From 7a0d835e30e1b31dfcd86a91314a87675b35d3f2 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 8 Jan 2024 10:50:19 -0500 Subject: [PATCH] fix for case sensitive email addresses (#517) --- CHANGELOG.md | 2 ++ controller/store/account.go | 8 ++++---- .../store/sql/postgresql/016_v0_4_21_lowercase_email.sql | 3 +++ .../store/sql/sqlite3/016_v0_4_21_lowercase_email.sql | 3 +++ ui/src/console/login/Login.js | 2 +- 5 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 controller/store/sql/postgresql/016_v0_4_21_lowercase_email.sql create mode 100644 controller/store/sql/sqlite3/016_v0_4_21_lowercase_email.sql diff --git a/CHANGELOG.md b/CHANGELOG.md index e089297a..17efe8d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ CHANGE: Updated `github.com/rubenv/sql-migrate` to `v1.6.0` FIX: The migration `sqlite3/015_v0_4_19_share_unique_name_constraint.sql` has been adjusted to delete the old `shares_old` table as the last step of the migration process. Not sure exactly why, but SQLite is unhappy otherwise (https://github.com/openziti/zrok/issues/504) +FIX: Email addresses have been made case-insensitive. Please note that there is a migration included in this release (`016_v0_4_21_lowercase_email.sq`) which will attempt to ensure that allow email addresses in your existing database are stored in lowercase; **if this migration fails you will need to manually remediate the duplicate account entries** (https://github.com/openziti/zrok/issues/517) + ## v0.4.20 CHANGE: OpenZiti SDK updated to `v0.21.2`. All `ziti.ListenOptions` listener options configured to use `WaitForNEstablishedListeners: 1`. When a `zrok share` client or an `sdk.Share` client are connected to an OpenZiti router that supports "listener established" events, then listen calls will not return until the listener is fully established on the OpenZiti network. Previously a `zrok share` client could report that it is fully operational and listening before the listener is fully established on the OpenZiti network; in practice this produced a very small window of time when the share would not be ready to accept requests. This change eliminates this window of time (https://github.com/openziti/zrok/issues/490) diff --git a/controller/store/account.go b/controller/store/account.go index 4ccb7a94..7f1d683d 100644 --- a/controller/store/account.go +++ b/controller/store/account.go @@ -16,7 +16,7 @@ type Account struct { } func (str *Store) CreateAccount(a *Account, tx *sqlx.Tx) (int, error) { - stmt, err := tx.Prepare("insert into accounts (email, salt, password, token, limitless) values ($1, $2, $3, $4, $5) returning id") + stmt, err := tx.Prepare("insert into accounts (email, salt, password, token, limitless) values (lower($1), $2, $3, $4, $5) returning id") if err != nil { return 0, errors.Wrap(err, "error preparing accounts insert statement") } @@ -37,7 +37,7 @@ func (str *Store) GetAccount(id int, tx *sqlx.Tx) (*Account, error) { func (str *Store) FindAccountWithEmail(email string, tx *sqlx.Tx) (*Account, error) { a := &Account{} - if err := tx.QueryRowx("select * from accounts where email = $1 and not deleted", email).StructScan(a); err != nil { + if err := tx.QueryRowx("select * from accounts where email = lower($1) and not deleted", email).StructScan(a); err != nil { return nil, errors.Wrap(err, "error selecting account by email") } return a, nil @@ -45,7 +45,7 @@ func (str *Store) FindAccountWithEmail(email string, tx *sqlx.Tx) (*Account, err func (str *Store) FindAccountWithEmailAndDeleted(email string, tx *sqlx.Tx) (*Account, error) { a := &Account{} - if err := tx.QueryRowx("select * from accounts where email = $1", email).StructScan(a); err != nil { + if err := tx.QueryRowx("select * from accounts where email = lower($1)", email).StructScan(a); err != nil { return nil, errors.Wrap(err, "error selecting acount by email") } return a, nil @@ -60,7 +60,7 @@ func (str *Store) FindAccountWithToken(token string, tx *sqlx.Tx) (*Account, err } func (str *Store) UpdateAccount(a *Account, tx *sqlx.Tx) (int, error) { - stmt, err := tx.Prepare("update accounts set email=$1, salt=$2, password=$3, token=$4, limitless=$5 where id = $6") + stmt, err := tx.Prepare("update accounts set email=lower($1), salt=$2, password=$3, token=$4, limitless=$5 where id = $6") if err != nil { return 0, errors.Wrap(err, "error preparing accounts update statement") } diff --git a/controller/store/sql/postgresql/016_v0_4_21_lowercase_email.sql b/controller/store/sql/postgresql/016_v0_4_21_lowercase_email.sql new file mode 100644 index 00000000..772a3163 --- /dev/null +++ b/controller/store/sql/postgresql/016_v0_4_21_lowercase_email.sql @@ -0,0 +1,3 @@ +-- +migrate Up + +update accounts set email = lower(email); \ No newline at end of file diff --git a/controller/store/sql/sqlite3/016_v0_4_21_lowercase_email.sql b/controller/store/sql/sqlite3/016_v0_4_21_lowercase_email.sql new file mode 100644 index 00000000..772a3163 --- /dev/null +++ b/controller/store/sql/sqlite3/016_v0_4_21_lowercase_email.sql @@ -0,0 +1,3 @@ +-- +migrate Up + +update accounts set email = lower(email); \ No newline at end of file diff --git a/ui/src/console/login/Login.js b/ui/src/console/login/Login.js index 3c380899..454cb655 100644 --- a/ui/src/console/login/Login.js +++ b/ui/src/console/login/Login.js @@ -33,7 +33,7 @@ const Login = (props) => { .then(resp => { if (!resp.error) { let user = { - "email": email, + "email": email.toLowerCase(), "token": resp.data } props.loginSuccess(user)