diff --git a/src/test/database-test.js b/src/test/database-test.js index 93e543c73..20269dd8a 100644 --- a/src/test/database-test.js +++ b/src/test/database-test.js @@ -69,18 +69,6 @@ describe('database', function () { displayName: 'Herbert 2' }; - var USER_3 = { - id: 'uuid3', - username: 'uuid3', - password: 'secret', - email: 'SAFE3@me.com', - salt: 'tata', - createdAt: 'sometime back', - modifiedAt: 'now', - resetToken: '', - displayName: 'Herbert 3' - }; - it('can add user', function (done) { userdb.add(USER_0.id, USER_0, done); }); @@ -101,14 +89,6 @@ describe('database', function () { }); }); - it('cannot add user with same but uppercase email again', function (done) { - userdb.add(USER_3.id, USER_3, function (error) { - expect(error).to.be.ok(); - expect(error.reason).to.be(DatabaseError.ALREADY_EXISTS); - done(); - }); - }); - it('can get by user id', function (done) { userdb.get(USER_0.id, function (error, user) { expect(error).to.not.be.ok(); diff --git a/src/test/user-test.js b/src/test/user-test.js index 4f8c70512..5832bb603 100644 --- a/src/test/user-test.js +++ b/src/test/user-test.js @@ -122,8 +122,8 @@ describe('User', function () { user.createOwner(USERNAME, PASSWORD, EMAIL, DISPLAY_NAME, function (error, result) { expect(error).not.to.be.ok(); expect(result).to.be.ok(); - expect(result.username).to.equal(USERNAME); - expect(result.email).to.equal(EMAIL); + expect(result.username).to.equal(USERNAME.toLowerCase()); + expect(result.email).to.equal(EMAIL.toLowerCase()); // first user is owner, do not send mail to admins checkMails(0, done); diff --git a/src/user.js b/src/user.js index f6e396d87..61327d02f 100644 --- a/src/user.js +++ b/src/user.js @@ -126,6 +126,10 @@ function createUser(username, password, email, displayName, options, callback) { sendInvite = options && options.sendInvite ? true : false, owner = options && options.owner ? true : false; + // We store usernames and email in lowercase + username = username.toLowerCase(); + email = email.toLowerCase(); + var error = validateUsername(username); if (error) return callback(error); @@ -196,7 +200,7 @@ function verifyWithUsername(username, password, callback) { assert.strictEqual(typeof password, 'string'); assert.strictEqual(typeof callback, 'function'); - userdb.getByUsername(username, function (error, user) { + userdb.getByUsername(username.toLowerCase(), function (error, user) { if (error && error.reason == DatabaseError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND)); if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error)); @@ -217,7 +221,7 @@ function verifyWithEmail(email, password, callback) { assert.strictEqual(typeof password, 'string'); assert.strictEqual(typeof callback, 'function'); - userdb.getByEmail(email, function (error, user) { + userdb.getByEmail(email.toLowerCase(), function (error, user) { if (error && error.reason == DatabaseError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND)); if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error)); @@ -302,6 +306,9 @@ function updateUser(userId, username, email, displayName, callback) { assert.strictEqual(typeof displayName, 'string'); assert.strictEqual(typeof callback, 'function'); + username = username.toLowerCase(); + email = email.toLowerCase(); + var error = validateUsername(username); if (error) return callback(error); @@ -354,7 +361,7 @@ function resetPasswordByIdentifier(identifier, callback) { if (identifier.indexOf('@') === -1) getter = userdb.getByUsername; else getter = userdb.getByEmail; - getter(identifier, function (error, result) { + getter(identifier.toLowerCase(), function (error, result) { if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND)); if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error)); @@ -422,7 +429,7 @@ function changePassword(username, oldPassword, newPassword, callback) { var error = validatePassword(newPassword); if (error) return callback(new UserError(UserError.BAD_PASSWORD, error.message)); - verifyWithUsername(username, oldPassword, function (error, user) { + verifyWithUsername(username.toLowerCase(), oldPassword, function (error, user) { if (error) return callback(error); setPassword(user.id, newPassword, callback); @@ -436,6 +443,7 @@ function createOwner(username, password, email, displayName, callback) { assert.strictEqual(typeof displayName, 'string'); assert.strictEqual(typeof callback, 'function'); + // This is only not allowed for the owner if (username === '') return callback(new UserError(UserError.BAD_USERNAME, 'Username cannot be empty')); userdb.count(function (error, count) { diff --git a/src/userdb.js b/src/userdb.js index c86839b96..77a4e2070 100644 --- a/src/userdb.js +++ b/src/userdb.js @@ -50,7 +50,7 @@ function getByUsername(username, callback) { assert.strictEqual(typeof username, 'string'); assert.strictEqual(typeof callback, 'function'); - database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE username = ?', [ username.toLowerCase() ], function (error, result) { + database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE username = ?', [ username ], function (error, result) { if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error)); if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); @@ -62,7 +62,7 @@ function getByEmail(email, callback) { assert.strictEqual(typeof email, 'string'); assert.strictEqual(typeof callback, 'function'); - database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE email = ?', [ email.toLowerCase() ], function (error, result) { + database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE email = ?', [ email ], function (error, result) { if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error)); if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); @@ -139,7 +139,7 @@ function add(userId, user, callback) { assert.strictEqual(typeof user.displayName, 'string'); assert.strictEqual(typeof callback, 'function'); - var data = [ userId, user.username ? user.username.toLowerCase() : null, user.password, user.email.toLowerCase(), user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName ]; + var data = [ userId, user.username || null, user.password, user.email, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName ]; database.query('INSERT INTO users (id, username, password, email, salt, createdAt, modifiedAt, resetToken, displayName) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)', data, function (error, result) { if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error)); if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error)); @@ -200,10 +200,10 @@ function update(userId, user, callback) { if (k === 'username') { assert.strictEqual(typeof user.username, 'string'); - args.push(user.username ? user.username.toLowerCase() : null); + args.push(user.username || null); } else if (k === 'email') { assert.strictEqual(typeof user.email, 'string'); - args.push(user.email.toLowerCase()); + args.push(user.email); } else { args.push(user[k]); }