diff --git a/files/mail/__init__.py b/files/mail/__init__.py index 853dbb796..56672dfe0 100644 --- a/files/mail/__init__.py +++ b/files/mail/__init__.py @@ -55,7 +55,7 @@ def api_verify_email(v): @auth_desired def activate(v): - email = request.values.get("email", "").strip() + email = request.values.get("email", "").strip().lower() id = request.values.get("id", "").strip() timestamp = int(request.values.get("time", "0")) token = request.values.get("token", "").strip() diff --git a/files/routes/login.py b/files/routes/login.py index 1aecccb90..e9d017d92 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -278,8 +278,7 @@ def sign_up_post(v): if not re.fullmatch(valid_password_regex, request.values.get("password")): return new_signup("Password must be between 8 and 100 characters.") - email = request.values.get("email") - email = email.strip() + email = request.values.get("email").strip().lower() if email.endswith("@gmail.com"): email=email.split('@')[0] @@ -377,7 +376,7 @@ def get_forgot(): def post_forgot(): username = request.values.get("username").lstrip('@') - email = request.values.get("email",'').strip() + email = request.values.get("email",'').strip().lower() email=email.replace("_","\_") @@ -514,7 +513,7 @@ def request_2fa_disable(): message="If username, password, and email match, we will send you an email.") - email=request.values.get("email") + email=request.values.get("email").strip().lower() if email != user.email and email.endswith("@gmail.com"): email=email.split('@')[0] email=email.split('+')[0] diff --git a/files/routes/settings.py b/files/routes/settings.py index 30caefb38..55623c89b 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -48,7 +48,7 @@ def sex(v): email=email.split('+')[0] email=email.replace('.','').replace('_','') email=f"{email}@gmail.com" - emails.append(email) + emails.append(email.lower()) users = g.db.query(User).filter(User.patron > 0, User.patron < 5, User.email != None).all() for u in users: @@ -548,7 +548,7 @@ def gumroad(v): email=email.split('+')[0] email=email.replace('.','').replace('_','') email=f"{email}@gmail.com" - emails.append(email) + emails.append(email.lower()) if v.email.lower() not in emails: return {"error": "Email not found"}, 404 @@ -561,7 +561,7 @@ def gumroad(v): if existing: return {"error": f"{patron} rewards already claimed on another account"}, 400 if v.patron: - badge = v.has_badge(20+tier) + badge = v.has_badge(20+v.patron) if badge: g.db.delete(badge) v.patron = tier @@ -655,7 +655,7 @@ def settings_security_post(v): return redirect("/settings/security?error=" + escape("Invalid password.")) - new_email = request.values.get("new_email","").strip() + new_email = request.values.get("new_email","").strip().lower() if new_email.endswith("@gmail.com"): new_email=new_email.split('@')[0]