Force lower case on username comparisons

I made some poor assumptions about case-sensitivity in relation to the Mastodon accounts table. Changed now to force username comparison to lower during the select statement, and not trust that we're getting lower case from the ejabberd end, either. This should eliminate the issue of some users being unable to authenticate.
这个提交包含在:
Mike Barnes 2020-09-21 13:28:38 +00:00
父节点 7f69c4a177
当前提交 d232855057
共有 1 个文件被更改,包括 2 次插入2 次删除

查看文件

@ -12,7 +12,7 @@ db_name="mastodon"
# This is the query that pulls the password hash for the given user. Mastodon doesn't store the domain for local accounts in
# the database, so we ignore the host component and try to match username where the domain is NULL.
db_query_getpass="select users.encrypted_password as password from accounts inner join users on accounts.id=users.account_id where accounts.username = %(user)s and accounts.domain is null"
db_query_getpass="select users.encrypted_password as password from accounts inner join users on accounts.id=users.account_id where lower(accounts.username) = %(user)s and accounts.domain is null"
########################################################################
#Setup
@ -97,7 +97,7 @@ def get_password(user, host):
# Right now we ignore the host component, as Mastodon doesn't store it for local accounts.
# It may be required one day, so the code to handle passing it to the query is left in for now.
cursor = database.cursor()
cursor.execute(db_query_getpass, {"user": user, "host": host})
cursor.execute(db_query_getpass, {"user": user.lower(), "host": host})
data = cursor.fetchone()
cursor.close()
return data[0] if data != None else None