Login username case insensitive

- Fixes bookieio#211 - Always lowercase a username on entry. - Add migration to lowercase existing data.
mitechie · Mar 1, 2014 · ed203a8 · ed203a8
1 parent 5448602
commit ed203a8
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 6 deletions.
diff --git a/bookie/models/__init__.py b/bookie/models/__init__.py
@@ -421,8 +421,10 @@ def find(limit=50, order_by=None, page=0, tags=None, username=None,
                     from_obj=[
                         bmarks_tags.join(
                             'tags',
-                            and_(Tag.name.in_(tags),
-                            bmarks_tags.c.tag_id == Tag.tid)
+                            and_(
+                                Tag.name.in_(tags),
+                                bmarks_tags.c.tag_id == Tag.tid
+                            )
                         ).
                         join('bmarks', Bmark.bid == bmarks_tags.c.bmark_id)
                     ]).\

diff --git a/bookie/tests/test_auth/test_api_base.py b/bookie/tests/test_auth/test_api_base.py
@@ -60,6 +60,27 @@ def test_login_success(self):
             'recent' in str(res),
             "Should have 'recent' in the resp: " + str(res))
 
+    def test_login_success_username_case_insensitive(self):
+        """Verify a good login"""
+
+        # the migrations add a default admin account
+        user_data = {'login': u'ADMIN',
+                     'password': u'admin',
+                     'form.submitted': u'true'}
+
+        res = self.testapp.post('/login',
+                                params=user_data)
+        self.assertEqual(
+            res.status,
+            "302 Found",
+            msg='status is 302 Found, ' + res.status)
+
+        # should end up back at the recent page
+        res = res.follow()
+        self.assertTrue(
+            'recent' in str(res),
+            "Should have 'recent' in the resp: " + str(res))
+
     def test_login_failure(self):
         """Verify a bad login"""
 

diff --git a/bookie/views/__init__.py b/bookie/views/__init__.py
@@ -26,6 +26,8 @@ def home(request):
     """Inital / view for now until we find a better one"""
     rdict = request.matchdict
     username = rdict.get('username', None)
+    if username:
+        username = username.lower()
 
     if not request.user:
         return {}

diff --git a/bookie/views/api.py b/bookie/views/api.py
@@ -104,6 +104,8 @@ def bmark_get(request):
 
     hash_id = rdict.get('hash_id', None)
     username = rdict.get('username', None)
+    if username:
+        username = username.lower()
 
     # the hash id will always be there or the route won't match
     bookmark = BmarkMgr.get_by_hash(hash_id,
@@ -305,6 +307,8 @@ def bmark_recent(request, with_content=False):
 
     # we only want to do the username if the username is in the url
     username = rdict.get('username', None)
+    if username:
+        username = username.lower()
 
     # thou shalt not have more then the HARD MAX
     # @todo move this to the .ini as a setting
@@ -968,6 +972,8 @@ def accounts_invites_add(request):
     """
     rdict = request.matchdict
     username = rdict.get('username', None)
+    if username:
+        username = username.lower()
     count = rdict.get('count', None)
 
     if username is not None and count is not None:
@@ -1047,6 +1053,8 @@ def new_user(request):
     u = User()
 
     u.username = unicode(rdict.get('username'))
+    if u.username:
+        u.username = u.username.lower()
     u.email = unicode(rdict.get('email'))
     passwd = get_random_word(8)
     u.password = passwd
@@ -1128,6 +1136,8 @@ def admin_bmark_remove(request):
     """Remove this bookmark from the system"""
     rdict = request.matchdict
     username = rdict.get('username')
+    if username:
+        username = username.lower()
     hash_id = rdict.get('hash_id')
 
     try:

diff --git a/bookie/views/auth.py b/bookie/views/auth.py
@@ -42,7 +42,7 @@ def login(request):
     password = u''
 
     if 'form.submitted' in request.params:
-        login = request.params['login']
+        login = request.params['login'].lower()
         password = request.params['password']
 
         LOG.debug(login)

diff --git a/bookie/views/bmarks.py b/bookie/views/bmarks.py
@@ -42,6 +42,8 @@ def recent(request):
     # check for auth related stuff
     # are we looking for a specific user
     username = rdict.get('username', None)
+    if username:
+        username = username.lower()
 
     # do we have any tags to filter upon
     tags = rdict.get('tags', None)
@@ -81,6 +83,8 @@ def recent_rss(request):
 
     tags = rdict.get('tags', None)
     username = rdict.get('username', None)
+    if username:
+        username = username.lower()
 
     ret = api.bmark_recent(request, with_content=True)
     ret['username'] = username
@@ -108,7 +112,7 @@ def edit(request):
     params = request.params
     new = False
 
-    with ReqAuthorize(request, username=rdict['username']):
+    with ReqAuthorize(request, username=rdict['username'].lower()):
 
         if 'hash_id' in rdict:
             hash_id = rdict['hash_id']
@@ -162,7 +166,7 @@ def edit_error(request):
     params = request.params
     post = request.POST
 
-    with ReqAuthorize(request, username=rdict['username']):
+    with ReqAuthorize(request, username=rdict['username'].lower()):
         if 'new' in request.url:
             try:
                 try:
@@ -237,6 +241,8 @@ def readable(request):
     rdict = request.matchdict
     bid = rdict.get('hash_id', None)
     username = rdict.get('username', None)
+    if username:
+        username = username.lower()
 
     if bid:
         found = BmarkMgr.get_by_hash(bid, username=username)

diff --git a/bookie/views/tags.py b/bookie/views/tags.py
@@ -1,6 +1,5 @@
 """Controllers related to viewing Tag information"""
 import logging
-from pyramid.httpexceptions import HTTPNotFound
 from pyramid.view import view_config
 
 from bookie.models import TagMgr
@@ -16,6 +15,8 @@ def tag_list(request):
     """Display a list of your tags"""
     rdict = request.matchdict
     username = rdict.get("username", None)
+    if username:
+        username = username.lower()
 
     tags_found = TagMgr.find(username=username)
 

diff --git a/dbversions/versions/44dccb7b8b82_update_username_to_l.py b/dbversions/versions/44dccb7b8b82_update_username_to_l.py
@@ -0,0 +1,26 @@
+"""update username to lowercase
+
+Revision ID: 44dccb7b8b82
+Revises: 9f274a38d84
+Create Date: 2014-02-27 00:55:59.913206
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '44dccb7b8b82'
+down_revision = '9f274a38d84'
+
+from alembic import op
+import sqlalchemy as sa
+
+def upgrade():
+    connection = op.get_bind()
+    current_context = op.get_context()
+    meta = current_context.opts['target_metadata']
+    users = sa.Table('users', meta, autoload=True)
+    stmt = users.update().\
+	   values(username=sa.func.lower(users.c.username))
+    connection.execute(stmt)
+
+def downgrade():
+    pass