From f7f3e19e5ee0c2d8ec44399369648d7c22a0ac96 Mon Sep 17 00:00:00 2001
From: Matteo Bertucci <matteobertucci2004@gmail.com>
Date: Sun, 26 Dec 2021 11:55:21 +0100
Subject: Model: makes Form.id case insensitive

Note that it will make any existing form with an upper case letter impossible to access until its ID is changed, which shouldn't be the case in production according to @HassanAbouelela
---
 backend/routes/forms/form.py | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

(limited to 'backend/routes/forms')

diff --git a/backend/routes/forms/form.py b/backend/routes/forms/form.py
index 3ea3acb..0f96b85 100644
--- a/backend/routes/forms/form.py
+++ b/backend/routes/forms/form.py
@@ -32,7 +32,7 @@ class SingleForm(Route):
     async def get(self, request: Request) -> JSONResponse:
         """Returns single form information by ID."""
         admin = request.user.admin if request.user.is_authenticated else False
-        form_id = request.path_params["form_id"]
+        form_id = request.path_params["form_id"].lower()
 
         filters = {
             "_id": form_id
@@ -70,7 +70,7 @@ class SingleForm(Route):
         except json.decoder.JSONDecodeError:
             return JSONResponse("Expected a JSON body.", 400)
 
-        form_id = {"_id": request.path_params["form_id"]}
+        form_id = {"_id": request.path_params["form_id"].lower()}
         if raw_form := await request.state.db.forms.find_one(form_id):
             if "_id" in data or "id" in data:
                 if (data.get("id") or data.get("_id")) != form_id["_id"]:
@@ -90,10 +90,7 @@ class SingleForm(Route):
             except ValidationError as e:
                 return JSONResponse(e.errors(), status_code=422)
 
-            await request.state.db.forms.replace_one(
-                {"_id": request.path_params["form_id"]},
-                form.dict()
-            )
+            await request.state.db.forms.replace_one(form_id, form.dict())
 
             return JSONResponse(form.dict())
         else:
@@ -107,15 +104,15 @@ class SingleForm(Route):
     async def delete(self, request: Request) -> JSONResponse:
         """Deletes form by ID."""
         if not await request.state.db.forms.find_one(
-            {"_id": request.path_params["form_id"]}
+            {"_id": request.path_params["form_id"].lower()}
         ):
             return JSONResponse({"error": "not_found"}, status_code=404)
 
         await request.state.db.forms.delete_one(
-            {"_id": request.path_params["form_id"]}
+            {"_id": request.path_params["form_id"].lower()}
         )
         await request.state.db.responses.delete_many(
-            {"form_id": request.path_params["form_id"]}
+            {"form_id": request.path_params["form_id"].lower()}
         )
 
         return JSONResponse({"status": "ok"})
-- 
cgit v1.2.3