Skip to content

Commit

Permalink
Perform case-insensitive username checking
Browse files Browse the repository at this point in the history
Fixes #34.
  • Loading branch information
domenic committed Feb 27, 2019
1 parent 68307e6 commit 093641d
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 1 deletion.
11 changes: 11 additions & 0 deletions __tests__/__snapshots__/get-user-status.js.snap
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,17 @@ Object {
}
`;

exports[`Individual exists, but their username is spelled with a different case 1`] = `
Object {
"context": "Participation",
"description": "@JANEdoetw has signed up to participate as an individual",
"isNothing": false,
"longDescription": "@JANEdoetw has signed up to participate as an individual. All is well; contribute at will!",
"state": "success",
"target_url": "https://participate.whatwg.org/agreement-status?user=JANEdoetw&repo=console",
}
`;

exports[`Individual, participating in all workstreams, unverified 1`] = `
Object {
"context": "Participation",
Expand Down
9 changes: 9 additions & 0 deletions __tests__/get-user-status.js
Original file line number Diff line number Diff line change
Expand Up @@ -211,3 +211,12 @@ test("Individuals exist, but the user is not one of them; it is an XSS attempt",
]);
expect(await getUserStatus("<script>alert(1);</script>", "console")).toMatchSnapshot();
});


test("Individual exists, but their username is spelled with a different case", async () => {
mockData.set("individual-public", [
individualData(["console"], true, { id: "janeDOEtw" })
]);

expect(await getUserStatus("JANEdoetw", "console")).toMatchSnapshot();
});
3 changes: 2 additions & 1 deletion lib/get-user-status.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ module.exports = async (submitterGitHubID, repoName) => {
]);

for (const individual of individualsData.content) {
if (individual.info.gitHubID === submitterGitHubID) {
// Using .toLowerCase() is safe because GitHub usernames only allow ASCII.
if (individual.info.gitHubID.toLowerCase() === submitterGitHubID.toLowerCase()) {
if (individual.verified) {
if (individual.workstreams === "all" || individual.workstreams.includes(repoName)) {
return statusIndividual(submitterGitHubID, repoName);
Expand Down

0 comments on commit 093641d

Please sign in to comment.