From a39617cf2e09e26b6209f203dd09715777556e26 Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Mon, 13 Jul 2020 15:26:05 +0300 Subject: [PATCH] Make sure usernames are case insensitive on lookup --- django_etebase/serializers.py | 3 +++ django_etebase/views.py | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/django_etebase/serializers.py b/django_etebase/serializers.py index 0655775..94ab3e7 100644 --- a/django_etebase/serializers.py +++ b/django_etebase/serializers.py @@ -100,6 +100,9 @@ class UserSlugRelatedField(serializers.SlugRelatedField): def __init__(self, **kwargs): super().__init__(slug_field=User.USERNAME_FIELD, **kwargs) + def to_internal_value(self, data): + return super().to_internal_value(data.lower()) + class ChunksField(serializers.RelatedField): def to_representation(self, obj): diff --git a/django_etebase/views.py b/django_etebase/views.py index 480843e..327bc08 100644 --- a/django_etebase/views.py +++ b/django_etebase/views.py @@ -439,7 +439,7 @@ class CollectionMemberViewSet(BaseViewSet): permission_classes = our_base_permission_classes + (permissions.IsCollectionAdmin, ) queryset = CollectionMember.objects.all() serializer_class = CollectionMemberSerializer - lookup_field = 'user__' + User.USERNAME_FIELD + lookup_field = f'user__{User.USERNAME_FIELD}__iexact' lookup_url_kwarg = 'username' stoken_id_fields = ['stoken__id'] @@ -559,7 +559,7 @@ class InvitationOutgoingViewSet(InvitationBaseViewSet): @action_decorator(detail=False, allowed_methods=['GET'], methods=['GET']) def fetch_user_profile(self, request, *args, **kwargs): username = request.GET.get('username') - kwargs = {User.USERNAME_FIELD: username} + kwargs = {User.USERNAME_FIELD: username.lower()} user = get_object_or_404(get_user_queryset(User.objects.all(), self), **kwargs) user_info = get_object_or_404(UserInfo.objects.all(), owner=user) serializer = UserInfoPubkeySerializer(user_info) @@ -620,7 +620,7 @@ class AuthenticationViewSet(viewsets.ViewSet): return Response(data, status=status.HTTP_201_CREATED) def get_login_user(self, username): - kwargs = {User.USERNAME_FIELD: username} + kwargs = {User.USERNAME_FIELD: username.lower()} return get_object_or_404(self.get_queryset(), **kwargs) def validate_login_request(self, request, validated_data, response_raw, signature, expected_action):