From 1140a07d43fccd33926ba9e12a332c51b292596f Mon Sep 17 00:00:00 2001 From: scs Date: Tue, 23 Jul 2019 23:46:36 +0000 Subject: [PATCH] case insensitive username --- main.go | 72 +++++++++++++-------------------------------------------- 1 file changed, 16 insertions(+), 56 deletions(-) diff --git a/main.go b/main.go index e4fd5e3..a35e41a 100644 --- a/main.go +++ b/main.go @@ -56,7 +56,7 @@ func UsernameAvailable(username string) bool { return false } var u string - q := fmt.Sprintf("select username from %s_auth where username=$1", c.TablePrefix) + q := fmt.Sprintf("select username from %s_auth where username ILIKE $1", c.TablePrefix) err := c.db.Get(&u, q, username) if err == sql.ErrNoRows { return true @@ -91,7 +91,7 @@ func Register(username, email, ip string) bool { return true } log.Printf("scsusers.Register: Failed to send registration email, deleting user %s\n", username) - q=fmt.Sprintf("delete from %s_auth where username=$1 AND password=$2", c.TablePrefix) + q=fmt.Sprintf("delete from %s_auth where username ILIKE $1 AND password=$2", c.TablePrefix) _,err = c.db.Exec(q, username, string(crypt)) if err != nil { log.Printf("scsusers.Register: Failed to delete new user %s: %s\n", username, err.Error()) @@ -100,7 +100,7 @@ func Register(username, email, ip string) bool { } func Login(username, password string) bool { - q:=fmt.Sprintf("select password from %s_auth where username=$1 AND status='active'",c.TablePrefix) + q:=fmt.Sprintf("select password from %s_auth where username ILIKE $1 AND status='active'",c.TablePrefix) var crypt string err:=c.db.Get(&crypt, q, username) if err != nil { @@ -118,7 +118,7 @@ func Login(username, password string) bool { func ChangePassword(username, oldpass, newpass string) bool { log.Println("scsusers.ChangePassword: Attempting password change for "+ username) - q:=fmt.Sprintf("select password from %s_auth where username=$1 AND status='active'",c.TablePrefix) + q:=fmt.Sprintf("select password from %s_auth where username ILIKE $1 AND status='active'",c.TablePrefix) var crypt string err:=c.db.Get(&crypt, q, username) if err != nil { @@ -130,7 +130,7 @@ func ChangePassword(username, oldpass, newpass string) bool { return false } newcrypt, err := bcrypt.GenerateFromPassword([]byte(newpass), 10) - q=fmt.Sprintf("update %s_auth set password=$2 where username=$1", c.TablePrefix) + q=fmt.Sprintf("update %s_auth set password=$2 where username ILIKE $1", c.TablePrefix) _,err=c.db.Exec(q, username, newcrypt) if err!= nil { log.Printf("scsusers.ChangePassword: update failed for %s: %s\n", username, err.Error()) @@ -143,7 +143,7 @@ func ChangePassword(username, oldpass, newpass string) bool { func GetUserid(username string) int64 { var i int64 - q:=fmt.Sprintf("select userid from %s_auth where username=$1", c.TablePrefix) + q:=fmt.Sprintf("select userid from %s_auth where username ILIKE $1", c.TablePrefix) err:=c.db.Get(&i, q, username) if err != nil { log.Printf("scsusers.getUserId: Error loading user: %s : %s\n", username, err.Error()) @@ -153,7 +153,7 @@ func GetUserid(username string) int64 { } func LoadUser(username string) (UserData, error) { var u UserData - q:=fmt.Sprintf("select data from %s_userdata where username=$1", c.TablePrefix) + q:=fmt.Sprintf("select data from %s_userdata where username ILIKE $1", c.TablePrefix) var d string err:=c.db.Get(d, q, username) if err != nil { @@ -168,7 +168,7 @@ func LoadUser(username string) (UserData, error) { } func SaveUser(username string, d UserData) bool { - q:=fmt.Sprintf("update %s_userdata set data=$1 where username=$2") + q:=fmt.Sprintf("update %s_userdata set data=$1 where username ILIKE $2") j, err:=json.Marshal(d) if err != nil { log.Printf("scsusers.SaveUser: json.Marshal failed for username %s : %s\n", username, err.Error()) @@ -184,7 +184,7 @@ func SaveUser(username string, d UserData) bool { } func Bump(username string) { - q:=fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP where username=$1", c.TablePrefix) + q:=fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP where username ILIKE $1", c.TablePrefix) _, err :=c.db.Exec(q, username) if err != nil { log.Printf("scsusers.Bump: Error on user bump: %s : %s\n", username, err.Error()) @@ -200,7 +200,7 @@ func GetAllMeta(username string) (map[string]string) { meta:=make(map[string]string) q:=fmt.Sprintf(`select meta_key, meta_value from %s_user_metadata where - user_id=(select userid from %s_auth where username=?)