Fix: When logging with parter create accounts with lowercase emails (#1137)

* Fix: When logging with parter create accounts with lowercase emails * Sanitize emails instead of just lowercase them * linting Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-04 11:51:43 +02:00 · 2022-07-04 11:51:43 +02:00 · 38c9138cdb
parent 66a2152ea3
commit 38c9138cdb
2 changed files with 63 additions and 0 deletions
--- a/app/account_linking.py
+++ b/app/account_linking.py
@ -8,6 +8,7 @@ from newrelic import agent

 from app.db import Session
 from app.email_utils import send_welcome_email
+from app.utils import sanitize_email
 from app.errors import AccountAlreadyLinkedToAnotherPartnerException
 from app.log import LOG
 from app.models import (
@ -194,6 +195,8 @@ def get_login_strategy(
 def process_login_case(
    link_request: PartnerLinkRequest, partner: Partner
 ) -> LinkResult:
+    # Sanitize email just in case
+    link_request.email = sanitize_email(link_request.email)
    # Try to find a SimpleLogin user registered with that partner user id
    partner_user = PartnerUser.get_by(
        partner_id=partner.id, external_user_id=link_request.external_user_id
@ -217,6 +220,8 @@ def process_login_case(
 def link_user(
    link_request: PartnerLinkRequest, current_user: User, partner: Partner
 ) -> LinkResult:
+    # Sanitize email just in case
+    link_request.email = sanitize_email(link_request.email)
    partner_user = ensure_partner_user_exists_for_user(
        link_request, current_user, partner
    )
@ -260,6 +265,8 @@ def process_link_case(
    current_user: User,
    partner: Partner,
 ) -> LinkResult:
+    # Sanitize email just in case
+    link_request.email = sanitize_email(link_request.email)
    # Try to find a SimpleLogin user linked with this Partner account
    partner_user = PartnerUser.get_by(
        partner_id=partner.id, external_user_id=link_request.external_user_id
--- a/tests/test_account_linking.py
+++ b/tests/test_account_linking.py
@ -92,6 +92,24 @@ def test_login_case_from_partner():
    assert res.user.activated is True


+def test_login_case_from_partner_with_uppercase_email():
+    partner = get_proton_partner()
+    link_request = random_link_request(
+        external_user_id=random_string(),
+        from_partner=True,
+    )
+    link_request.email = link_request.email.upper()
+    res = process_login_case(link_request, partner)
+
+    assert res.strategy == NewUserStrategy.__name__
+    assert res.user is not None
+    assert res.user.email == link_request.email.lower()
+    assert User.FLAG_CREATED_FROM_PARTNER == (
+        res.user.flags & User.FLAG_CREATED_FROM_PARTNER
+    )
+    assert res.user.activated is True
+
+
 def test_login_case_from_web():
    partner = get_proton_partner()
    res = process_login_case(
@ -119,6 +137,17 @@ def test_get_strategy_existing_sl_user():
    assert isinstance(strategy, ExistingUnlinkedUserStrategy)


+def test_get_strategy_existing_sl_user_with_uppercase_email():
+    email = random_email()
+    user = User.create(email, commit=True)
+    strategy = get_login_strategy(
+        link_request=random_link_request(email=email.upper()),
+        user=user,
+        partner=get_proton_partner(),
+    )
+    assert isinstance(strategy, ExistingUnlinkedUserStrategy)
+
+
 def test_get_strategy_existing_sl_user_linked_with_different_proton_account():
    # In this scenario we have
    # - PartnerUser1 (ID1, email1@proton)
@ -321,3 +350,30 @@ def test_ensure_partner_user_exists_for_user_raises_exception_when_linked_to_ano
            user,
            partner_2,
        )
+
+
+def test_link_account_with_uppercase(flask_client):
+    # In this scenario we have:
+    # - PartnerUser (email1@partner)
+    # - SimpleLoginUser registered with email1@proton
+    # We will try to link both accounts with an uppercase email
+
+    email = random_email()
+    partner_user_id = random_string()
+    link_request = random_link_request(
+        external_user_id=partner_user_id, email=email.upper()
+    )
+    user = create_user(email)
+
+    res = process_link_case(link_request, user, get_proton_partner())
+    assert res is not None
+    assert res.user is not None
+    assert res.user.id == user.id
+    assert res.user.email == email
+    assert res.strategy == "Link"
+
+    partner_user = PartnerUser.get_by(
+        partner_id=get_proton_partner().id, user_id=user.id
+    )
+    assert partner_user.partner_id == get_proton_partner().id
+    assert partner_user.external_user_id == partner_user_id