diff --git a/db/patch-user-username-case-insensitive.sql b/db/patch-user-username-case-insensitive.sql new file mode 100644 index 000000000..90b7f1cb2 --- /dev/null +++ b/db/patch-user-username-case-insensitive.sql @@ -0,0 +1,47 @@ +CREATE TABLE [temp_user]( + [id] INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, + [username] VARCHAR(255) NOT NULL UNIQUE COLLATE NOCASE, + [password] VARCHAR(255), + [active] BOOLEAN NOT NULL DEFAULT 1, + [timezone] VARCHAR(150), + twofa_secret VARCHAR(64), + twofa_status BOOLEAN default 0 NOT NULL, + twofa_last_token VARCHAR(6) +); + +INSERT INTO [temp_user] SELECT +[id], +[username], +[password], +[active], +[timezone], +twofa_secret, +twofa_status, +twofa_last_token + FROM user; + +DROP TABLE user; + +CREATE TABLE [user]( + [id] INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, + [username] VARCHAR(255) NOT NULL UNIQUE COLLATE NOCASE, + [password] VARCHAR(255), + [active] BOOLEAN NOT NULL DEFAULT 1, + [timezone] VARCHAR(150), + twofa_secret VARCHAR(64), + twofa_status BOOLEAN default 0 NOT NULL, + twofa_last_token VARCHAR(6) +); + +INSERT INTO [user] SELECT +[id], +[username], +[password], +[active], +[timezone], +twofa_secret, +twofa_status, +twofa_last_token + FROM [temp_user]; + +DROP TABLE [temp_user]; diff --git a/server/auth.js b/server/auth.js index 9bb9dd01d..b4eeee41f 100644 --- a/server/auth.js +++ b/server/auth.js @@ -15,7 +15,7 @@ exports.login = async function (username, password) { return null; } - let user = await R.findOne("user", " username LIKE ? AND active = 1 ", [ + let user = await R.findOne("user", " username = ? AND active = 1", [ username, ]); diff --git a/server/database.js b/server/database.js index 2544f1972..7764df3f6 100644 --- a/server/database.js +++ b/server/database.js @@ -66,6 +66,7 @@ class Database { "patch-add-radius-monitor.sql": true, "patch-monitor-add-resend-interval.sql": true, "patch-maintenance-table2.sql": true, + "patch-user-username-case-insensitive.sql": { parents: [ "patch-2fa-invalidate-used-token.sql", "patch-2fa.sql" ] } }; /**