Make all LIKE queries case insensitive (#2402)

6be629ae · Ahmad Farhat · GitHub · 752b192e · 6be629ae · 6be629ae
Unverified Commit 6be629ae authored 4 years ago by Ahmad Farhat Committed by GitHub 4 years ago
--- a/app/models/concerns/queries.rb
+++ b/app/models/concerns/queries.rb
+# frozen_string_literal: true
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+module Queries
+  extend ActiveSupport::Concern
+  def created_at_text
+    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
+    # Postgres requires created_at to be cast to a string
+    if active_database == "postgresql"
+      "created_at::text"
+    else
+      "created_at"
+    end
+  end
+  def like_text
+    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
+    # Use postgres case insensitive like
+    if active_database == "postgresql"
+      "ILIKE"
+    else
+      "LIKE"
+    end
+  end
+end
--- a/app/models/room.rb
+++ b/app/models/room.rb
@@ -32,23 +32,19 @@ class Room < ApplicationRecord
  has_one_attached :presentation
-  def self.admins_search(string)
+  class << self
-    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
+    include Queries
-    # Postgres requires created_at to be cast to a string
-    created_at_query = if active_database == "postgresql"
-      "created_at::text"
-    else
-      "created_at"
-    end
-    search_query = "rooms.name LIKE :search OR rooms.uid LIKE :search OR users.email LIKE :search" \
+    def admins_search(string)
-    " OR users.#{created_at_query} LIKE :search"
+      like = like_text
+      search_query = "rooms.name #{like} :search OR rooms.uid #{like} :search OR users.email #{like} :search" \
+      " OR users.#{created_at_text} #{like} :search"
      search_param = "%#{sanitize_sql_like(string)}%"
      where(search_query, search: search_param)
    end
-  def self.admins_order(column, direction, running_ids)
+    def admins_order(column, direction, running_ids)
      # Include the owner of the table
      table = joins(:owner)
@@ -63,6 +59,7 @@ class Room < ApplicationRecord
      table
    end
+  end
  # Determines if a user owns a room.
  def owned_by?(user)

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -54,6 +54,7 @@ class User < ApplicationRecord
  class << self
    include AuthValues
+    include Queries
    # Generates a user from omniauth.
    def from_omniauth(auth)
@@ -69,49 +70,47 @@ class User < ApplicationRecord
        u.save!
      end
    end
-  end
-  def self.admins_search(string)
+    def admins_search(string)
      return all if string.blank?
-    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
+      like = like_text # Get the correct like clause to use based on db adapter
-    # Postgres requires created_at to be cast to a string
-    created_at_query = if active_database == "postgresql"
-      "created_at::text"
-    else
-      "created_at"
-    end
-    search_query = "users.name LIKE :search OR email LIKE :search OR username LIKE :search" \
+      search_query = "users.name #{like} :search OR email #{like} :search OR username #{like} :search" \
-                  " OR users.#{created_at_query} LIKE :search OR users.provider LIKE :search" \
+                    " OR users.#{created_at_text} #{like} :search OR users.provider #{like} :search" \
-                  " OR roles.name LIKE :search"
+                    " OR roles.name #{like} :search"
      search_param = "%#{sanitize_sql_like(string)}%"
      where(search_query, search: search_param)
    end
-  def self.admins_order(column, direction)
+    def admins_order(column, direction)
      # Arel.sql to avoid sql injection
      order(Arel.sql("users.#{column} #{direction}"))
    end
-  def self.shared_list_search(string)
+    def shared_list_search(string)
      return all if string.blank?
-    search_query = "users.name LIKE :search OR users.uid LIKE :search"
+      like = like_text # Get the correct like clause to use based on db adapter
+      search_query = "users.name #{like} :search OR users.uid #{like} :search"
      search_param = "%#{sanitize_sql_like(string)}%"
      where(search_query, search: search_param)
    end
-  def self.merge_list_search(string)
+    def merge_list_search(string)
      return all if string.blank?
-    search_query = "users.name LIKE :search OR users.email LIKE :search"
+      like = like_text # Get the correct like clause to use based on db adapter
+      search_query = "users.name #{like} :search OR users.email #{like} :search"
      search_param = "%#{sanitize_sql_like(string)}%"
      where(search_query, search: search_param)
    end
+  end
  # Returns a list of rooms ordered by last session (with nil rooms last)
  def ordered_rooms