paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-09 00:18:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix use of case-sensitive comparisons on email addresses.

Browse Source 
(imported from commit d420169640a9f9c034b3d9ded207e583691f6652)
This commit is contained in:
Tim Abbott
2013-02-28 16:30:46 -05:00
parent 096df2d3da
commit 1e9a85ff05
7 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
zephyr/decorator.py
View File

@@ -61,7 +61,7 @@ def get_tornado_user_profile(user_id):
@cache_with_key(lambda email: 'tornado_user_profile_email:%s' % (email,)) @cache_with_key(lambda email: 'tornado_user_profile_email:%s' % (email,))
def get_tornado_user_profile_by_email(email): def get_tornado_user_profile_by_email(email):
return UserProfile.objects.select_related().get(user__email=email) return UserProfile.objects.select_related().get(user__email__iexact=email)
# authenticated_api_view will add the authenticated user's user_profile to # authenticated_api_view will add the authenticated user's user_profile to
# the view function's arguments list, since we have to look it up # the view function's arguments list, since we have to look it up
@@ -80,7 +80,7 @@ def authenticated_api_view(view_func):
# any mutable fields (just ids plus the realm.domain) # any mutable fields (just ids plus the realm.domain)
user_profile = get_tornado_user_profile_by_email(email) user_profile = get_tornado_user_profile_by_email(email)
else: else:
user_profile = UserProfile.objects.select_related().get(user__email=email) user_profile = UserProfile.objects.select_related().get(user__email__iexact=email)
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
return json_error("Invalid user: %s" % (email,)) return json_error("Invalid user: %s" % (email,))
if api_key != user_profile.api_key: if api_key != user_profile.api_key:

10
zephyr/lib/actions.py
View File

@@ -87,7 +87,7 @@ def compute_mit_user_fullname(email):
@transaction.commit_on_success @transaction.commit_on_success
def create_mit_user_if_needed(realm, email): def create_mit_user_if_needed(realm, email):
try: try:
return UserProfile.objects.get(user__email=email) return UserProfile.objects.get(user__email__iexact=email)
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
try: try:
# Forge a user for this person # Forge a user for this person
@@ -98,7 +98,7 @@ def create_mit_user_if_needed(realm, email):
# Unless we raced with another thread doing the same # Unless we raced with another thread doing the same
# thing, in which case we should get the user they made # thing, in which case we should get the user they made
transaction.commit() transaction.commit()
return UserProfile.objects.get(user__email=email) return UserProfile.objects.get(user__email__iexact=email)
def log_message(message): def log_message(message):
if not message.sending_client.name.startswith("test:"): if not message.sending_client.name.startswith("test:"):
@@ -175,13 +175,13 @@ def internal_send_message(sender_email, recipient_type, recipient,
if len(content) > MAX_MESSAGE_LENGTH: if len(content) > MAX_MESSAGE_LENGTH:
content = content[0:3900] + "\n\n[message was too long and has been truncated]" content = content[0:3900] + "\n\n[message was too long and has been truncated]"
message = Message() message = Message()
message.sender = UserProfile.objects.get(user__email=sender_email) message.sender = UserProfile.objects.get(user__email__iexact=sender_email)
if recipient_type == Recipient.STREAM: if recipient_type == Recipient.STREAM:
stream, _ = create_stream_if_needed(message.sender.realm, recipient) stream, _ = create_stream_if_needed(message.sender.realm, recipient)
type_id = stream.id type_id = stream.id
else: else:
type_id = UserProfile.objects.get(user__email=recipient).id type_id = UserProfile.objects.get(user__email__iexact=recipient).id
message.recipient = Recipient.objects.get(type_id=type_id, type=recipient_type) message.recipient = Recipient.objects.get(type_id=type_id, type=recipient_type)
@@ -273,7 +273,7 @@ def do_create_realm(domain, replay=False):
# Sent a notification message # Sent a notification message
message = Message() message = Message()
message.sender = UserProfile.objects.get(user__email="humbug+signups@humbughq.com") message.sender = UserProfile.objects.get(user__email__iexact="humbug+signups@humbughq.com")
stream, _ = create_stream_if_needed(message.sender.realm, "signups") stream, _ = create_stream_if_needed(message.sender.realm, "signups")
message.recipient = Recipient.objects.get(type_id=stream.id, type=Recipient.STREAM) message.recipient = Recipient.objects.get(type_id=stream.id, type=Recipient.STREAM)
message.subject = domain message.subject = domain

