Make UID case-insensitive

2020-10-18 23:27:23 -05:00
parent 2d97b77bbf
commit 97096f619f
14 changed files with 32 additions and 31 deletions
--- a/app/controllers/api/v1/Auth.controller.js
+++ b/app/controllers/api/v1/Auth.controller.js
@@ -71,7 +71,7 @@ class AuthController extends Controller {
        const user = new User({
            first_name: req.body.first_name,
            last_name: req.body.last_name,
-            uid: req.body.uid,
+            uid: req.body.uid.toLowerCase(),
            email: req.body.email,
            trap: 'password_reset', // Force user to reset password
        })
@@ -297,7 +297,7 @@ class AuthController extends Controller {
                .api()

        const user = new User({
-            uid: req.body.uid,
+            uid: req.body.uid.toLowerCase(),
            email: req.body.email,
            first_name: req.body.first_name,
            last_name: req.body.last_name,
@@ -417,7 +417,7 @@ class AuthController extends Controller {

        user.first_name = req.body.first_name
        user.last_name = req.body.last_name
-        user.uid = req.body.uid
+        user.uid = req.body.uid.toLowerCase()
        user.email = req.body.email

        if ( req.body.tagline )
@@ -493,7 +493,7 @@ class AuthController extends Controller {

        if ( is_valid ) {
            const User = this.models.get('auth:User')
-            const user = await User.findOne({uid: req.body.username})
+            const user = await User.findOne({uid: req.body.username.toLowerCase()})
            if ( !user || !user.can_login ) is_valid = false
        }

@@ -511,7 +511,7 @@ class AuthController extends Controller {
        const data = {}
        if ( req.body.username ) {
            const existing_user = await User.findOne({
-                uid: req.body.username,
+                uid: req.body.username.toLowerCase(),
            })

            data.username_taken = !!existing_user
@@ -544,7 +544,8 @@ class AuthController extends Controller {
                .message(req.T('auth.unable_to_complete'))
                .api({ errors })

-        const login_args = await flitter.get_login_args(req.body)
+        const [username, ...other_args] = await flitter.get_login_args(req.body)
+        const login_args = [username.toLowerCase(), ...other_args]
        const user = await flitter.login.apply(flitter, login_args)

        if ( !user )
--- a/app/controllers/api/v1/LDAP.controller.js
+++ b/app/controllers/api/v1/LDAP.controller.js
@@ -96,7 +96,7 @@ class LDAPController extends Controller {

        // Make sure the uid is free
        const User = this.models.get('auth:User')
-        const existing_user = await User.findOne({ uid: req.body.uid })
+        const existing_user = await User.findOne({ uid: req.body.uid.toLowerCase() })
        if ( existing_user )
            return res.status(400)
                .message(req.T('api.user_already_exists'))
@@ -113,7 +113,7 @@ class LDAPController extends Controller {
        // Create the client
        const Client = this.models.get('ldap:Client')
        const client = await Client.create({
-            uid: req.body.uid,
+            uid: req.body.uid.toLowerCase(),
            password: req.body.password,
            name: req.body.name,
        })
@@ -210,16 +210,16 @@ class LDAPController extends Controller {
        }

        // Update the uid
-        if ( req.body.uid !== user.uid ) {
+        if ( req.body.uid.toLowerCase() !== user.uid ) {
            // Make sure the UID is free
            const User = this.models.get('auth:User')
-            const existing_user = await User.findOne({ uid: req.body.uid })
+            const existing_user = await User.findOne({ uid: req.body.uid.toLowerCase() })
            if ( existing_user )
                return res.status(400)
                    .message(req.T('api.user_already_exists'))
                    .api()

-            user.uid = req.body.uid
+            user.uid = req.body.uid.toLowerCase()
        }

        // Update the password