From d2328550576a166b72de9637cc61e3fd59c553ae Mon Sep 17 00:00:00 2001 From: Mike Barnes Date: Mon, 21 Sep 2020 13:28:38 +0000 Subject: [PATCH] Force lower case on username comparisons I made some poor assumptions about case-sensitivity in relation to the Mastodon accounts table. Changed now to force username comparison to lower during the select statement, and not trust that we're getting lower case from the ejabberd end, either. This should eliminate the issue of some users being unable to authenticate. --- auth-mastodon.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-mastodon.py b/auth-mastodon.py index 2a1b0bf..ad366dc 100644 --- a/auth-mastodon.py +++ b/auth-mastodon.py @@ -12,7 +12,7 @@ db_name="mastodon" # This is the query that pulls the password hash for the given user. Mastodon doesn't store the domain for local accounts in # the database, so we ignore the host component and try to match username where the domain is NULL. -db_query_getpass="select users.encrypted_password as password from accounts inner join users on accounts.id=users.account_id where accounts.username = %(user)s and accounts.domain is null" +db_query_getpass="select users.encrypted_password as password from accounts inner join users on accounts.id=users.account_id where lower(accounts.username) = %(user)s and accounts.domain is null" ######################################################################## #Setup @@ -97,7 +97,7 @@ def get_password(user, host): # Right now we ignore the host component, as Mastodon doesn't store it for local accounts. # It may be required one day, so the code to handle passing it to the query is left in for now. cursor = database.cursor() - cursor.execute(db_query_getpass, {"user": user, "host": host}) + cursor.execute(db_query_getpass, {"user": user.lower(), "host": host}) data = cursor.fetchone() cursor.close() return data[0] if data != None else None