Merge lp:~james-w/canonical-identity-provider/email-timeout into lp:canonical-identity-provider/release
Status: | Merged |
---|---|
Approved by: | Matias Bordese |
Approved revision: | no longer in the source branch. |
Merged at revision: | 1031 |
Proposed branch: | lp:~james-w/canonical-identity-provider/email-timeout |
Merge into: | lp:canonical-identity-provider/release |
Diff against target: |
70 lines (+26/-1) 4 files modified
src/identityprovider/forms.py (+4/-0) src/identityprovider/tests/test_forms.py (+10/-0) src/webui/tests/test_views_account.py (+11/-0) src/webui/views/account.py (+1/-1) |
To merge this branch: | bzr merge lp:~james-w/canonical-identity-provider/email-timeout |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Matias Bordese (community) | Approve | ||
Review via email: mp+182124@code.launchpad.net |
Commit message
Don't allow adding an email that is already registered with a different case.
When registering you can't use a different-case version of someone else's
email. However, you could add one after you registered if the other person
hadn't validated yet.
Description of the change
Hi,
I was looking at:
https:/
There's a slow query because it's doing a case-sensitive search when looking
for addresses to invalidate. I fixed it to do case-insensitive search to use
the index.
I was worried that this would mean you could invlidate someone else's email
address, but the check for > 1 email should avoid that, because it would
find both case versions if you were able to add one. However, I still did
some tests to try and add an email that is a different-case version of
someone else's. You can't do it at registration, but you could do it
by adding a new email to an existing account if the other person hadn't
validated the email yet. I fixed that at the same time for extra security.
Thanks,
James
Looks good.