Merge pull request #520 from openziti/case_insensitive_email

Fix for Email Case Sensitivity (#517)
2024-11-23 00:23:48 +01:00 · 2024-01-08 11:09:43 -05:00 · 2024-01-08 11:09:43 -05:00 · 32c1286bc4
commit 32c1286bc4
parent aef603529f 7a0d835e30
5 changed files with 13 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,8 @@ CHANGE: Updated `github.com/rubenv/sql-migrate` to `v1.6.0`

 FIX: The migration `sqlite3/015_v0_4_19_share_unique_name_constraint.sql` has been adjusted to delete the old `shares_old` table as the last step of the migration process. Not sure exactly why, but SQLite is unhappy otherwise (https://github.com/openziti/zrok/issues/504)

+FIX: Email addresses have been made case-insensitive. Please note that there is a migration included in this release (`016_v0_4_21_lowercase_email.sq`) which will attempt to ensure that allow email addresses in your existing database are stored in lowercase; **if this migration fails you will need to manually remediate the duplicate account entries** (https://github.com/openziti/zrok/issues/517)
+
 ## v0.4.20

 CHANGE: OpenZiti SDK updated to `v0.21.2`. All `ziti.ListenOptions` listener options configured to use `WaitForNEstablishedListeners: 1`. When a `zrok share` client or an `sdk.Share` client are connected to an OpenZiti router that supports "listener established" events, then listen calls will not return until the listener is fully established on the OpenZiti network. Previously a `zrok share` client could report that it is fully operational and listening before the listener is fully established on the OpenZiti network; in practice this produced a very small window of time when the share would not be ready to accept requests. This change eliminates this window of time (https://github.com/openziti/zrok/issues/490)
--- a/controller/store/account.go
+++ b/controller/store/account.go
@ -16,7 +16,7 @@ type Account struct {
 }

 func (str *Store) CreateAccount(a *Account, tx *sqlx.Tx) (int, error) {
-	stmt, err := tx.Prepare("insert into accounts (email, salt, password, token, limitless) values ($1, $2, $3, $4, $5) returning id")
+	stmt, err := tx.Prepare("insert into accounts (email, salt, password, token, limitless) values (lower($1), $2, $3, $4, $5) returning id")
 	if err != nil {
 		return 0, errors.Wrap(err, "error preparing accounts insert statement")
 	}
@ -37,7 +37,7 @@ func (str *Store) GetAccount(id int, tx *sqlx.Tx) (*Account, error) {

 func (str *Store) FindAccountWithEmail(email string, tx *sqlx.Tx) (*Account, error) {
 	a := &Account{}
-	if err := tx.QueryRowx("select * from accounts where email = $1 and not deleted", email).StructScan(a); err != nil {
+	if err := tx.QueryRowx("select * from accounts where email = lower($1) and not deleted", email).StructScan(a); err != nil {
 		return nil, errors.Wrap(err, "error selecting account by email")
 	}
 	return a, nil
@ -45,7 +45,7 @@ func (str *Store) FindAccountWithEmail(email string, tx *sqlx.Tx) (*Account, err

 func (str *Store) FindAccountWithEmailAndDeleted(email string, tx *sqlx.Tx) (*Account, error) {
 	a := &Account{}
-	if err := tx.QueryRowx("select * from accounts where email = $1", email).StructScan(a); err != nil {
+	if err := tx.QueryRowx("select * from accounts where email = lower($1)", email).StructScan(a); err != nil {
 		return nil, errors.Wrap(err, "error selecting acount by email")
 	}
 	return a, nil
@ -60,7 +60,7 @@ func (str *Store) FindAccountWithToken(token string, tx *sqlx.Tx) (*Account, err
 }

 func (str *Store) UpdateAccount(a *Account, tx *sqlx.Tx) (int, error) {
-	stmt, err := tx.Prepare("update accounts set email=$1, salt=$2, password=$3, token=$4, limitless=$5 where id = $6")
+	stmt, err := tx.Prepare("update accounts set email=lower($1), salt=$2, password=$3, token=$4, limitless=$5 where id = $6")
 	if err != nil {
 		return 0, errors.Wrap(err, "error preparing accounts update statement")
 	}
--- a/controller/store/sql/postgresql/016_v0_4_21_lowercase_email.sql
+++ b/controller/store/sql/postgresql/016_v0_4_21_lowercase_email.sql
@ -0,0 +1,3 @@
+-- +migrate Up
+
+update accounts set email = lower(email);
--- a/controller/store/sql/sqlite3/016_v0_4_21_lowercase_email.sql
+++ b/controller/store/sql/sqlite3/016_v0_4_21_lowercase_email.sql
@ -0,0 +1,3 @@
+-- +migrate Up
+
+update accounts set email = lower(email);
--- a/ui/src/console/login/Login.js
+++ b/ui/src/console/login/Login.js
@ -33,7 +33,7 @@ const Login = (props) => {
            .then(resp => {
                if (!resp.error) {
                    let user = {
-                        "email": email,
+                        "email": email.toLowerCase(),
                        "token": resp.data
                    }
                    props.loginSuccess(user)