1
0
mirror of https://github.com/etesync/server synced 2025-01-15 19:10:58 +00:00

Make sure usernames are case insensitive on lookup

This commit is contained in:
Tom Hacohen 2020-07-13 15:26:05 +03:00
parent 5c2f4d96ad
commit a39617cf2e
2 changed files with 6 additions and 3 deletions

View File

@ -100,6 +100,9 @@ class UserSlugRelatedField(serializers.SlugRelatedField):
def __init__(self, **kwargs): def __init__(self, **kwargs):
super().__init__(slug_field=User.USERNAME_FIELD, **kwargs) super().__init__(slug_field=User.USERNAME_FIELD, **kwargs)
def to_internal_value(self, data):
return super().to_internal_value(data.lower())
class ChunksField(serializers.RelatedField): class ChunksField(serializers.RelatedField):
def to_representation(self, obj): def to_representation(self, obj):

View File

@ -439,7 +439,7 @@ class CollectionMemberViewSet(BaseViewSet):
permission_classes = our_base_permission_classes + (permissions.IsCollectionAdmin, ) permission_classes = our_base_permission_classes + (permissions.IsCollectionAdmin, )
queryset = CollectionMember.objects.all() queryset = CollectionMember.objects.all()
serializer_class = CollectionMemberSerializer serializer_class = CollectionMemberSerializer
lookup_field = 'user__' + User.USERNAME_FIELD lookup_field = f'user__{User.USERNAME_FIELD}__iexact'
lookup_url_kwarg = 'username' lookup_url_kwarg = 'username'
stoken_id_fields = ['stoken__id'] stoken_id_fields = ['stoken__id']
@ -559,7 +559,7 @@ class InvitationOutgoingViewSet(InvitationBaseViewSet):
@action_decorator(detail=False, allowed_methods=['GET'], methods=['GET']) @action_decorator(detail=False, allowed_methods=['GET'], methods=['GET'])
def fetch_user_profile(self, request, *args, **kwargs): def fetch_user_profile(self, request, *args, **kwargs):
username = request.GET.get('username') username = request.GET.get('username')
kwargs = {User.USERNAME_FIELD: username} kwargs = {User.USERNAME_FIELD: username.lower()}
user = get_object_or_404(get_user_queryset(User.objects.all(), self), **kwargs) user = get_object_or_404(get_user_queryset(User.objects.all(), self), **kwargs)
user_info = get_object_or_404(UserInfo.objects.all(), owner=user) user_info = get_object_or_404(UserInfo.objects.all(), owner=user)
serializer = UserInfoPubkeySerializer(user_info) serializer = UserInfoPubkeySerializer(user_info)
@ -620,7 +620,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
return Response(data, status=status.HTTP_201_CREATED) return Response(data, status=status.HTTP_201_CREATED)
def get_login_user(self, username): def get_login_user(self, username):
kwargs = {User.USERNAME_FIELD: username} kwargs = {User.USERNAME_FIELD: username.lower()}
return get_object_or_404(self.get_queryset(), **kwargs) return get_object_or_404(self.get_queryset(), **kwargs)
def validate_login_request(self, request, validated_data, response_raw, signature, expected_action): def validate_login_request(self, request, validated_data, response_raw, signature, expected_action):