Merge pull request #23 from freswa/case-sensitivity-fix

handle username case-insensitively
freswa · Mar 22, 2023 · 4c6c909 · 4c6c909
2 parents cf9d444 + 9c47822
commit 4c6c909
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/internal/socket.go b/internal/socket.go
@@ -7,6 +7,7 @@ import (
 	"github.com/julienschmidt/httprouter"
 	log "github.com/sirupsen/logrus"
 	"net/http"
+	"strings"
 )
 
 type httpHandler struct {
@@ -92,7 +93,7 @@ func (httpHandler *httpHandler) handleRegister(writer http.ResponseWriter, reque
 	}
 
 	// Register this email/account-id/device-token combination
-	err = httpHandler.db.AddRegistration(reg.Username, reg.ApsAccountId, reg.ApsDeviceToken, reg.Mailboxes)
+	err = httpHandler.db.AddRegistration(strings.ToLower(reg.Username), reg.ApsAccountId, reg.ApsDeviceToken, reg.Mailboxes)
 	if err != nil {
 		log.Errorf("Failed to register client:: %s", err)
 		writer.WriteHeader(http.StatusInternalServerError)
@@ -130,6 +131,11 @@ func (httpHandler *httpHandler) handleNotify(writer http.ResponseWriter, request
 		return
 	}
 
+	// Dovecot supports case sensitive usernames, but postfix doesn't
+	// So we only care about lowercase users for now
+	// This isn't an exploit either, since we don't send any email contents via push
+	notify.Username = strings.ToLower(notify.Username)
+
 	isMessageNew := false
 	// check if this is an event for a new message
 	// for all possible events have a look at dovecot-core: