From f7f3e19e5ee0c2d8ec44399369648d7c22a0ac96 Mon Sep 17 00:00:00 2001
From: Matteo Bertucci <matteobertucci2004@gmail.com>
Date: Sun, 26 Dec 2021 11:55:21 +0100
Subject: Model: makes Form.id case insensitive

Note that it will make any existing form with an upper case letter impossible to access until its ID is changed, which shouldn't be the case in production according to @HassanAbouelela
---
 backend/models/form.py       |  4 ++--
 backend/routes/forms/form.py | 15 ++++++---------
 2 files changed, 8 insertions(+), 11 deletions(-)

(limited to 'backend')

diff --git a/backend/models/form.py b/backend/models/form.py
index 30ae0e7..f19ed85 100644
--- a/backend/models/form.py
+++ b/backend/models/form.py
@@ -1,7 +1,7 @@
 import typing as t
 
 import httpx
-from pydantic import BaseModel, Field, root_validator, validator
+from pydantic import constr, BaseModel, Field, root_validator, validator
 from pydantic.error_wrappers import ErrorWrapper, ValidationError
 
 from backend.constants import FormFeatures, WebHook
@@ -35,7 +35,7 @@ class _WebHook(BaseModel):
 class Form(BaseModel):
     """Schema model for form."""
 
-    id: str = Field(alias="_id")
+    id: constr(to_lower=True) = Field(alias="_id")
     features: list[str]
     questions: list[Question]
     name: str
diff --git a/backend/routes/forms/form.py b/backend/routes/forms/form.py
index 3ea3acb..0f96b85 100644
--- a/backend/routes/forms/form.py
+++ b/backend/routes/forms/form.py
@@ -32,7 +32,7 @@ class SingleForm(Route):
     async def get(self, request: Request) -> JSONResponse:
         """Returns single form information by ID."""
         admin = request.user.admin if request.user.is_authenticated else False
-        form_id = request.path_params["form_id"]
+        form_id = request.path_params["form_id"].lower()
 
         filters = {
             "_id": form_id
@@ -70,7 +70,7 @@ class SingleForm(Route):
         except json.decoder.JSONDecodeError:
             return JSONResponse("Expected a JSON body.", 400)
 
-        form_id = {"_id": request.path_params["form_id"]}
+        form_id = {"_id": request.path_params["form_id"].lower()}
         if raw_form := await request.state.db.forms.find_one(form_id):
             if "_id" in data or "id" in data:
                 if (data.get("id") or data.get("_id")) != form_id["_id"]:
@@ -90,10 +90,7 @@ class SingleForm(Route):
             except ValidationError as e:
                 return JSONResponse(e.errors(), status_code=422)
 
-            await request.state.db.forms.replace_one(
-                {"_id": request.path_params["form_id"]},
-                form.dict()
-            )
+            await request.state.db.forms.replace_one(form_id, form.dict())
 
             return JSONResponse(form.dict())
         else:
@@ -107,15 +104,15 @@ class SingleForm(Route):
     async def delete(self, request: Request) -> JSONResponse:
         """Deletes form by ID."""
         if not await request.state.db.forms.find_one(
-            {"_id": request.path_params["form_id"]}
+            {"_id": request.path_params["form_id"].lower()}
         ):
             return JSONResponse({"error": "not_found"}, status_code=404)
 
         await request.state.db.forms.delete_one(
-            {"_id": request.path_params["form_id"]}
+            {"_id": request.path_params["form_id"].lower()}
         )
         await request.state.db.responses.delete_many(
-            {"form_id": request.path_params["form_id"]}
+            {"form_id": request.path_params["form_id"].lower()}
         )
 
         return JSONResponse({"status": "ok"})
-- 
cgit v1.2.3