`, + user_id=(select userid from %s_auth where username ILIKE $1)`, c.TablePrefix, c.TablePrefix) rows,err:=c.db.Queryx(q, username) if err != nil { @@ -222,7 +222,7 @@ func GetAllMeta(username string) (map[string]string) { func GetMeta(username string, metakey string) string { var v string q:=fmt.Sprintf(`select meta_value from %s_user_metadata where - user_id=(select userid from %s_auth where username=?) AND meta_key=?`, c.TablePrefix, c.TablePrefix) + user_id=(select userid from %s_auth where username ILIKE $1) AND meta_key=$2`, c.TablePrefix, c.TablePrefix) err:=c.db.Get(&v, q, username, metakey) if err != nil { log.Printf("scsusers.GetMeta: %s - %s - %s\n", username, metakey, err.Error()) @@ -233,12 +233,12 @@ func GetMeta(username string, metakey string) string { func SetMeta(username string, metakey string, metavalue string) { var err error if metavalue=="" { - q:=fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username=?) AND meta_key=?`, + q:=fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username ILIKE $1) AND meta_key=$2`, c.TablePrefix, c.TablePrefix) _, err=c.db.Exec(q, username, metakey) } else { q:=fmt.Sprintf(`insert into %s_user_metadata (user_id, meta_key, meta_value) VALUES - ((select userid from %s_auth where username=?), ?, ?)`, c.TablePrefix, c.TablePrefix) + ((select userid from %s_auth where username ILIKE $1), $2, $3)`, c.TablePrefix, c.TablePrefix) _,err=c.db.Exec(q, username, metakey, metavalue) } if err != nil { @@ -246,55 +246,15 @@ func SetMeta(username string, metakey string, metavalue string) { } } -func GetRoles(username string) []string { - var roles []string - q:=fmt.Sprintf(`select role_name from %s_roles - left join %s_user_roles on %s_roles.role_id=%s_user_roles.role_id - left join %s_auth on %s_user_roles.user_id=%s_auth.user_id - where %s_auth.username=?`, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix, c.TablePrefix) - err:=c.db.Select(&roles,q, username) - if err != nil { - log.Printf("scsusers.GetRoles: %s : %s\n", username, err.Error()) - } - return roles -} - -func HasRole(username string, role string) bool { - roles:=GetRoles(username) - for _,a:=range(roles) { - if a==role { - return true - } - } - return false -} - -func AddRole(username string, role string) bool { - if HasRole(username, role) { - return true - } - q:=fmt.Sprintf(`insert into %s_user_roles (user_id, role_id) - VALUES ( - (select userid from %s_auth where username=?), - (select role_id from %s_roles where role_name=?) - ); - `, c.TablePrefix, c.TablePrefix, c.TablePrefix) - _, err:=c.db.Exec(q) - if err != nil { - log.Printf("scsusers.AddRole: %s %s %s\n", username, role, err.Error()) - return false - } - return true -} func RecoverByUsername(u string) { var username, email string - q:=fmt.Sprintf("select username, email from %s_auth where username=$1", c.TablePrefix) + q:=fmt.Sprintf("select username, email from %s_auth where username ILIKE $1", c.TablePrefix) row:=c.db.QueryRow(q, u) err:=row.Scan(&username, &email) if err!=sql.ErrNoRows { recoverycode:=randBytes(16) - qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username=$2", c.TablePrefix) + qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username ILIKE $2", c.TablePrefix) _,err:=c.db.Exec(qq, recoverycode, username) if err==nil { sendRecoveryEmail(email, username, string(recoverycode)) @@ -309,7 +269,7 @@ func RecoverByEmail(e string) { err:=row.Scan(&username, &email) if err!=sql.ErrNoRows { recoverycode:=randBytes(16) - qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username=$2", c.TablePrefix) + qq:=fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username ILIKE $2", c.TablePrefix) _,err:=c.db.Exec(qq, recoverycode, username) if err==nil { sendRecoveryEmail(email, username, string(recoverycode))