From dde11336ed4f722ce2e86b4495e5b23a449d6fe3 Mon Sep 17 00:00:00 2001
From: meskio <meskio@sindominio.net>
Date: Sat, 23 Jan 2021 17:34:30 +0100
Subject: [PATCH] Trim and lower login names

---
 api/db/member.go | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/api/db/member.go b/api/db/member.go
index 4b86dbb..a064445 100644
--- a/api/db/member.go
+++ b/api/db/member.go
@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"log"
+	"strings"
 	"time"
 
 	"golang.org/x/crypto/argon2"
@@ -47,9 +48,9 @@ type MemberReq struct {
 
 func (d DB) AddMember(memberReq *MemberReq) (member Member, err error) {
 	member.Num = memberReq.Num
-	member.Login = memberReq.Login
+	member.Login = cleanLogin(*memberReq.Login)
 	member.Name = memberReq.Name
-	member.Email = memberReq.Email
+	member.Email = strings.TrimSpace(memberReq.Email)
 	member.Phone = memberReq.Phone
 	member.Balance = memberReq.Balance
 	member.Role = memberReq.Role
@@ -97,13 +98,13 @@ func (d DB) UpdateMember(num int, member MemberReq, checkPass bool) (Member, err
 		dbMember.Num = member.Num
 	}
 	if member.Login != nil {
-		dbMember.Login = member.Login
+		dbMember.Login = cleanLogin(*member.Login)
 	}
 	if member.Name != "" {
 		dbMember.Name = member.Name
 	}
 	if member.Email != "" {
-		dbMember.Email = member.Email
+		dbMember.Email = strings.TrimSpace(member.Email)
 	}
 	if member.Phone != "" {
 		dbMember.Phone = member.Phone
@@ -122,7 +123,8 @@ func (d DB) UpdateMember(num int, member MemberReq, checkPass bool) (Member, err
 }
 
 func (d DB) Login(login, password string) (member Member, err error) {
-	err = d.db.Where("login = ?", login).First(&member).Error
+	err = d.db.Where("login = ?", cleanLogin(login)).
+		First(&member).Error
 	if err != nil {
 		return
 	}
@@ -168,7 +170,7 @@ func (d *DB) ResetPassword(token, password, login string) error {
 		return err
 	}
 	if login != "" {
-		member.Login = &login
+		member.Login = cleanLogin(login)
 	}
 
 	return d.db.Transaction(func(tx *gorm.DB) error {
@@ -228,3 +230,8 @@ func hashPass(password string, salt []byte) []byte {
 
 	return argon2.IDKey([]byte(password), salt, time, memory, threads, keyLen)
 }
+
+func cleanLogin(login string) *string {
+	cleanedLogin := strings.ToLower(strings.TrimSpace(login))
+	return &cleanedLogin
+}
-- 
GitLab