From 62073992c523cc9b40c342c8443966cda7d8b5a4 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Fri, 14 Oct 2016 13:56:53 +0100
Subject: [PATCH 1/4] Make password reset email field case insensitive

---
 synapse/storage/registration.py               | 30 ++++++++++++-------
 .../user_threepids_medium_address_index.sql   | 16 ++++++++++
 2 files changed, 36 insertions(+), 10 deletions(-)
 create mode 100644 synapse/storage/schema/delta/36/user_threepids_medium_address_index.sql

diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index e404fa72de..a6aa64f9fb 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -458,17 +458,27 @@ class RegistrationStore(background_updates.BackgroundUpdateStore):
 
     @defer.inlineCallbacks
     def get_user_id_by_threepid(self, medium, address):
-        ret = yield self._simple_select_one(
-            "user_threepids",
-            {
-                "medium": medium,
-                "address": address
-            },
-            ['user_id'], True, 'get_user_id_by_threepid'
+        def f(txn):
+            sql = (
+                "SELECT user_id"
+                " FROM user_threepids"
+                " WHERE medium = ? AND LOWER(address) = LOWER(?)"
+            )
+            txn.execute(sql, (medium, address))
+            row = txn.fetchone()
+            if not row:
+                return None
+            if txn.rowcount > 1:
+                raise StoreError(500, "More than one row matched")
+            return {
+                "user_id": row[0]
+            }
+
+        res = yield self.runInteraction(
+            "get_user_id_by_threepid", f
         )
-        if ret:
-            defer.returnValue(ret['user_id'])
-        defer.returnValue(None)
+
+        defer.returnValue(res)
 
     def user_delete_threepids(self, user_id):
         return self._simple_delete(
diff --git a/synapse/storage/schema/delta/36/user_threepids_medium_address_index.sql b/synapse/storage/schema/delta/36/user_threepids_medium_address_index.sql
new file mode 100644
index 0000000000..702a872784
--- /dev/null
+++ b/synapse/storage/schema/delta/36/user_threepids_medium_address_index.sql
@@ -0,0 +1,16 @@
+/* Copyright 2016 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+CREATE INDEX user_threepids_medium_address on user_threepids (medium, LOWER(address));

From 29c592202136a3bdb04f78a49d02b7b53893a973 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Fri, 14 Oct 2016 16:20:24 +0100
Subject: [PATCH 2/4] Revert part of 6207399

older sqlite doesn't support indexes on expressions, lets just
store things lowercase in the db
---
 synapse/storage/registration.py | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index a6aa64f9fb..e404fa72de 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -458,27 +458,17 @@ class RegistrationStore(background_updates.BackgroundUpdateStore):
 
     @defer.inlineCallbacks
     def get_user_id_by_threepid(self, medium, address):
-        def f(txn):
-            sql = (
-                "SELECT user_id"
-                " FROM user_threepids"
-                " WHERE medium = ? AND LOWER(address) = LOWER(?)"
-            )
-            txn.execute(sql, (medium, address))
-            row = txn.fetchone()
-            if not row:
-                return None
-            if txn.rowcount > 1:
-                raise StoreError(500, "More than one row matched")
-            return {
-                "user_id": row[0]
-            }
-
-        res = yield self.runInteraction(
-            "get_user_id_by_threepid", f
+        ret = yield self._simple_select_one(
+            "user_threepids",
+            {
+                "medium": medium,
+                "address": address
+            },
+            ['user_id'], True, 'get_user_id_by_threepid'
         )
-
-        defer.returnValue(res)
+        if ret:
+            defer.returnValue(ret['user_id'])
+        defer.returnValue(None)
 
     def user_delete_threepids(self, user_id):
         return self._simple_delete(

From df2a616c7b028a6eb8b50c57e7e73847287a6feb Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Wed, 19 Oct 2016 11:13:55 +0100
Subject: [PATCH 3/4] Convert emails to lowercase when storing

And db migration sql to convert existing addresses.
---
 synapse/handlers/auth.py                             | 12 ++++++++++++
 ...s_medium_address_index.sql => user_threepids.sql} |  9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 rename synapse/storage/schema/delta/36/{user_threepids_medium_address_index.sql => user_threepids.sql} (73%)

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index dc0fe60e1b..3635521230 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -611,6 +611,18 @@ class AuthHandler(BaseHandler):
 
     @defer.inlineCallbacks
     def add_threepid(self, user_id, medium, address, validated_at):
+        # 'Canonicalise' email addresses down to lower case.
+        # We've now moving towards the Home Server being the entity that
+        # is responsible for validating threepids used for resetting passwords
+        # on accounts, so in future Synapse will gain knowledge of specific
+        # types (mediums) of threepid. For now, we still use the existing
+        # infrastructure, but this is the start of synapse gaining knowledge
+        # of specific types of threepid (and fixes the fact that checking
+        # for the presenc eof an email address during password reset was
+        # case sensitive).
+        if medium == 'email':
+            address = address.lower()
+
         yield self.store.user_add_threepid(
             user_id, medium, address, validated_at,
             self.hs.get_clock().time_msec()
diff --git a/synapse/storage/schema/delta/36/user_threepids_medium_address_index.sql b/synapse/storage/schema/delta/36/user_threepids.sql
similarity index 73%
rename from synapse/storage/schema/delta/36/user_threepids_medium_address_index.sql
rename to synapse/storage/schema/delta/36/user_threepids.sql
index 702a872784..ef8813e72a 100644
--- a/synapse/storage/schema/delta/36/user_threepids_medium_address_index.sql
+++ b/synapse/storage/schema/delta/36/user_threepids.sql
@@ -13,4 +13,11 @@
  * limitations under the License.
  */
 
-CREATE INDEX user_threepids_medium_address on user_threepids (medium, LOWER(address));
+/*
+ * Update any email addresses that were stored with mixed case into all
+ * lowercase
+ */
+UPDATE user_threepids SET address = LOWER(address) where medium = 'email';
+
+/* Add an index for the select we do on passwored reset */
+CREATE INDEX user_threepids_medium_address on user_threepids (medium, address);

From 0108ed8ae6430b551a6d8e9f05820c615631a84b Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Wed, 19 Oct 2016 11:40:35 +0100
Subject: [PATCH 4/4] Latest delta is now 37

---
 synapse/storage/schema/delta/{36 => 37}/user_threepids.sql | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename synapse/storage/schema/delta/{36 => 37}/user_threepids.sql (100%)

diff --git a/synapse/storage/schema/delta/36/user_threepids.sql b/synapse/storage/schema/delta/37/user_threepids.sql
similarity index 100%
rename from synapse/storage/schema/delta/36/user_threepids.sql
rename to synapse/storage/schema/delta/37/user_threepids.sql