public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 10:05:56 +00:00
Code Issues Releases Wiki Activity

authentication: make logins case-insensitive (force lowercase)

Browse Source
This commit is contained in:
Andrew Dolgov
2021-02-11 09:57:57 +03:00
parent e7e73193fe
commit 7af8744c85
8 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/auth_internal/init.php
View File

@@ -26,7 +26,7 @@ class Auth_Internal extends Auth_Base {
if (get_schema_version() > 96) {
$sth = $this->pdo->prepare("SELECT otp_enabled,salt FROM ttrss_users WHERE
login = ?");
LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
@@ -104,7 +104,7 @@ class Auth_Internal extends Auth_Base {
if (get_schema_version() > 87) {
$sth = $this->pdo->prepare("SELECT salt FROM ttrss_users WHERE login = ?");
$sth = $this->pdo->prepare("SELECT salt FROM ttrss_users WHERE LOWER(login) = LOWER(?)");
$sth->execute([$login]);
if ($row = $sth->fetch()) {
@@ -113,7 +113,7 @@ class Auth_Internal extends Auth_Base {
if ($salt == "") {
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
LOWER(login) = LOWER(?) AND (pwd_hash = ? OR pwd_hash = ?)");
$sth->execute([$login, $pwd_hash1, $pwd_hash2]);
@@ -128,7 +128,7 @@ class Auth_Internal extends Auth_Base {
$pwd_hash = encrypt_password($password, $salt, true);
$sth = $this->pdo->prepare("UPDATE ttrss_users SET
pwd_hash = ?, salt = ? WHERE login = ?");
pwd_hash = ?, salt = ? WHERE LOWER(login) = LOWER(?)");
$sth->execute([$pwd_hash, $salt, $login]);
@@ -143,7 +143,7 @@ class Auth_Internal extends Auth_Base {
$sth = $this->pdo->prepare("SELECT id
FROM ttrss_users WHERE
login = ? AND pwd_hash = ?");
LOWER(login) = LOWER(?) AND pwd_hash = ?");
$sth->execute([$login, $pwd_hash]);
if ($row = $sth->fetch()) {
@@ -154,7 +154,7 @@ class Auth_Internal extends Auth_Base {
} else {
$sth = $this->pdo->prepare("SELECT id
FROM ttrss_users WHERE
login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
LOWER(login) = LOWER(?) AND (pwd_hash = ? OR pwd_hash = ?)");
$sth->execute([$login, $pwd_hash1, $pwd_hash2]);
@@ -165,7 +165,7 @@ class Auth_Internal extends Auth_Base {
} else {
$sth = $this->pdo->prepare("SELECT id
FROM ttrss_users WHERE
login = ? AND (pwd_hash = ? OR pwd_hash = ?)");
LOWER(login) = LOWER(?) AND (pwd_hash = ? OR pwd_hash = ?)");
$sth->execute([$login, $pwd_hash1, $pwd_hash2]);
@@ -266,7 +266,7 @@ class Auth_Internal extends Auth_Base {
private function check_app_password($login, $password, $service) {
$sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid
FROM ttrss_app_passwords p, ttrss_users u
WHERE p.owner_uid = u.id AND u.login = ? AND service = ?");
WHERE p.owner_uid = u.id AND LOWER(u.login) = LOWER(?) AND service = ?");
$sth->execute([$login, $service]);
while ($row = $sth->fetch()) {

4
plugins/auth_remote/init.php
View File

@@ -58,13 +58,13 @@ class Auth_Remote extends Auth_Base {
// LemonLDAP can send user informations via HTTP HEADER
if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
// update user name
$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
$fullname = isset($_SERVER['HTTP_USER_NAME']) ? $_SERVER['HTTP_USER_NAME'] : ($_SERVER['AUTHENTICATE_CN'] ?? "");
if ($fullname){
$sth = $this->pdo->prepare("UPDATE ttrss_users SET full_name = ? WHERE id = ?");
$sth->execute([$fullname, $user_id]);
}
// update user mail
$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
$email = isset($_SERVER['HTTP_USER_MAIL']) ? $_SERVER['HTTP_USER_MAIL'] : ($_SERVER['AUTHENTICATE_MAIL'] ?? "");
if ($email){
$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ? WHERE id = ?");
$sth->execute([$email, $user_id]);