From 1fcf791560a8525d27159ee7cfac361518629373 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Obernd=C3=B6rfer?= Date: Wed, 6 Mar 2019 15:47:46 +0100 Subject: [PATCH] Fix normalization of email to lowercase --- src/route/hkp.js | 2 +- src/route/rest.js | 2 +- src/service/pgp.js | 6 +++--- src/service/public-key.js | 6 ++++-- src/service/util.js | 12 ++++++++++++ 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/route/hkp.js b/src/route/hkp.js index 4fed747..be26616 100644 --- a/src/route/hkp.js +++ b/src/route/hkp.js @@ -43,7 +43,7 @@ class HKP { ctx.throw(400, 'Invalid request!'); } const origin = util.origin(ctx); - await this._publicKey.put({emails: [], publicKeyArmored, origin}); + await this._publicKey.put({publicKeyArmored, origin}); ctx.body = 'Upload successful. Check your inbox to verify your email address.'; ctx.status = 201; } diff --git a/src/route/rest.js b/src/route/rest.js index 89b6307..3d95a25 100644 --- a/src/route/rest.js +++ b/src/route/rest.js @@ -43,7 +43,7 @@ class REST { ctx.throw(400, 'Invalid request!'); } const origin = util.origin(ctx); - await this._publicKey.put({emails: emails ? emails : [], publicKeyArmored, origin}); + await this._publicKey.put({emails, publicKeyArmored, origin}); ctx.body = 'Upload successful. Check your inbox to verify your email address.'; ctx.status = 201; } diff --git a/src/service/pgp.js b/src/service/pgp.js index ef40005..3613a1a 100644 --- a/src/service/pgp.js +++ b/src/service/pgp.js @@ -136,7 +136,7 @@ class PGP { result.push({ status: userStatus, name: uid.name, - email: uid.address.toLowerCase(), + email: util.normalizeEmail(uid.address), verified: false }); } @@ -154,7 +154,7 @@ class PGP { async filterKeyByUserIds(userIds, armored) { const emails = userIds.map(({email}) => email); const {keys: [key]} = await openpgp.key.readArmored(armored); - key.users = key.users.filter(({userId: {email}}) => emails.includes(email)); + key.users = key.users.filter(({userId: {email}}) => emails.includes(util.normalizeEmail(email))); return key.armor(); } @@ -187,7 +187,7 @@ class PGP { */ async removeUserId(email, publicKeyArmored) { const {keys: [key]} = await openpgp.key.readArmored(publicKeyArmored); - key.users = key.users.filter(({userId}) => userId.email !== email); + key.users = key.users.filter(({userId}) => util.normalizeEmail(userId.email) !== email); return key.armor(); } } diff --git a/src/service/public-key.js b/src/service/public-key.js index 21ac05f..5cc3878 100644 --- a/src/service/public-key.js +++ b/src/service/public-key.js @@ -68,7 +68,8 @@ class PublicKey { * @param {Object} origin Required for links to the keyserver e.g. { protocol:'https', host:'openpgpkeys@example.com' } * @return {Promise} */ - async put({emails, publicKeyArmored, origin}) { + async put({emails = [], publicKeyArmored, origin}) { + emails = emails.map(util.normalizeEmail); // lazily purge old/unverified keys on every key upload await this._purgeOldUnverified(); // parse key block @@ -267,7 +268,7 @@ class PublicKey { queries = queries.concat(userIds.map(uid => ({ userIds: { $elemMatch: { - 'email': uid.email.toLowerCase(), + 'email': util.normalizeEmail(uid.email), 'verified': true } } @@ -332,6 +333,7 @@ class PublicKey { * @return {Array} A list of user ids with nonces */ async _flagForRemove(keyId, email) { + email = util.normalizeEmail(email); const query = email ? {'userIds.email': email} : {keyId}; const key = await this._mongo.get(query, DB_TYPE); if (!key) { diff --git a/src/service/util.js b/src/service/util.js index 816cb85..2c24c24 100644 --- a/src/service/util.js +++ b/src/service/util.js @@ -78,6 +78,18 @@ exports.isEmail = function(data) { return re.test(data); }; +/** + * Normalize email address to lowercase. + * @param {string} email The email address + * @return {string} lowercase email address + */ +exports.normalizeEmail = function(email) { + if (email) { + email = email.toLowerCase(); + } + return email; +}; + /** * Create an error with a custom status attribute e.g. for http codes. * @param {number} status The error's http status code