Browse Source

Force lower case on username comparisons

I made some poor assumptions about case-sensitivity in relation to the Mastodon accounts table. Changed now to force username comparison to lower during the select statement, and not trust that we're getting lower case from the ejabberd end, either. This should eliminate the issue of some users being unable to authenticate.
master
Mike Barnes 3 months ago
parent
commit
d232855057
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      auth-mastodon.py

+ 2
- 2
auth-mastodon.py View File

@@ -12,7 +12,7 @@ db_name="mastodon"

# This is the query that pulls the password hash for the given user. Mastodon doesn't store the domain for local accounts in
# the database, so we ignore the host component and try to match username where the domain is NULL.
db_query_getpass="select users.encrypted_password as password from accounts inner join users on accounts.id=users.account_id where accounts.username = %(user)s and accounts.domain is null"
db_query_getpass="select users.encrypted_password as password from accounts inner join users on accounts.id=users.account_id where lower(accounts.username) = %(user)s and accounts.domain is null"

########################################################################
#Setup
@@ -97,7 +97,7 @@ def get_password(user, host):
# Right now we ignore the host component, as Mastodon doesn't store it for local accounts.
# It may be required one day, so the code to handle passing it to the query is left in for now.
cursor = database.cursor()
cursor.execute(db_query_getpass, {"user": user, "host": host})
cursor.execute(db_query_getpass, {"user": user.lower(), "host": host})
data = cursor.fetchone()
cursor.close()
return data[0] if data != None else None


Loading…
Cancel
Save