Giters

MIT-LCP / physionet-build

The new PhysioNet platform.

Home Page:https://physionet.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Default reference emails to lowercase when comparing to user's email address in credential applications

mscanlan-git opened this issue · comments

commented

Currently, users are able to use the same email address for both themselves and their reference as the current check is not case sensitive.

Without publicly revealing the case I discovered this, here's an example:

Personal: test@mit.edu
Reference: Test@mit.edu

The code that checks the email addresses is as followed:

    def clean_reference_email(self):
        reference_email = self.cleaned_data.get('reference_email')
        if reference_email:
            if reference_email in self.user.get_emails():
                raise forms.ValidationError("""You can not put yourself
                    as a reference.""")
            else:
                validate_institutional_email(reference_email)
                return reference_email.strip()

Instead of if reference_email in self.user.get_emails(): we should do a comparison with .lower() to default both email addresses to lowercase then compare. This would allow us to prevent this bug from occurring.

commented

Good catch!