kallithea Changeset - b3a51c3987be

Changeset - b3a51c3987be

Parent rev.

Child rev.

[Not reviewed]

default

0 5 0

Andrew Shadura - 10 years ago 2016-01-30 12:15:23
andrew@shadura.me

db: always match user emails case insensitively

This commit removes case-sensitive email matching.
It also adds a couple of tests which fail, to demonstrate a defect in the
current implementation (using ILIKE matching instead of case-insensitive
equality comparison).

5 files changed with 18 insertions and 14 deletions:

kallithea/controllers/api/api.py

kallithea/lib/helpers.py

kallithea/model/db.py

kallithea/model/validators.py

kallithea/tests/models/test_users.py

0 comments (0 inline, 0 general)

kallithea/controllers/api/api.py

➞

Show inline comments

@@ @@ -671,13 +671,13 @@ class ApiController(JSONRPCController): @@
         """
         if User.get_by_username(username):
             raise JSONRPCError("user `%s` already exist" % (username,))
-        if User.get_by_email(email, case_insensitive=True):
         if User.get_by_email(email):
             raise JSONRPCError("email `%s` already exist" % (email,))
         if Optional.extract(extern_name):
             # generate temporary password if user is external
             password = PasswordGenerator().gen_password(length=8)

kallithea/lib/helpers.py

➞

Show inline comments

@@ @@ -477,13 +477,13 @@ def is_hg(repository): @@
     return _type == 'hg'
 def user_or_none(author):
     email = author_email(author)
     if email:
-        user = User.get_by_email(email, case_insensitive=True, cache=True)
         user = User.get_by_email(email, cache=True)
         if user is not None:
             return user
     return None
 def email_or_none(author):
     if not author:

kallithea/model/db.py

➞

Show inline comments

@@ @@ -588,30 +588,24 @@ class User(Base, BaseModel): @@
                 .first()
             if _res:
                 res = _res.user
         return res
     @classmethod
     def get_by_email(cls, email, case_insensitive=False, cache=False):
         if case_insensitive:
             q = cls.query().filter(cls.email.ilike(email))
         else:
             q = cls.query().filter(cls.email == email)
     def get_by_email(cls, email, cache=False):
         q = cls.query().filter(cls.email.ilike(email))
         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_email_key_%s" % email))
         ret = q.scalar()
         if ret is None:
             q = UserEmailMap.query()
             # try fetching in alternate email map
             if case_insensitive:
                 q = q.filter(UserEmailMap.email.ilike(email))
             else:
                 q = q.filter(UserEmailMap.email == email)
             q = q.filter(UserEmailMap.email.ilike(email))
             q = q.options(joinedload(UserEmailMap.user))
             if cache:
                 q = q.options(FromCache("sql_cache_short",
                                         "get_email_map_key_%s" % email))
             ret = getattr(q.scalar(), 'user', None)
@@ @@ -625,13 +619,13 @@ class User(Base, BaseModel): @@
         :param author:
         """
         from kallithea.lib.helpers import email, author_name
         # Valid email in the attribute passed, see if they're in the system
         _email = email(author)
         if _email:
-            user = cls.get_by_email(_email, case_insensitive=True)
             user = cls.get_by_email(_email)
             if user is not None:
                 return user
         # Maybe we can match by username?
         _author = author_name(author)
         user = cls.get_by_username(_author, case_insensitive=True)
         if user is not None:

kallithea/model/validators.py

➞

Show inline comments

@@ @@ -716,13 +716,13 @@ def UniqSystemEmail(old_data=None): @@
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
             if (old_data.get('email') or '').lower() != value:
-                user = User.get_by_email(value, case_insensitive=True)
                 user = User.get_by_email(value)
                 if user is not None:
                     msg = M(self, 'email_taken', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(email=msg)
+                    )
     return _validator
@@ @@ -735,13 +735,13 @@ def ValidSystemEmail(): @@
+        }
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
-            user = User.get_by_email(value, case_insensitive=True)
             user = User.get_by_email(value)
             if user is None:
                 msg = M(self, 'non_existing_email', state, email=value)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(email=msg)
+                )

kallithea/tests/models/test_users.py

➞

Show inline comments

@@ @@ -69,22 +69,32 @@ class TestUser(BaseTestCase): @@
         m = UserEmailMap()
         m.email = u'main_email2@example.com'
         m.user = usr
         Session().add(m)
         Session().commit()
         u = User.get_by_email(email='MAIN_email@example.com')
         self.assertEqual(usr.user_id, u.user_id)
         self.assertEqual(usr.username, u.username)
         u = User.get_by_email(email='main_email@example.com')
         self.assertEqual(usr.user_id, u.user_id)
         self.assertEqual(usr.username, u.username)
         u = User.get_by_email(email='main_email2@example.com')
         self.assertEqual(usr.user_id, u.user_id)
         self.assertEqual(usr.username, u.username)
         u = User.get_by_email(email='main_email3@example.com')
         self.assertEqual(None, u)
         u = User.get_by_email(email='main_e%ail@example.com')
         self.assertEqual(None, u)
         u = User.get_by_email(email='main_emai_@example.com')
         self.assertEqual(None, u)
         UserModel().delete(usr.user_id)
         Session().commit()
 class TestUsers(BaseTestCase):

0 comments (0 inline, 0 general)