1
0
mirror of https://github.com/laurent22/joplin.git synced 2025-01-17 18:44:45 +02:00

Server: Normalize email addresses before saving them

This commit is contained in:
Laurent Cozic 2021-07-03 16:03:55 +01:00
parent b507fbf837
commit 427218b1f4
3 changed files with 29 additions and 2 deletions

View File

@ -0,0 +1,9 @@
import { DbConnection } from '../db';
export async function up(db: DbConnection): Promise<any> {
await db('users').update({ email: db.raw('LOWER(email)') });
}
export async function down(_db: DbConnection): Promise<any> {
}

View File

@ -84,7 +84,7 @@ export default class UserModel extends BaseModel<User> {
}
public async loadByEmail(email: string): Promise<User> {
const user: User = { email: email };
const user: User = this.formatValues({ email: email });
return this.db<User>(this.tableName).where(user).first();
}
@ -251,6 +251,12 @@ export default class UserModel extends BaseModel<User> {
});
}
private formatValues(user: User): User {
const output: User = { ...user };
if ('email' in output) output.email = user.email.trim().toLowerCase();
return output;
}
// Note that when the "password" property is provided, it is going to be
// hashed automatically. It means that it is not safe to do:
//
@ -259,7 +265,7 @@ export default class UserModel extends BaseModel<User> {
//
// Because the password would be hashed twice.
public async save(object: User, options: SaveOptions = {}): Promise<User> {
const user = { ...object };
const user = this.formatValues(object);
if (user.password) user.password = auth.hashPassword(user.password);

View File

@ -127,6 +127,17 @@ describe('index/users', function() {
expect(loggedInUser.email).toBe('test@example.com');
});
test('should format the email when saving it', async function() {
const email = 'ILikeUppercaseAndSpaces@Example.COM ';
const { session } = await createUserAndSession(1, true);
await postUser(session.id, email, '123456');
const loggedInUser = await models().user().login(email, '123456');
expect(!!loggedInUser).toBe(true);
expect(loggedInUser.email).toBe('ilikeuppercaseandspaces@example.com');
});
test('should not create anything if user creation fail', async function() {
const { session } = await createUserAndSession(1, true);
@ -324,6 +335,7 @@ describe('index/users', function() {
// non-admin cannot change max_item_size
await expectHttpError(async () => patchUser(session1.id, { id: user1.id, max_item_size: 1000 }), ErrorForbidden.httpCode);
await expectHttpError(async () => patchUser(session1.id, { id: user1.id, max_total_item_size: 1000 }), ErrorForbidden.httpCode);
// non-admin cannot change can_share_folder
await models().user().save({ id: user1.id, can_share_folder: 0 });