fix: perform case-insensitive match for local user email addresses (#1633)

pull/1646/head
TheCatLady 4 years ago committed by GitHub
parent bb8d14b5ff
commit 928b8a71cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -40,9 +40,13 @@ authRoutes.post('/plex', async (req, res, next) => {
const account = await plextv.getUser(); const account = await plextv.getUser();
// Next let's see if the user already exists // Next let's see if the user already exists
let user = await userRepository.findOne({ let user = await userRepository
where: { plexId: account.id }, .createQueryBuilder('user')
}); .where('user.plexId = :id', { id: account.id })
.orWhere('LOWER(user.email) = :email', {
email: account.email.toLowerCase(),
})
.getOne();
if (user) { if (user) {
// Let's check if their Plex token is up-to-date // Let's check if their Plex token is up-to-date
@ -55,6 +59,12 @@ authRoutes.post('/plex', async (req, res, next) => {
user.email = account.email; user.email = account.email;
user.plexUsername = account.username; user.plexUsername = account.username;
// In case the user was previously a local account
if (user.userType === UserType.LOCAL) {
user.userType = UserType.PLEX;
user.plexId = account.id;
}
if (user.username === account.username) { if (user.username === account.username) {
user.username = ''; user.username = '';
} }
@ -164,10 +174,11 @@ authRoutes.post('/local', async (req, res, next) => {
}); });
} }
try { try {
const user = await userRepository.findOne({ const user = await userRepository
select: ['id', 'password'], .createQueryBuilder('user')
where: { email: body.email }, .select(['user.id', 'user.password'])
}); .where('LOWER(user.email) = :email', { email: body.email.toLowerCase() })
.getOne();
const isCorrectCredentials = await user?.passwordMatch(body.password); const isCorrectCredentials = await user?.passwordMatch(body.password);
@ -231,9 +242,10 @@ authRoutes.post('/reset-password', async (req, res) => {
.json({ error: 'You must provide an email address.' }); .json({ error: 'You must provide an email address.' });
} }
const user = await userRepository.findOne({ const user = await userRepository
where: { email: body.email }, .createQueryBuilder('user')
}); .where('LOWER(user.email) = :email', { email: body.email.toLowerCase() })
.getOne();
if (user) { if (user) {
await user.resetPassword(); await user.resetPassword();

@ -82,9 +82,12 @@ router.post(
const body = req.body; const body = req.body;
const userRepository = getRepository(User); const userRepository = getRepository(User);
const existingUser = await userRepository.findOne({ const existingUser = await userRepository
where: { email: body.email }, .createQueryBuilder('user')
}); .where('LOWER(user.email) = :email', {
email: body.email.toLowerCase(),
})
.getOne();
if (existingUser) { if (existingUser) {
return next({ return next({
@ -393,17 +396,21 @@ router.post(
for (const rawUser of plexUsersResponse.MediaContainer.User) { for (const rawUser of plexUsersResponse.MediaContainer.User) {
const account = rawUser.$; const account = rawUser.$;
const user = await userRepository.findOne({ const user = await userRepository
where: [{ plexId: account.id }, { email: account.email }], .createQueryBuilder('user')
}); .where('user.plexId = :id', { id: account.id })
.orWhere('LOWER(user.email) = :email', {
email: account.email.toLowerCase(),
})
.getOne();
if (user) { if (user) {
// Update the users avatar with their plex thumbnail (incase it changed) // Update the user's avatar with their Plex thumbnail, in case it changed
user.avatar = account.thumb; user.avatar = account.thumb;
user.email = account.email; user.email = account.email;
user.plexUsername = account.username; user.plexUsername = account.username;
// in-case the user was previously a local account // In case the user was previously a local account
if (user.userType === UserType.LOCAL) { if (user.userType === UserType.LOCAL) {
user.userType = UserType.PLEX; user.userType = UserType.PLEX;
user.plexId = parseInt(account.id); user.plexId = parseInt(account.id);
@ -418,7 +425,7 @@ router.post(
if ( if (
account.email && account.email &&
account.username && account.username &&
(await mainPlexTv.checkUserAccess(Number(account.id))) (await mainPlexTv.checkUserAccess(parseInt(account.id)))
) { ) {
const newUser = new User({ const newUser = new User({
plexUsername: account.username, plexUsername: account.username,

Loading…
Cancel
Save