This is an automated email from the ASF dual-hosted git repository. brondsem pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push: new a50d92165 in password reset, also try lowercasing the email to see if that matches a50d92165 is described below commit a50d9216587e28416b19cb26624ed6e8164c7c92 Author: Dave Brondsema <dbronds...@slashdotmedia.com> AuthorDate: Mon Jan 22 12:16:51 2024 -0500 in password reset, also try lowercasing the email to see if that matches --- Allura/allura/controllers/auth.py | 5 +++++ Allura/allura/tests/functional/test_auth.py | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py index 1d11394f5..d74f48445 100644 --- a/Allura/allura/controllers/auth.py +++ b/Allura/allura/controllers/auth.py @@ -223,6 +223,11 @@ class AuthController(BaseController): redirect('/') user_record = M.User.by_email_address(email, only_confirmed=False) + if not user_record and email != email.lower(): + # try again lowercase + email = email.lower() + user_record = M.User.by_email_address(email, only_confirmed=False) + allow_non_primary_email_reset = asbool(config.get('auth.allow_non_primary_email_password_reset', True)) if not re.match(r"[^@]+@[^@]+\.[^@]+", email): diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py index b75eb91a8..10dbd380d 100644 --- a/Allura/allura/tests/functional/test_auth.py +++ b/Allura/allura/tests/functional/test_auth.py @@ -1764,6 +1764,25 @@ To update your password on %s, please visit the following URL: r = r.follow().follow() assert 'Log Out' in r, r + + @patch('allura.tasks.mail_tasks.sendsimplemail') + @patch('allura.lib.helpers.gen_message_id') + def test_capitalized_email_entered(self, gen_message_id, sendmail): + self.app.get('/').follow() # establish session + user = M.User.query.get(username='test-admin') + email = M.EmailAddress.find({'claimed_by_user_id': user._id}).first() + email.confirmed = True + ThreadLocalODMSession.flush_all() + + # request a reset + with td.audits('Password recovery link sent to: ' + email.email, user=True): + r = self.app.post('/auth/password_recovery_hash', {'email': email.email.capitalize(), # NOTE THIS + '_session_id': self.app.cookies['_session_id'], + }) + # confirm it worked + hash = user.get_tool_data('AuthPasswordReset', 'hash') + assert hash is not None + @patch('allura.tasks.mail_tasks.sendsimplemail') @patch('allura.lib.helpers.gen_message_id') def test_hash_expired(self, gen_message_id, sendmail):