88from flask import Request , abort , current_app , g , redirect , session , url_for
99from flask .typing import ResponseReturnValue
1010from sentry_sdk import set_user
11+ from sqlalchemy import func
1112
1213from api .extensions import oidc
1314from api .models import OktaUser
@@ -19,7 +20,9 @@ def authenticate_user(request: Request) -> Optional[ResponseReturnValue]:
1920 if current_app .config ["ENV" ] in ("development" , "test" ):
2021 # Bypass authentication for development and testing
2122 current_user = (
22- OktaUser .query .filter (OktaUser .email .ilike (current_app .config ["CURRENT_OKTA_USER_EMAIL" ]))
23+ OktaUser .query .filter (
24+ func .lower (OktaUser .email ) == func .lower (current_app .config ["CURRENT_OKTA_USER_EMAIL" ])
25+ )
2326 .filter (OktaUser .deleted_at .is_ (None ))
2427 .first_or_404 ()
2528 )
@@ -28,7 +31,7 @@ def authenticate_user(request: Request) -> Optional[ResponseReturnValue]:
2831 payload = CloudflareAuthenticationHelpers .verify_cloudflare_token (request )
2932 if "email" in payload :
3033 current_user = (
31- OktaUser .query .filter (OktaUser .email . ilike (payload ["email" ]))
34+ OktaUser .query .filter (func . lower ( OktaUser .email ) == func . lower (payload ["email" ]))
3235 .filter (OktaUser .deleted_at .is_ (None ))
3336 .first_or_404 ()
3437 )
@@ -48,7 +51,9 @@ def authenticate_user(request: Request) -> Optional[ResponseReturnValue]:
4851 )
4952 return redirect (redirect_uri )
5053 current_user = (
51- OktaUser .query .filter (OktaUser .email .ilike (session ["oidc_auth_profile" ].get ("email" )))
54+ OktaUser .query .filter (
55+ func .lower (OktaUser .email ) == func .lower (session ["oidc_auth_profile" ].get ("email" ))
56+ )
5257 .filter (OktaUser .deleted_at .is_ (None ))
5358 .first_or_404 ()
5459 )
0 commit comments