diff options
author | Richard Jones <richard@mechanicalcat.net> | 2013-07-12 09:55:06 +1000 |
---|---|---|
committer | Richard Jones <richard@mechanicalcat.net> | 2013-07-12 09:55:06 +1000 |
commit | 456a1d2782f6224079079ec7730d3547ef4f09d2 (patch) | |
tree | 83be152c11a9bc0eec483a638749eba1945eae0b /store.py | |
parent | 28f1006d60c998b686537efaf704fb71b7bee982 (diff) | |
download | decorator-456a1d2782f6224079079ec7730d3547ef4f09d2.tar.gz |
a few places where user-supplied username should be matched without case-sensitivity
Diffstat (limited to 'store.py')
-rw-r--r-- | store.py | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -1572,15 +1572,20 @@ class Store: return otk _User = FastResultRow('name password email gpg_keyid last_login!') - def get_user(self, name): + def get_user(self, name, case_sensitive=True): ''' Retrieve info about the user from the database. Returns a mapping with the user info or None if there is no such user. ''' cursor = self.get_cursor() - safe_execute(cursor, '''select name, password, email, gpg_keyid, last_login - from users where name=%s''', (name,)) + if case_sensitive: + sql = '''select name, password, email, gpg_keyid, last_login + from users where name=%s''' + else: + sql = '''select name, password, email, gpg_keyid, last_login + from users where lower(name)=lower(%s)''' + safe_execute(cursor, , (name,)) return self._User(None, cursor.fetchone()) def get_user_by_email(self, email): @@ -1686,11 +1691,14 @@ class Store: safe_execute(self.get_cursor(), "delete from rego_otk where otk=%s", (otk,)) - def get_otk(self, name): + def get_otk(self, username): ''' Retrieve the One Time Key for the user. + + Username must be a case-sensitive match. ''' cursor = self.get_cursor() - safe_execute(cursor, "select otk from rego_otk where name=%s", (name, )) + safe_execute(cursor, 'select otk from rego_otk where name=%s', + (username, )) res = cursor.fetchone() if res is None: return '' |