User.get_by_email(username_or_email, cache=cache)
         else:
             return User.get_by_username(username_or_email, case_insensitive=case_insensitive, cache=cache)

0 comments (0 inline, 0 general)