Skip to content
This repository has been archived by the owner on Nov 22, 2023. It is now read-only.

(PC-8025) Better user e-mail sanitization #2367

Merged
merged 2 commits into from
May 7, 2021
Merged

(PC-8025) Better user e-mail sanitization #2367

merged 2 commits into from
May 7, 2021

Conversation

dbaty
Copy link
Contributor

@dbaty dbaty commented May 3, 2021
edited
Loading

This commit:

  • renames core.users.utils.format_email() as sanitize_email() for clarity;
  • makes sure that it is called when we store an e-mail;
  • makes sure that it is called when we look up an e-mail in the database.

So, starting from this commit, User.email is stored in lowercase and
e-mail lookup (including on login) is case insensitive.

@dbaty dbaty force-pushed the pc-8025-user-email-sanitization branch from 6ca6873 to ac550cf Compare May 3, 2021 12:39
@dbaty dbaty changed the title ___ wip (do not merge with this pull request): always sanitize User.email (PC-8025) Better user e-mail sanitization May 3, 2021
@dbaty dbaty force-pushed the pc-8025-user-email-sanitization branch 2 times, most recently from 83640e0 to 7e4aee0 Compare May 4, 2021 10:12
@dbaty dbaty marked this pull request as ready for review May 5, 2021 08:18
xordoquy
xordoquy reviewed May 7, 2021
View reviewed changes
src/pcapi/validation/models/user.py
# changes when this SELECT query is performed, which could raise
# an error on the UNIQUE constraint. However, I don't understand
# why we're checking the uniqueness of the email only if the user
# is new (which we do with `if user.id is None`).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

j'imagine que c'est parce que le changement d'email n'a pas été considéré.

@dbaty dbaty force-pushed the pc-8025-user-email-sanitization branch 2 times, most recently from e515eb1 to bd9e613 Compare May 7, 2021 15:40
dbaty added 2 commits May 7, 2021 17:48
@dbaty
(PC-8025) Better user e-mail sanitization
415b272 
This commit:

- renames `core.users.utils.format_email()` as `sanitize_email()` for clarity;
- makes sure that it is called when we store an e-mail;
- makes sure that it is called when we look up an e-mail in the database.

So, starting from this commit, `User.email` is stored in lowercase and
e-mail lookup (including on login) is case insensitive.
@dbaty
tests: Move tests/admin/partner_user_view_test.py file with its sib…
8fd94b0 
…lings
@dbaty dbaty force-pushed the pc-8025-user-email-sanitization branch from bd9e613 to 8fd94b0 Compare May 7, 2021 15:48
@dbaty dbaty merged commit 8fd94b0 into master May 7, 2021
@dbaty dbaty deleted the pc-8025-user-email-sanitization branch May 7, 2021 15:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@xordoquy xordoquy xordoquy approved these changes

@apibrac apibrac apibrac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dbaty @xordoquy @apibrac