From fec2d24e6d821fb345d4c4ee882ce177a8c95fde Mon Sep 17 00:00:00 2001 From: rimu <3310831+rimu@users.noreply.github.com> Date: Mon, 29 Jan 2024 08:47:36 +1300 Subject: [PATCH] beware of upper and lower case in user_names and community AP ids --- app/activitypub/util.py | 11 +++++------ app/auth/forms.py | 8 ++++---- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/app/activitypub/util.py b/app/activitypub/util.py index e7797144..8fa41b73 100644 --- a/app/activitypub/util.py +++ b/app/activitypub/util.py @@ -183,16 +183,16 @@ def instance_allowed(host: str) -> bool: def find_actor_or_create(actor: str) -> Union[User, Community, None]: + actor = actor.strip() user = None # actor parameter must be formatted as https://server/u/actor or https://server/c/actor # Initially, check if the user exists in the local DB already if current_app.config['SERVER_NAME'] + '/c/' in actor: - return Community.query.filter_by( - ap_profile_id=actor).first() # finds communities formatted like https://localhost/c/* + return Community.query.filter(Community.ap_profile_id.ilike(actor)).first() # finds communities formatted like https://localhost/c/* if current_app.config['SERVER_NAME'] + '/u/' in actor: - user = User.query.filter_by(user_name=actor.split('/')[-1], ap_id=None, banned=False).first() # finds local users + user = User.query.filter(User.user_name.ilike(actor.split('/')[-1])).filter_by(ap_id=None, banned=False).first() # finds local users if user is None: return None elif actor.startswith('https://'): @@ -203,12 +203,11 @@ def find_actor_or_create(actor: str) -> Union[User, Community, None]: else: if instance_blocked(server): return None - user = User.query.filter_by( - ap_profile_id=actor).first() # finds users formatted like https://kbin.social/u/tables + user = User.query.filter(User.ap_profile_id.ilike(actor)).first() # finds users formatted like https://kbin.social/u/tables if (user and user.banned) or (user and user.deleted) : return None if user is None: - user = Community.query.filter_by(ap_profile_id=actor).first() + user = Community.query.filter(Community.ap_profile_id.ilike(actor)).first() if user is not None: if not user.is_local() and user.ap_fetched_at < utcnow() - timedelta(days=7): diff --git a/app/auth/forms.py b/app/auth/forms.py index fe3f168c..27da7a95 100644 --- a/app/auth/forms.py +++ b/app/auth/forms.py @@ -25,25 +25,25 @@ class RegistrationForm(FlaskForm): submit = SubmitField(_l('Register')) def validate_real_email(self, email): - user = User.query.filter_by(email=email.data).first() + user = User.query.filter(User.email.ilike(email.data.strip())).first() if user is not None: raise ValidationError(_l('An account with this email address already exists.')) def validate_user_name(self, user_name): - user = User.query.filter_by(user_name=user_name.data, ap_id=None).first() + user = User.query.filter(User.user_name.ilike(user_name.data.strip())).filter_by(ap_id=None).first() if user is not None: if user.deleted: raise ValidationError(_l('This username was used in the past and cannot be reused.')) else: raise ValidationError(_l('An account with this user name already exists.')) - community = Community.query.filter_by(name=user_name.data).first() + community = Community.query.filter(Community.name.ilike(user_name.data.strip())).first() if community is not None: raise ValidationError(_l('A community with this name exists so it cannot be used for a user.')) def validate_password(self, password): if not password.data: return - + password.data = password.data.strip() if password.data == 'password' or password.data == '12345678' or password.data == '1234567890': raise ValidationError(_l('This password is too common.'))