2
zephyr/management/commands/dump_useractivity.py
View File

@@ -15,7 +15,7 @@ def dump():
def restore(change): def restore(change):
for (email, client_name, query, count, timestamp) in simplejson.loads(file("dumped-activity").read()): for (email, client_name, query, count, timestamp) in simplejson.loads(file("dumped-activity").read()):
user_profile = UserProfile.objects.get(user__email=email) user_profile = UserProfile.objects.get(user__email__iexact=email)
client = get_client(client_name) client = get_client(client_name)
last_visit = timestamp_to_datetime(timestamp) last_visit = timestamp_to_datetime(timestamp)
print "%s: activity for %s,%s" % (email, client_name, query) print "%s: activity for %s,%s" % (email, client_name, query)

4
zephyr/management/commands/populate_db.py
View File

@@ -535,13 +535,13 @@ def restore_saved_messages():
continue continue
elif message_type == "user_change_full_name": elif message_type == "user_change_full_name":
# Just handle these the slow way # Just handle these the slow way
user_profile = UserProfile.objects.get(user__email=old_message["user"]) user_profile = UserProfile.objects.get(user__email__iexact=old_message["user"])
user_profile.full_name = old_message["full_name"] user_profile.full_name = old_message["full_name"]
user_profile.save() user_profile.save()
continue continue
elif message_type == "enable_desktop_notifications_changed": elif message_type == "enable_desktop_notifications_changed":
# Just handle these the slow way # Just handle these the slow way
user_profile = UserProfile.objects.get(user__email=old_message["user"]) user_profile = UserProfile.objects.get(user__email__iexact=old_message["user"])
user_profile.enable_desktop_notifications = (old_message["enable_desktop_notifications"] != "false") user_profile.enable_desktop_notifications = (old_message["enable_desktop_notifications"] != "false")
user_profile.save() user_profile.save()
continue continue

2
zephyr/retention_policy.py
View File

@@ -44,7 +44,7 @@ def should_expunge_from_log(msg, now):
user_email = msg['sender_email'] user_email = msg['sender_email']
domain = domain_cache.get(user_email) domain = domain_cache.get(user_email)
if not domain: if not domain:
domain = UserProfile.objects.get(user__email=user_email).realm.domain domain = UserProfile.objects.get(user__email__iexact=user_email).realm.domain
domain_cache[user_email] = domain domain_cache[user_email] = domain
if domain not in max_age: if domain not in max_age:

