open-source-mirrors
/
overseerr
mirror of https://github.com/sct/overseerr
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: perform case-insensitive match for local user email addresses (#1633)

Browse Source
pull/1646/head
TheCatLady 4 years ago committed by GitHub
parent bb8d14b5ff
commit 928b8a71cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 19 deletions
Show Stats Download Patch File Download Diff File

32
server/routes/auth.ts
Unescape View File

@ -40,9 +40,13 @@ authRoutes.post('/plex', async (req, res, next) => {
const account = await plextv.getUser();
// Next let's see if the user already exists
let user = await userRepository.findOne({
where: { plexId: account.id },
});
let user = await userRepository
.createQueryBuilder('user')
.where('user.plexId = :id', { id: account.id })
.orWhere('LOWER(user.email) = :email', {
email: account.email.toLowerCase(),
})
.getOne();
if (user) {
// Let's check if their Plex token is up-to-date
@ -55,6 +59,12 @@ authRoutes.post('/plex', async (req, res, next) => {
user.email = account.email;
user.plexUsername = account.username;
// In case the user was previously a local account
if (user.userType === UserType.LOCAL) {
user.userType = UserType.PLEX;
user.plexId = account.id;
}
if (user.username === account.username) {
user.username = '';
}
@ -164,10 +174,11 @@ authRoutes.post('/local', async (req, res, next) => {
});
}
try {
const user = await userRepository.findOne({
select: ['id', 'password'],
where: { email: body.email },
});
const user = await userRepository
.createQueryBuilder('user')
.select(['user.id', 'user.password'])
.where('LOWER(user.email) = :email', { email: body.email.toLowerCase() })
.getOne();
const isCorrectCredentials = await user?.passwordMatch(body.password);
@ -231,9 +242,10 @@ authRoutes.post('/reset-password', async (req, res) => {
.json({ error: 'You must provide an email address.' });
}
const user = await userRepository.findOne({
where: { email: body.email },
});
const user = await userRepository
.createQueryBuilder('user')
.where('LOWER(user.email) = :email', { email: body.email.toLowerCase() })
.getOne();
if (user) {
await user.resetPassword();

25
server/routes/user/index.ts
Unescape View File

@ -82,9 +82,12 @@ router.post(
const body = req.body;
const userRepository = getRepository(User);
const existingUser = await userRepository.findOne({
where: { email: body.email },
});
const existingUser = await userRepository
.createQueryBuilder('user')
.where('LOWER(user.email) = :email', {
email: body.email.toLowerCase(),
})
.getOne();
if (existingUser) {
return next({
@ -393,17 +396,21 @@ router.post(
for (const rawUser of plexUsersResponse.MediaContainer.User) {
const account = rawUser.$;
const user = await userRepository.findOne({
where: [{ plexId: account.id }, { email: account.email }],
});
const user = await userRepository
.createQueryBuilder('user')
.where('user.plexId = :id', { id: account.id })
.orWhere('LOWER(user.email) = :email', {
email: account.email.toLowerCase(),
})
.getOne();
if (user) {
// Update the users avatar with their plex thumbnail (incase it changed)
// Update the user's avatar with their Plex thumbnail, in case it changed
user.avatar = account.thumb;
user.email = account.email;
user.plexUsername = account.username;
// in-case the user was previously a local account
// In case the user was previously a local account
if (user.userType === UserType.LOCAL) {
user.userType = UserType.PLEX;
user.plexId = parseInt(account.id);
@ -418,7 +425,7 @@ router.post(
if (
account.email &&
account.username &&
(await mainPlexTv.checkUserAccess(Number(account.id)))
(await mainPlexTv.checkUserAccess(parseInt(account.id)))
) {
const newUser = new User({
plexUsername: account.username,

Write Preview
Loading…
Cancel
Save