Merge pull request #131 from simple-login/fix-email

make sure to strip and lower email in input
This commit is contained in:
Son Nguyen Kim 2020-04-15 21:14:48 +02:00 committed by GitHub
commit b4211dba78
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 16 additions and 16 deletions

View file

@ -45,7 +45,7 @@ def auth_login():
if not data:
return jsonify(error="request body cannot be empty"), 400
email = data.get("email")
email = data.get("email").strip().lower()
password = data.get("password")
device = data.get("device")
@ -75,7 +75,7 @@ def auth_register():
if not data:
return jsonify(error="request body cannot be empty"), 400
email = data.get("email")
email = data.get("email").strip().lower()
password = data.get("password")
if DISABLE_REGISTRATION:
@ -123,7 +123,7 @@ def auth_activate():
if not data:
return jsonify(error="request body cannot be empty"), 400
email = data.get("email")
email = data.get("email").strip().lower()
code = data.get("code")
user = User.get_by(email=email)
@ -171,7 +171,7 @@ def auth_reactivate():
if not data:
return jsonify(error="request body cannot be empty"), 400
email = data.get("email")
email = data.get("email").strip().lower()
user = User.get_by(email=email)
# do not use a different message to avoid exposing existing email
@ -225,7 +225,7 @@ def auth_facebook():
graph = facebook.GraphAPI(access_token=facebook_token)
user_info = graph.get_object("me", fields="email,name")
email = user_info.get("email")
email = user_info.get("email").strip().lower()
user = User.get_by(email=email)
@ -277,7 +277,7 @@ def auth_google():
build = googleapiclient.discovery.build("oauth2", "v2", credentials=cred)
user_info = build.userinfo().get().execute()
email = user_info.get("email")
email = user_info.get("email").strip().lower()
user = User.get_by(email=email)
@ -335,7 +335,7 @@ def forgot_password():
if not data or not data.get("email"):
return jsonify(error="request body must contain email"), 400
email = data.get("email").lower()
email = data.get("email").strip().lower()
user = User.get_by(email=email)

View file

@ -86,7 +86,7 @@ def facebook_callback():
"https://graph.facebook.com/me?fields=id,name,email,picture{url}"
).json()
email = facebook_user_data.get("email")
email = facebook_user_data.get("email").strip().lower()
# user choose to not share email, cannot continue
if not email:
@ -118,7 +118,7 @@ def facebook_callback():
LOG.d("create facebook user with %s", facebook_user_data)
user = User.create(
email=email.lower(),
email=email,
name=facebook_user_data["name"],
activated=True,
referral=get_referral(),

View file

@ -16,7 +16,7 @@ def forgot_password():
form = ForgotPasswordForm(request.form)
if form.validate_on_submit():
email = form.email.data
email = form.email.data.strip().lower()
user = User.get_by(email=email)

View file

@ -85,7 +85,7 @@ def github_callback():
)
return redirect(url_for("auth.login"))
email = email.lower()
email = email.strip().lower()
user = User.get_by(email=email)
# create user
@ -100,7 +100,7 @@ def github_callback():
LOG.d("create github user")
user = User.create(
email=email.lower(),
email=email,
name=github_user_data.get("name") or "",
activated=True,
referral=get_referral(),

View file

@ -80,7 +80,7 @@ def google_callback():
"https://www.googleapis.com/oauth2/v1/userinfo"
).json()
email = google_user_data["email"]
email = google_user_data["email"].strip().lower()
user = User.get_by(email=email)
picture_url = google_user_data.get("picture")
@ -103,7 +103,7 @@ def google_callback():
LOG.d("create google user with %s", google_user_data)
user = User.create(
email=email.lower(),
email=email,
name=google_user_data["name"],
activated=True,
referral=get_referral(),

View file

@ -25,7 +25,7 @@ def login():
show_resend_activation = False
if form.validate_on_submit():
user = User.filter_by(email=form.email.data).first()
user = User.filter_by(email=form.email.data.strip().lower()).first()
if not user:
flash("Email or password incorrect", "error")

View file

@ -36,7 +36,7 @@ def register():
next_url = request.args.get("next")
if form.validate_on_submit():
email = form.email.data.lower()
email = form.email.data.strip().lower()
if not can_be_used_as_personal_email(email):
flash("You cannot use this email address as your personal inbox.", "error")
else: