Fix #1182 #1188
Fix #1182 #1188
Conversation
| @@ -136,7 +136,8 @@ async function add(req, res) { | |||
| } | |||
|
|
|||
| async function bundleVerifiedEmails(email, emailSha1, ifPrimary, id, verificationStatus, allBreaches) { | |||
| const foundBreaches = await HIBP.getBreachesForEmail(emailSha1, allBreaches, true); | |||
| const lowerCaseEmailSha = sha1(email.toLowerCase()); | |||
There was a problem hiding this comment.
indeed it is!
Do we need to update the existing records in the DB and lowercase some emails/SHAs? |
|
@pdehaan re: your last comment, I would think that updating existing records would be ideal right? @groovecoder what would that look like/is it feasible? Also curious: I'm no longer able to add variations of |
There was a problem hiding this comment.
Dang, this actually needs a pretty extensive fix ...
- Lower-case email addresses before they go into
subscribers.primary_emailtoo (callemail.toLowerCase()in theoauthconfirmedcontroller before we calladdSubscriber). - Update all
subscribers.primary_emailandsubscribers.primary_sha1values to their corresponding lower-case values. - Update all
email_addresses.emailandemail_addresses.sha1values to their corresponding lower-case values. - Remove all existing non-lowercase email address sha1 value subscriptions from HIBP
- Re-subscribe lower-case versions of all the non-lowercase email address sha1 value subscriptions that we remove in step 3.
Step 1 can be done in this PR.
Steps 2-4 can either be done in a big batch job (probably best) or can be done ad-hoc as users sign in.
| for (const email of monitoredEmails) { | ||
| if (email.verified) { | ||
| const formattedEmail = await bundleVerifiedEmails(email.email, email.sha1, false, email.id, email.verified, allBreaches); | ||
| const formattedEmail = await bundleVerifiedEmails(email.email, false, email.id, email.verified, allBreaches); |
There was a problem hiding this comment.
non-blocking observation ...
This function call signature reminds me I've been wanting to go thru our code-base and use JS options objects in most of our functions.
bundleVerifiedEmailsto convert existing user emails to lowercase letters before making a new sha1 hash (of the newly lowercased email) to use for scanning breaches.