github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-21 03:58:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Ensure case insensitive email for password resets (#15420)

Browse Source
This commit is contained in:
Azri Kahar
2022-09-13 07:59:33 +08:00
committed by GitHub
parent b36ea51e13
commit 487112e679
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/cli/commands/users/passwd.ts
View File

@@ -17,7 +17,11 @@ export default async function usersPasswd({ email, password }: { email?: string;
const schema = await getSchema();
const service = new UsersService({ schema, knex: database });
const user = await service.knex.select('id').from('directus_users').where({ email }).first();
const user = await service.knex
.select('id')
.from('directus_users')
.whereRaw('LOWER(??) = ?', ['email', email.toLowerCase()])
.first();
if (user) {
await service.knex('directus_users').update({ password: passwordHashed }).where({ id: user.id });
logger.info(`Password is updated for user ${user.id}`);

6
api/src/services/users.ts
View File

@@ -357,7 +357,11 @@ export class UsersService extends ItemsService {
const STALL_TIME = 500;
const timeStart = performance.now();
const user = await this.knex.select('status', 'password').from('directus_users').where({ email }).first();
const user = await this.knex
.select('status', 'password')
.from('directus_users')
.whereRaw('LOWER(??) = ?', ['email', email.toLowerCase()])
.first();
if (user?.status !== 'active') {
await stall(STALL_TIME, timeStart);