Fix normalization of email to lowercase

2019-03-06 15:47:46 +01:00 · 2019-03-06 15:47:46 +01:00 · 1fcf791560
parent aad782573d
commit 1fcf791560
5 changed files with 21 additions and 7 deletions
--- a/src/route/hkp.js
+++ b/src/route/hkp.js
@ -43,7 +43,7 @@ class HKP {
      ctx.throw(400, 'Invalid request!');
    }
    const origin = util.origin(ctx);
-    await this._publicKey.put({emails: [], publicKeyArmored, origin});
+    await this._publicKey.put({publicKeyArmored, origin});
    ctx.body = 'Upload successful. Check your inbox to verify your email address.';
    ctx.status = 201;
  }
--- a/src/route/rest.js
+++ b/src/route/rest.js
@ -43,7 +43,7 @@ class REST {
      ctx.throw(400, 'Invalid request!');
    }
    const origin = util.origin(ctx);
-    await this._publicKey.put({emails: emails ? emails : [], publicKeyArmored, origin});
+    await this._publicKey.put({emails, publicKeyArmored, origin});
    ctx.body = 'Upload successful. Check your inbox to verify your email address.';
    ctx.status = 201;
  }
--- a/src/service/pgp.js
+++ b/src/service/pgp.js
@ -136,7 +136,7 @@ class PGP {
          result.push({
            status: userStatus,
            name: uid.name,
-            email: uid.address.toLowerCase(),
+            email: util.normalizeEmail(uid.address),
            verified: false
          });
        }
@ -154,7 +154,7 @@ class PGP {
  async filterKeyByUserIds(userIds, armored) {
    const emails = userIds.map(({email}) => email);
    const {keys: [key]} = await openpgp.key.readArmored(armored);
-    key.users = key.users.filter(({userId: {email}}) => emails.includes(email));
+    key.users = key.users.filter(({userId: {email}}) => emails.includes(util.normalizeEmail(email)));
    return key.armor();
  }

@ -187,7 +187,7 @@ class PGP {
   */
  async removeUserId(email, publicKeyArmored) {
    const {keys: [key]} = await openpgp.key.readArmored(publicKeyArmored);
-    key.users = key.users.filter(({userId}) => userId.email !== email);
+    key.users = key.users.filter(({userId}) => util.normalizeEmail(userId.email) !== email);
    return key.armor();
  }
 }
--- a/src/service/public-key.js
+++ b/src/service/public-key.js
@ -68,7 +68,8 @@ class PublicKey {
   * @param {Object} origin             Required for links to the keyserver e.g. { protocol:'https', host:'openpgpkeys@example.com' }
   * @return {Promise}
   */
-  async put({emails, publicKeyArmored, origin}) {
+  async put({emails = [], publicKeyArmored, origin}) {
+    emails = emails.map(util.normalizeEmail);
    // lazily purge old/unverified keys on every key upload
    await this._purgeOldUnverified();
    // parse key block
@ -267,7 +268,7 @@ class PublicKey {
      queries = queries.concat(userIds.map(uid => ({
        userIds: {
          $elemMatch: {
-            'email': uid.email.toLowerCase(),
+            'email': util.normalizeEmail(uid.email),
            'verified': true
          }
        }
@ -332,6 +333,7 @@ class PublicKey {
   * @return {Array}          A list of user ids with nonces
   */
  async _flagForRemove(keyId, email) {
+    email = util.normalizeEmail(email);
    const query = email ? {'userIds.email': email} : {keyId};
    const key = await this._mongo.get(query, DB_TYPE);
    if (!key) {
--- a/src/service/util.js
+++ b/src/service/util.js
@ -78,6 +78,18 @@ exports.isEmail = function(data) {
  return re.test(data);
 };

+/**
+ * Normalize email address to lowercase.
+ * @param  {string} email   The email address
+ * @return {string}       lowercase email address
+ */
+exports.normalizeEmail = function(email) {
+  if (email) {
+    email = email.toLowerCase();
+  }
+  return email;
+};
+
 /**
 * Create an error with a custom status attribute e.g. for http codes.
 * @param  {number} status    The error's http status code