fix: allow users to login using their email

Signed-off-by: Kevin Morris <kevr@0cost.org>
2025-02-03 10:43:03 +01:00 · 2022-02-05 02:29:41 -08:00 · 2022-02-05 02:29:41 -08:00 · c80a16c254
commit c80a16c254
parent f3360d1249
2 changed files with 18 additions and 1 deletions
--- a/aurweb/routers/auth.py
+++ b/aurweb/routers/auth.py
@ -2,6 +2,7 @@ from http import HTTPStatus

 from fastapi import APIRouter, Form, HTTPException, Request
 from fastapi.responses import HTMLResponse, RedirectResponse
+from sqlalchemy import or_

 import aurweb.config

@ -43,7 +44,9 @@ async def login_post(request: Request,
        raise HTTPException(status_code=HTTPStatus.BAD_REQUEST,
                            detail=_("Bad Referer header."))

-    user = db.query(User).filter(User.Username == user).first()
+    user = db.query(User).filter(
+        or_(User.Username == user, User.Email == user)
+    ).first()
    if not user:
        return await login_template(request, next,
                                    errors=["Bad username or password."])
--- a/test/test_auth_routes.py
+++ b/test/test_auth_routes.py
@ -79,6 +79,20 @@ def test_login_logout(client: TestClient, user: User):
    assert "AURSID" not in response.cookies


+def test_login_email(client: TestClient, user: user):
+    post_data = {
+        "user": user.Email,
+        "passwd": "testPassword",
+        "next": "/"
+    }
+
+    with client as request:
+        resp = request.post("/login", data=post_data,
+                            allow_redirects=False)
+    assert resp.status_code == int(HTTPStatus.SEE_OTHER)
+    assert "AURSID" in resp.cookies
+
+
 def mock_getboolean(a, b):
    if a == "options" and b == "disable_http_login":
        return True