Closed MaxLeiter closed 6 years ago
devsnd
commented
6 years ago Yes, we should make them case insensitive, but before I can accept the PR we also have to make sure that changePassword, addUser and deleteUser are all also case insensitive. Otherwise bad things can happen.
If we're really careful we would check if there any users that would not be able to log in any more in that case (e.g. devsnd and DEVSND) on startup, but that's probably overkill.
MaxLeiter
commented
6 years ago I'll go ahead and put the lowers elsewhere, but this shouldn't stop anyone from logging in -- it just lowercases the username entered and the username it's fetching from the database
No point in making addUser case-insensitive, as it doesn't lookup usernames.
MaxLeiter
commented
6 years ago Updated, added to changePassword
devsnd
commented
6 years ago I'll go ahead and put the lowers elsewhere, but this shouldn't stop anyone from logging in -- it just lowercases the username entered and the username it's fetching from the database
Well, if anyone would create two users MAX and max then both could not log in anymore, because of line 108: assert len(rows) <= 1. So it's important to make sure that it's impossible to create this scenario by making all accesses lower-cased.
MaxLeiter
commented
6 years ago Good point -- done
coveralls
commented
6 years ago Coverage remained the same at 73.554% when pulling bcf3395dae50f72fc90303666d24236166067826 on MaxLeiter:case-sensitive into 3f969ef0edabae0d56822481f7a0bb171cd07416 on devsnd:devel.
coveralls
commented
6 years ago Coverage decreased (-0.004%) to 73.551% when pulling 1a2de1b62a95354477bde93a4de62540e0c2ee12 on MaxLeiter:case-sensitive into 3f969ef0edabae0d56822481f7a0bb171cd07416 on devsnd:devel.
devsnd
commented
6 years ago Thanks, this time you get a dolphin and a fish, so you can feed it.
:dolphin: :fish:
Coverage remained the same at 73.554% when pulling 645c257cd467be169044d4182cd79be7bc6b0af0 on MaxLeiter:case-sensitive into 3d533b362fa91d4a240a665c53b6085072b279c1 on devsnd:devel.