studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛(backend) filter invitation with case insensitive email

Browse Source 
A user can be invited and no control is made on the email case. Then,
when a new user is created, we are looking if there are pending
invitation and the lookup used is case sensitive. We change it using
__iexact which is case insensitive.
This commit is contained in:
Manuel Raynaud
2025-10-07 11:41:45 +02:00
parent b3980e7bf1
commit 590b67fd71
3 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -43,6 +43,7 @@ and this project adheres to
- 🐛(frontend) fix attachment download filename #1447 - 🐛(frontend) fix attachment download filename #1447
- 🐛(frontend) exclude h4-h6 headings from table of contents #1441 - 🐛(frontend) exclude h4-h6 headings from table of contents #1441
- 🔒(frontend) prevent readers from changing callout emoji #1449 - 🔒(frontend) prevent readers from changing callout emoji #1449
- 🐛(backend) filter invitation with case insensitive email
## [3.7.0] - 2025-09-12 ## [3.7.0] - 2025-09-12

2
src/backend/core/models.py
View File

@@ -221,7 +221,7 @@ class User(AbstractBaseUser, BaseModel, auth_models.PermissionsMixin):
Expired invitations are ignored. Expired invitations are ignored.
""" """
valid_invitations = Invitation.objects.filter( valid_invitations = Invitation.objects.filter(
email=self.email, email__iexact=self.email,
created_at__gte=( created_at__gte=(
timezone.now() timezone.now()
- timedelta(seconds=settings.INVITATION_VALIDITY_DURATION) - timedelta(seconds=settings.INVITATION_VALIDITY_DURATION)

32
src/backend/core/tests/test_models_users.py
View File

@@ -8,7 +8,7 @@ from django.core.exceptions import ValidationError
import pytest import pytest
from core import factories from core import factories, models
pytestmark = pytest.mark.django_db pytestmark = pytest.mark.django_db
@@ -66,3 +66,33 @@ def test_models_users_sub_validator(sub, is_valid):
match=("Enter a valid sub. This value should be ASCII only."), match=("Enter a valid sub. This value should be ASCII only."),
): ):
user.full_clean() user.full_clean()
def test_modes_users_convert_valid_invitations():
"""
The "convert_valid_invitations" method should convert valid invitations to document accesses.
"""
email = "test@example.com"
document = factories.DocumentFactory()
other_document = factories.DocumentFactory()
invitation_document = factories.InvitationFactory(email=email, document=document)
invitation_other_document = factories.InvitationFactory(
email="Test@example.coM", document=other_document
)
other_email_invitation = factories.InvitationFactory(
email="pre_test@example.com", document=document
)
assert document.accesses.count() == 0
assert other_document.accesses.count() == 0
user = factories.UserFactory(email=email)
assert document.accesses.filter(user=user).count() == 1
assert other_document.accesses.filter(user=user).count() == 1
assert not models.Invitation.objects.filter(id=invitation_document.id).exists()
assert not models.Invitation.objects.filter(
id=invitation_other_document.id
).exists()
assert models.Invitation.objects.filter(id=other_email_invitation.id).exists()