Fix normalization of email to lowercase

This commit is contained in:
Thomas Oberndörfer 2019-03-06 15:47:46 +01:00
parent aad782573d
commit 1fcf791560
5 changed files with 21 additions and 7 deletions

View File

@ -43,7 +43,7 @@ class HKP {
ctx.throw(400, 'Invalid request!'); ctx.throw(400, 'Invalid request!');
} }
const origin = util.origin(ctx); const origin = util.origin(ctx);
await this._publicKey.put({emails: [], publicKeyArmored, origin}); await this._publicKey.put({publicKeyArmored, origin});
ctx.body = 'Upload successful. Check your inbox to verify your email address.'; ctx.body = 'Upload successful. Check your inbox to verify your email address.';
ctx.status = 201; ctx.status = 201;
} }

View File

@ -43,7 +43,7 @@ class REST {
ctx.throw(400, 'Invalid request!'); ctx.throw(400, 'Invalid request!');
} }
const origin = util.origin(ctx); const origin = util.origin(ctx);
await this._publicKey.put({emails: emails ? emails : [], publicKeyArmored, origin}); await this._publicKey.put({emails, publicKeyArmored, origin});
ctx.body = 'Upload successful. Check your inbox to verify your email address.'; ctx.body = 'Upload successful. Check your inbox to verify your email address.';
ctx.status = 201; ctx.status = 201;
} }

View File

@ -136,7 +136,7 @@ class PGP {
result.push({ result.push({
status: userStatus, status: userStatus,
name: uid.name, name: uid.name,
email: uid.address.toLowerCase(), email: util.normalizeEmail(uid.address),
verified: false verified: false
}); });
} }
@ -154,7 +154,7 @@ class PGP {
async filterKeyByUserIds(userIds, armored) { async filterKeyByUserIds(userIds, armored) {
const emails = userIds.map(({email}) => email); const emails = userIds.map(({email}) => email);
const {keys: [key]} = await openpgp.key.readArmored(armored); const {keys: [key]} = await openpgp.key.readArmored(armored);
key.users = key.users.filter(({userId: {email}}) => emails.includes(email)); key.users = key.users.filter(({userId: {email}}) => emails.includes(util.normalizeEmail(email)));
return key.armor(); return key.armor();
} }
@ -187,7 +187,7 @@ class PGP {
*/ */
async removeUserId(email, publicKeyArmored) { async removeUserId(email, publicKeyArmored) {
const {keys: [key]} = await openpgp.key.readArmored(publicKeyArmored); const {keys: [key]} = await openpgp.key.readArmored(publicKeyArmored);
key.users = key.users.filter(({userId}) => userId.email !== email); key.users = key.users.filter(({userId}) => util.normalizeEmail(userId.email) !== email);
return key.armor(); return key.armor();
} }
} }

View File

@ -68,7 +68,8 @@ class PublicKey {
* @param {Object} origin Required for links to the keyserver e.g. { protocol:'https', host:'openpgpkeys@example.com' } * @param {Object} origin Required for links to the keyserver e.g. { protocol:'https', host:'openpgpkeys@example.com' }
* @return {Promise} * @return {Promise}
*/ */
async put({emails, publicKeyArmored, origin}) { async put({emails = [], publicKeyArmored, origin}) {
emails = emails.map(util.normalizeEmail);
// lazily purge old/unverified keys on every key upload // lazily purge old/unverified keys on every key upload
await this._purgeOldUnverified(); await this._purgeOldUnverified();
// parse key block // parse key block
@ -267,7 +268,7 @@ class PublicKey {
queries = queries.concat(userIds.map(uid => ({ queries = queries.concat(userIds.map(uid => ({
userIds: { userIds: {
$elemMatch: { $elemMatch: {
'email': uid.email.toLowerCase(), 'email': util.normalizeEmail(uid.email),
'verified': true 'verified': true
} }
} }
@ -332,6 +333,7 @@ class PublicKey {
* @return {Array} A list of user ids with nonces * @return {Array} A list of user ids with nonces
*/ */
async _flagForRemove(keyId, email) { async _flagForRemove(keyId, email) {
email = util.normalizeEmail(email);
const query = email ? {'userIds.email': email} : {keyId}; const query = email ? {'userIds.email': email} : {keyId};
const key = await this._mongo.get(query, DB_TYPE); const key = await this._mongo.get(query, DB_TYPE);
if (!key) { if (!key) {

View File

@ -78,6 +78,18 @@ exports.isEmail = function(data) {
return re.test(data); return re.test(data);
}; };
/**
* Normalize email address to lowercase.
* @param {string} email The email address
* @return {string} lowercase email address
*/
exports.normalizeEmail = function(email) {
if (email) {
email = email.toLowerCase();
}
return email;
};
/** /**
* Create an error with a custom status attribute e.g. for http codes. * Create an error with a custom status attribute e.g. for http codes.
* @param {number} status The error's http status code * @param {number} status The error's http status code