mirsal/capsul-flask
0
0
Fork 0
forked from 3wordchant/capsul-flask
Code Issues Pull Requests Projects Releases Wiki Activity

fixing login email case sensitivity issues

Browse Source
This commit is contained in:
forest
2020-12-29 18:42:38 -06:00
parent 7f1f5ac976
commit ff38858c74
5 changed files with 45 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
capsulflask/db_model.py
View File

@ -10,18 +10,26 @@ class DBModel:
def login(self, email):
self.cursor.execute("SELECT * FROM accounts WHERE email = %s", (email, ))
if len(self.cursor.fetchall()) == 0:
self.cursor.execute("INSERT INTO accounts (email) VALUES (%s)", (email, ))
hasExactMatch = len(self.cursor.fetchall())
self.cursor.execute("SELECT * FROM accounts WHERE email = %s AND ever_logged_in = TRUE", (email, ))
everLoggedIn = len(self.cursor.fetchall())
ignoreCaseMatches = []
if everLoggedIn == 0:
self.cursor.execute("SELECT email FROM accounts WHERE lower_case_email = %s", (email.lower(), ))
ignoreCaseMatches = self.cursor.fetchall()
if hasExactMatch == 0:
self.cursor.execute("INSERT INTO accounts (email, lower_case_email) VALUES (%s, %s)", (email, email.lower()))
self.cursor.execute("SELECT token FROM login_tokens WHERE email = %s", (email, ))
if len(self.cursor.fetchall()) > 2:
return None
return (None, ignoreCaseMatches)
token = generate()
self.cursor.execute("INSERT INTO login_tokens (email, token) VALUES (%s, %s)", (email, token))
self.connection.commit()
return token
return (token, ignoreCaseMatches)
def consume_token(self, token):
self.cursor.execute("SELECT email FROM login_tokens WHERE token = %s and created > (NOW() - INTERVAL '20 min')", (token, ))
@ -29,6 +37,7 @@ class DBModel:
if row:
email = row[0]
self.cursor.execute("DELETE FROM login_tokens WHERE email = %s", (email, ))
self.cursor.execute("UPDATE accounts SET ever_logged_in = TRUE WHERE email = %s", (email, ))
self.connection.commit()
return email
return None
@ -228,7 +237,7 @@ class DBModel:
if row:
self.cursor.execute( "DELETE FROM unresolved_btcpay_invoices WHERE id = %s", (id,) )
if not completed:
self.cursor.execute("UPDATE payments SET invalidated = True WHERE email = %s id = %s", (row[0], row[1]))
self.cursor.execute("UPDATE payments SET invalidated = TRUE WHERE email = %s id = %s", (row[0], row[1]))
self.connection.commit()
@ -249,7 +258,7 @@ class DBModel:
self.connection.commit()
def all_accounts(self):
self.cursor.execute("SELECT email, account_balance_warning FROM accounts")
self.cursor.execute("SELECT email, account_balance_warning FROM accounts WHERE ever_logged_in = TRUE ")
return list(map(lambda row: dict(email=row[0], account_balance_warning=row[1]), self.cursor.fetchall()))