10
zephyr/tests.py
View File

@@ -78,7 +78,7 @@ class AuthedTestCase(TestCase):
User that has that email. User that has that email.
""" """
# Usernames are unique, even across Realms. # Usernames are unique, even across Realms.
return UserProfile.objects.get(user__email=email) return UserProfile.objects.get(user__email__iexact=email)
def send_message(self, sender_name, recipient_name, message_type): def send_message(self, sender_name, recipient_name, message_type):
sender = self.get_user_profile(sender_name) sender = self.get_user_profile(sender_name)
@@ -720,7 +720,7 @@ class SubscriptionAPITest(AuthedTestCase):
them. them.
""" """
other_email = "iago@humbughq.com" other_email = "iago@humbughq.com"
other_profile = UserProfile.objects.get(user__email=other_email) other_profile = UserProfile.objects.get(user__email__iexact=other_email)
self.assertIsInstance(other_profile, UserProfile) self.assertIsInstance(other_profile, UserProfile)
current_streams = self.get_streams(other_email) current_streams = self.get_streams(other_email)
self.assertNotEqual(len(current_streams), 0) # necessary for full test coverage self.assertNotEqual(len(current_streams), 0) # necessary for full test coverage
@@ -738,7 +738,7 @@ class SubscriptionAPITest(AuthedTestCase):
msg = Message.objects.latest('id') msg = Message.objects.latest('id')
self.assertEqual(msg.recipient.type, msg.recipient.PERSONAL) self.assertEqual(msg.recipient.type, msg.recipient.PERSONAL)
self.assertEqual(msg.sender_id, UserProfile.objects.get( self.assertEqual(msg.sender_id, UserProfile.objects.get(
user__email="humbug+notifications@humbughq.com").id) user__email__iexact="humbug+notifications@humbughq.com").id)
expected_msg = ("Hi there! We thought you'd like to know that %s just " expected_msg = ("Hi there! We thought you'd like to know that %s just "
"subscribed you to the stream '%s'" "subscribed you to the stream '%s'"
% (self.user_profile.full_name, add_streams[0])) % (self.user_profile.full_name, add_streams[0]))
@@ -755,7 +755,7 @@ class SubscriptionAPITest(AuthedTestCase):
invalid_principal = "rosencrantz-and-guildenstern@humbughq.com" invalid_principal = "rosencrantz-and-guildenstern@humbughq.com"
# verify that invalid_principal actually doesn't exist # verify that invalid_principal actually doesn't exist
with self.assertRaises(UserProfile.DoesNotExist): with self.assertRaises(UserProfile.DoesNotExist):
UserProfile.objects.get(user__email=invalid_principal) UserProfile.objects.get(user__email__iexact=invalid_principal)
result = self.client.post("/json/subscriptions/add", result = self.client.post("/json/subscriptions/add",
{"subscriptions": simplejson.dumps(self.streams), {"subscriptions": simplejson.dumps(self.streams),
"principals": simplejson.dumps([invalid_principal])}) "principals": simplejson.dumps([invalid_principal])})
@@ -768,7 +768,7 @@ class SubscriptionAPITest(AuthedTestCase):
realm should return a JSON error. realm should return a JSON error.
""" """
principal = "starnine@mit.edu" principal = "starnine@mit.edu"
profile = UserProfile.objects.get(user__email=principal) profile = UserProfile.objects.get(user__email__iexact=principal)
# verify that principal exists (thus, the reason for the error is the cross-realming) # verify that principal exists (thus, the reason for the error is the cross-realming)
self.assertIsInstance(profile, UserProfile) self.assertIsInstance(profile, UserProfile)
result = self.client.post("/json/subscriptions/add", result = self.client.post("/json/subscriptions/add",

6
zephyr/views.py
View File

@@ -130,7 +130,7 @@ class PrincipalError(JsonableError):
def principal_to_user_profile(agent, principal): def principal_to_user_profile(agent, principal):
principal_doesnt_exist = False principal_doesnt_exist = False
try: try:
principal_user_profile = UserProfile.objects.get(user__email=principal) principal_user_profile = UserProfile.objects.get(user__email__iexact=principal)
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
principal_doesnt_exist = True principal_doesnt_exist = True
@@ -533,7 +533,7 @@ class NarrowBuilder(object):
# Personals with other user; include both directions. # Personals with other user; include both directions.
try: try:
narrow_profile = UserProfile.objects.get(user__email=operand) narrow_profile = UserProfile.objects.get(user__email__iexact=operand)
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
raise BadNarrowOperator('unknown user ' + operand) raise BadNarrowOperator('unknown user ' + operand)
@@ -738,7 +738,7 @@ def create_mirrored_message_users(request, user_profile, recipients):
for email in referenced_users: for email in referenced_users:
create_mit_user_if_needed(user_profile.realm, email) create_mit_user_if_needed(user_profile.realm, email)
sender = UserProfile.objects.get(user__email=sender_email) sender = UserProfile.objects.get(user__email__iexact=sender_email)
return (True, sender) return (True, sender)
def recipient_for_emails(emails, not_forged_zephyr_mirror, user_profile, sender): def recipient_for_emails(emails, not_forged_zephyr_mirror, user_profile, sender):