From e2c15468e021b57b99e53b979dbc05670b8b8aeb Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Mon, 8 Oct 2018 20:09:06 -0500 Subject: [PATCH] Make usernames case-insensitive --- src/invidious.cr | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index a6b77c54..a73054fc 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -755,7 +755,7 @@ post "/login" do |env| end if action == "signin" - user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User) + user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User) if !user error_message = "Invalid username or password" @@ -769,7 +769,7 @@ post "/login" do |env| if Crypto::Bcrypt::Password.new(user.password.not_nil!) == password sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) - PG_DB.exec("UPDATE users SET id = id || $1 WHERE email = $2", [sid], email) + PG_DB.exec("UPDATE users SET id = id || $1 WHERE LOWER(email) = LOWER($2)", [sid], email) if Kemal.config.ssl || CONFIG.https_only secure = true @@ -784,7 +784,7 @@ post "/login" do |env| next templated "error" end elsif action == "register" - user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User) + user = PG_DB.query_one?("SELECT * FROM users WHERE LOWER(email) = LOWER($1) AND password IS NOT NULL", email, as: User) if user error_message = "Please sign in" next templated "error"