kallithea Changeset - b3a51c3987be

Changeset - b3a51c3987be

Parent rev.

Child rev.

[Not reviewed]

default

0 5 0

Andrew Shadura - 10 years ago 2016-01-30 12:15:23
andrew@shadura.me

db: always match user emails case insensitively

This commit removes case-sensitive email matching.
It also adds a couple of tests which fail, to demonstrate a defect in the
current implementation (using ILIKE matching instead of case-insensitive
equality comparison).

5 files changed with 16 insertions and 12 deletions:

kallithea/controllers/api/api.py

kallithea/lib/helpers.py

kallithea/model/db.py

kallithea/model/validators.py

kallithea/tests/models/test_users.py

0 comments (0 inline, 0 general)

kallithea/controllers/api/api.py

➞

Show inline comments

@@ @@ -653,49 +653,49 @@ class ApiController(JSONRPCController): @@
             id : <id_given_in_input>
             result: {
                       "msg" : "created new user `<username>`",
                       "user": <user_obj>
+                    }
             error:  null
         ERROR OUTPUT::
           id : <id_given_in_input>
           result : null
           error :  {
             "user `<username>` already exist"
             or
             "email `<email>` already exist"
             or
             "failed to create user `<username>`"
+          }
         """
         if User.get_by_username(username):
             raise JSONRPCError("user `%s` already exist" % (username,))
-        if User.get_by_email(email, case_insensitive=True):
         if User.get_by_email(email):
             raise JSONRPCError("email `%s` already exist" % (email,))
         if Optional.extract(extern_name):
             # generate temporary password if user is external
             password = PasswordGenerator().gen_password(length=8)
         try:
             user = UserModel().create_or_update(
                 username=Optional.extract(username),
                 password=Optional.extract(password),
                 email=Optional.extract(email),
                 firstname=Optional.extract(firstname),
                 lastname=Optional.extract(lastname),
                 active=Optional.extract(active),
                 admin=Optional.extract(admin),
                 extern_type=Optional.extract(extern_type),
                 extern_name=Optional.extract(extern_name)
+            )
             Session().commit()
             return dict(
                 msg='created new user `%s`' % username,
                 user=user.get_api_data()
+            )
         except Exception:

kallithea/lib/helpers.py

➞

Show inline comments

@@ @@ -459,49 +459,49 @@ def fmt_date(date): @@
 def is_git(repository):
     if hasattr(repository, 'alias'):
         _type = repository.alias
     elif hasattr(repository, 'repo_type'):
         _type = repository.repo_type
     else:
         _type = repository
     return _type == 'git'
 def is_hg(repository):
     if hasattr(repository, 'alias'):
         _type = repository.alias
     elif hasattr(repository, 'repo_type'):
         _type = repository.repo_type
     else:
         _type = repository
     return _type == 'hg'
 def user_or_none(author):
     email = author_email(author)
     if email:
-        user = User.get_by_email(email, case_insensitive=True, cache=True)
         user = User.get_by_email(email, cache=True)
         if user is not None:
             return user
     return None
 def email_or_none(author):
     if not author:
         return None
     user = user_or_none(author)
     if user is not None:
         return user.email # always use main email address - not necessarily the one used to find user
     # extract email from the commit string
     email = author_email(author)
     if email:
         return email
     # No valid email, not a valid user in the system, none!
     return None
 def person(author, show_attr="username"):
     """Find the user identified by 'author', return one of the users attributes,
     default to the username attribute, None if there is no user"""
     # attr to return from fetched user
     person_getter = lambda usr: getattr(usr, show_attr)

