diff --git a/files/routes/login.py b/files/routes/login.py index 187d8b323..bcd1f2e56 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -267,14 +267,6 @@ def sign_up_post(v): email = email.strip() if not email: email = None - #counteract gmail username+2 and extra period tricks - convert submitted email to actual inbox - if email and email.endswith("@gmail.com"): - email=email.split('@')[0] - email=email.split('+')[0] - email=email.replace('.','') - email=f"{email}@gmail.com" - - existing_account = get_user(username, graceful=True) if existing_account and existing_account.reserved: return redirect(existing_account.permalink) @@ -380,15 +372,18 @@ def post_forgot(): email=email.replace("_","\_") - if email.endswith("@gmail.com"): + user = g.db.query(User).filter( + User.username.ilike(username), + User.email.ilike(email)).first() + + if not user and email.endswith("@gmail.com"): email=email.split('@')[0] email=email.split('+')[0] email=email.replace('.','') email=f"{email}@gmail.com" - - user = g.db.query(User).filter( - User.username.ilike(username), - User.email.ilike(email)).first() + user = g.db.query(User).filter( + User.username.ilike(username), + User.email.ilike(email)).first() if user: # generate url @@ -501,16 +496,15 @@ def request_2fa_disable(): email=request.form.get("email") - if email and email.endswith("@gmail.com"): + if email != user.email and email.endswith("@gmail.com"): email=email.split('@')[0] email=email.split('+')[0] email=email.replace('.','') email=f"{email}@gmail.com" - - if email != user.email: - return render_template("message.html", - title="Removal request received", - message="If username, password, and email match, we will send you an email.") + if email != user.email: + return render_template("message.html", + title="Removal request received", + message="If username, password, and email match, we will send you an email.") password =request.form.get("password") diff --git a/files/routes/settings.py b/files/routes/settings.py index 28477a011..cd0ec3967 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -240,15 +240,8 @@ def settings_security_post(v): escape("Invalid password.")) new_email = request.form.get("new_email","").strip() - #counteract gmail username+2 and extra period tricks - convert submitted email to actual inbox - if new_email.endswith("@gmail.com"): - gmail_username=new_email.split('@')[0] - gmail_username=gmail_username.split("+")[0] - gmail_username=gmail_username.replace('.','') - new_email=f"{gmail_username}@gmail.com" if new_email == v.email: - return redirect("/settings/security?error=" + - escape("That email is already yours!")) + return redirect("/settings/security?error=That email is already yours!") # check to see if email is in use existing = g.db.query(User).filter(User.id != v.id,