Merge pull request #131 from simple-login/fix-email
make sure to strip and lower email in input
This commit is contained in:
commit
b4211dba78
|
@ -45,7 +45,7 @@ def auth_login():
|
||||||
if not data:
|
if not data:
|
||||||
return jsonify(error="request body cannot be empty"), 400
|
return jsonify(error="request body cannot be empty"), 400
|
||||||
|
|
||||||
email = data.get("email")
|
email = data.get("email").strip().lower()
|
||||||
password = data.get("password")
|
password = data.get("password")
|
||||||
device = data.get("device")
|
device = data.get("device")
|
||||||
|
|
||||||
|
@ -75,7 +75,7 @@ def auth_register():
|
||||||
if not data:
|
if not data:
|
||||||
return jsonify(error="request body cannot be empty"), 400
|
return jsonify(error="request body cannot be empty"), 400
|
||||||
|
|
||||||
email = data.get("email")
|
email = data.get("email").strip().lower()
|
||||||
password = data.get("password")
|
password = data.get("password")
|
||||||
|
|
||||||
if DISABLE_REGISTRATION:
|
if DISABLE_REGISTRATION:
|
||||||
|
@ -123,7 +123,7 @@ def auth_activate():
|
||||||
if not data:
|
if not data:
|
||||||
return jsonify(error="request body cannot be empty"), 400
|
return jsonify(error="request body cannot be empty"), 400
|
||||||
|
|
||||||
email = data.get("email")
|
email = data.get("email").strip().lower()
|
||||||
code = data.get("code")
|
code = data.get("code")
|
||||||
|
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
@ -171,7 +171,7 @@ def auth_reactivate():
|
||||||
if not data:
|
if not data:
|
||||||
return jsonify(error="request body cannot be empty"), 400
|
return jsonify(error="request body cannot be empty"), 400
|
||||||
|
|
||||||
email = data.get("email")
|
email = data.get("email").strip().lower()
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
# do not use a different message to avoid exposing existing email
|
# do not use a different message to avoid exposing existing email
|
||||||
|
@ -225,7 +225,7 @@ def auth_facebook():
|
||||||
|
|
||||||
graph = facebook.GraphAPI(access_token=facebook_token)
|
graph = facebook.GraphAPI(access_token=facebook_token)
|
||||||
user_info = graph.get_object("me", fields="email,name")
|
user_info = graph.get_object("me", fields="email,name")
|
||||||
email = user_info.get("email")
|
email = user_info.get("email").strip().lower()
|
||||||
|
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
|
@ -277,7 +277,7 @@ def auth_google():
|
||||||
build = googleapiclient.discovery.build("oauth2", "v2", credentials=cred)
|
build = googleapiclient.discovery.build("oauth2", "v2", credentials=cred)
|
||||||
|
|
||||||
user_info = build.userinfo().get().execute()
|
user_info = build.userinfo().get().execute()
|
||||||
email = user_info.get("email")
|
email = user_info.get("email").strip().lower()
|
||||||
|
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
|
@ -335,7 +335,7 @@ def forgot_password():
|
||||||
if not data or not data.get("email"):
|
if not data or not data.get("email"):
|
||||||
return jsonify(error="request body must contain email"), 400
|
return jsonify(error="request body must contain email"), 400
|
||||||
|
|
||||||
email = data.get("email").lower()
|
email = data.get("email").strip().lower()
|
||||||
|
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
|
|
|
@ -86,7 +86,7 @@ def facebook_callback():
|
||||||
"https://graph.facebook.com/me?fields=id,name,email,picture{url}"
|
"https://graph.facebook.com/me?fields=id,name,email,picture{url}"
|
||||||
).json()
|
).json()
|
||||||
|
|
||||||
email = facebook_user_data.get("email")
|
email = facebook_user_data.get("email").strip().lower()
|
||||||
|
|
||||||
# user choose to not share email, cannot continue
|
# user choose to not share email, cannot continue
|
||||||
if not email:
|
if not email:
|
||||||
|
@ -118,7 +118,7 @@ def facebook_callback():
|
||||||
|
|
||||||
LOG.d("create facebook user with %s", facebook_user_data)
|
LOG.d("create facebook user with %s", facebook_user_data)
|
||||||
user = User.create(
|
user = User.create(
|
||||||
email=email.lower(),
|
email=email,
|
||||||
name=facebook_user_data["name"],
|
name=facebook_user_data["name"],
|
||||||
activated=True,
|
activated=True,
|
||||||
referral=get_referral(),
|
referral=get_referral(),
|
||||||
|
|
|
@ -16,7 +16,7 @@ def forgot_password():
|
||||||
form = ForgotPasswordForm(request.form)
|
form = ForgotPasswordForm(request.form)
|
||||||
|
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
email = form.email.data
|
email = form.email.data.strip().lower()
|
||||||
|
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
|
|
|
@ -85,7 +85,7 @@ def github_callback():
|
||||||
)
|
)
|
||||||
return redirect(url_for("auth.login"))
|
return redirect(url_for("auth.login"))
|
||||||
|
|
||||||
email = email.lower()
|
email = email.strip().lower()
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
# create user
|
# create user
|
||||||
|
@ -100,7 +100,7 @@ def github_callback():
|
||||||
|
|
||||||
LOG.d("create github user")
|
LOG.d("create github user")
|
||||||
user = User.create(
|
user = User.create(
|
||||||
email=email.lower(),
|
email=email,
|
||||||
name=github_user_data.get("name") or "",
|
name=github_user_data.get("name") or "",
|
||||||
activated=True,
|
activated=True,
|
||||||
referral=get_referral(),
|
referral=get_referral(),
|
||||||
|
|
|
@ -80,7 +80,7 @@ def google_callback():
|
||||||
"https://www.googleapis.com/oauth2/v1/userinfo"
|
"https://www.googleapis.com/oauth2/v1/userinfo"
|
||||||
).json()
|
).json()
|
||||||
|
|
||||||
email = google_user_data["email"]
|
email = google_user_data["email"].strip().lower()
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
picture_url = google_user_data.get("picture")
|
picture_url = google_user_data.get("picture")
|
||||||
|
@ -103,7 +103,7 @@ def google_callback():
|
||||||
|
|
||||||
LOG.d("create google user with %s", google_user_data)
|
LOG.d("create google user with %s", google_user_data)
|
||||||
user = User.create(
|
user = User.create(
|
||||||
email=email.lower(),
|
email=email,
|
||||||
name=google_user_data["name"],
|
name=google_user_data["name"],
|
||||||
activated=True,
|
activated=True,
|
||||||
referral=get_referral(),
|
referral=get_referral(),
|
||||||
|
|
|
@ -25,7 +25,7 @@ def login():
|
||||||
show_resend_activation = False
|
show_resend_activation = False
|
||||||
|
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
user = User.filter_by(email=form.email.data).first()
|
user = User.filter_by(email=form.email.data.strip().lower()).first()
|
||||||
|
|
||||||
if not user:
|
if not user:
|
||||||
flash("Email or password incorrect", "error")
|
flash("Email or password incorrect", "error")
|
||||||
|
|
|
@ -36,7 +36,7 @@ def register():
|
||||||
next_url = request.args.get("next")
|
next_url = request.args.get("next")
|
||||||
|
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
email = form.email.data.lower()
|
email = form.email.data.strip().lower()
|
||||||
if not can_be_used_as_personal_email(email):
|
if not can_be_used_as_personal_email(email):
|
||||||
flash("You cannot use this email address as your personal inbox.", "error")
|
flash("You cannot use this email address as your personal inbox.", "error")
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in a new issue