kallithea/model/db.py

➞

Show inline comments

@@ @@ -570,86 +570,80 @@ class User(Base, BaseModel): @@
     @classmethod
     def get_by_api_key(cls, api_key, cache=False, fallback=True):
         if len(api_key) != 40 or not api_key.isalnum():
             return None
         q = cls.query().filter(cls.api_key == api_key)
         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_api_key_%s" % api_key))
         res = q.scalar()
         if fallback and not res:
             #fallback to additional keys
             _res = UserApiKeys.query() \
                 .filter(UserApiKeys.api_key == api_key) \
                 .filter(or_(UserApiKeys.expires == -1,
                             UserApiKeys.expires >= time.time())) \
                 .first()
             if _res:
                 res = _res.user
         return res
     @classmethod
     def get_by_email(cls, email, case_insensitive=False, cache=False):
         if case_insensitive:
     def get_by_email(cls, email, cache=False):
             q = cls.query().filter(cls.email.ilike(email))
         else:
             q = cls.query().filter(cls.email == email)
         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_email_key_%s" % email))
         ret = q.scalar()
         if ret is None:
             q = UserEmailMap.query()
             # try fetching in alternate email map
             if case_insensitive:
                 q = q.filter(UserEmailMap.email.ilike(email))
             else:
                 q = q.filter(UserEmailMap.email == email)
             q = q.options(joinedload(UserEmailMap.user))
             if cache:
                 q = q.options(FromCache("sql_cache_short",
                                         "get_email_map_key_%s" % email))
             ret = getattr(q.scalar(), 'user', None)
         return ret
     @classmethod
     def get_from_cs_author(cls, author):
         """
         Tries to get User objects out of commit author string
         :param author:
         """
         from kallithea.lib.helpers import email, author_name
         # Valid email in the attribute passed, see if they're in the system
         _email = email(author)
         if _email:
-            user = cls.get_by_email(_email, case_insensitive=True)
             user = cls.get_by_email(_email)
             if user is not None:
                 return user
         # Maybe we can match by username?
         _author = author_name(author)
         user = cls.get_by_username(_author, case_insensitive=True)
         if user is not None:
             return user
     def update_lastlogin(self):
         """Update user lastlogin"""
         self.last_login = datetime.datetime.now()
         Session().add(self)
         log.debug('updated user %s lastlogin', self.username)
     @classmethod
     def get_first_admin(cls):
         user = User.query().filter(User.admin == True).first()
         if user is None:
             raise Exception('Missing administrative account!')
         return user
     @classmethod
     def get_default_user(cls, cache=False):
         user = User.get_by_username(User.DEFAULT_USER, cache=cache)

kallithea/model/validators.py

➞

Show inline comments

@@ @@ -698,68 +698,68 @@ def ValidPath(): @@
+        }
         def validate_python(self, value, state):
             if not os.path.isdir(value):
                 msg = M(self, 'invalid_path', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(paths_root_path=msg)
+                )
     return _validator
 def UniqSystemEmail(old_data=None):
     old_data = old_data or {}
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'email_taken': _('This email address is already in use')
+        }
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
             if (old_data.get('email') or '').lower() != value:
-                user = User.get_by_email(value, case_insensitive=True)
                 user = User.get_by_email(value)
                 if user is not None:
                     msg = M(self, 'email_taken', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(email=msg)
+                    )
     return _validator
 def ValidSystemEmail():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'non_existing_email': _('Email address "%(email)s" not found')
+        }
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
-            user = User.get_by_email(value, case_insensitive=True)
             user = User.get_by_email(value)
             if user is None:
                 msg = M(self, 'non_existing_email', state, email=value)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(email=msg)
+                )
     return _validator
 def LdapLibValidator():
     class _validator(formencode.validators.FancyValidator):
         messages = {
+        }
         def validate_python(self, value, state):
             try:
                 import ldap
                 ldap  # pyflakes silence !
             except ImportError:
                 raise LdapImportError()
     return _validator

kallithea/tests/models/test_users.py

➞

Show inline comments

@@ @@ -51,58 +51,68 @@ class TestUser(BaseTestCase): @@
         def do():
             m = UserEmailMap()
             m.email = u'main_email@example.com'
             m.user = usr
             Session().add(m)
             Session().commit()
         self.assertRaises(AttributeError, do)
         UserModel().delete(usr.user_id)
         Session().commit()
     def test_extra_email_map(self):
         usr = UserModel().create_or_update(username=u'test_user',
                                            password=u'qweqwe',
                                      email=u'main_email@example.com',
                                      firstname=u'u1', lastname=u'u1')
         Session().commit()
         m = UserEmailMap()
         m.email = u'main_email2@example.com'
         m.user = usr
         Session().add(m)
         Session().commit()
         u = User.get_by_email(email='MAIN_email@example.com')
         self.assertEqual(usr.user_id, u.user_id)
         self.assertEqual(usr.username, u.username)
         u = User.get_by_email(email='main_email@example.com')
         self.assertEqual(usr.user_id, u.user_id)
         self.assertEqual(usr.username, u.username)
         u = User.get_by_email(email='main_email2@example.com')
         self.assertEqual(usr.user_id, u.user_id)
         self.assertEqual(usr.username, u.username)
         u = User.get_by_email(email='main_email3@example.com')
         self.assertEqual(None, u)
         u = User.get_by_email(email='main_e%ail@example.com')
         self.assertEqual(None, u)
         u = User.get_by_email(email='main_emai_@example.com')
         self.assertEqual(None, u)
         UserModel().delete(usr.user_id)
         Session().commit()
 class TestUsers(BaseTestCase):
     def __init__(self, methodName='runTest'):
         super(TestUsers, self).__init__(methodName=methodName)
     def setUp(self):
         self.u1 = UserModel().create_or_update(username=u'u1',
                                         password=u'qweqwe',
                                         email=u'u1@example.com',
                                         firstname=u'u1', lastname=u'u1')
     def tearDown(self):
         perm = Permission.query().all()
         for p in perm:
             UserModel().revoke_perm(self.u1, p)
         UserModel().delete(self.u1)
         Session().commit()
         Session.remove()

0 comments (0 inline, 0 general)