Fixes issue #311 Use email buffer for DEL ‘/email/:email’ route

db-server/index.js

@@ -100,12 +100,12 @@ function createServer(db) {
 
   api.get('/email/:email',
     op(function (req) {
-      return db.getSecondaryEmail(Buffer(req.params.email, 'hex'))
+      return db.getSecondaryEmail(req.params.email)
     })
   )
   api.get('/email/:email/account',
     op(function (req) {
-      return db.accountRecord(Buffer(req.params.email, 'hex'))
+      return db.accountRecord(req.params.email)
     })
   )
   api.post('/email/:email/account/:id',

db-server/test/backend/db_tests.js

@@ -11,6 +11,10 @@ const zeroBuffer16 = Buffer.from('00000000000000000000000000000000', 'hex')
 const zeroBuffer32 = Buffer.from('0000000000000000000000000000000000000000000000000000000000000000', 'hex')
 const now = Date.now()
 
+function emailToHex(email) {
+  return Buffer.from(email).toString('hex')
+}
+
 function newUuid() {
   return crypto.randomBytes(16)
 }
@@ -35,7 +39,7 @@ function createAccount() {
     locale: 'en_US',
   }
   account.normalizedEmail = account.email.toLowerCase()
-  account.emailBuffer = Buffer(account.email)
+  account.emailBuffer = Buffer.from(account.email)
   return account
 }
 
@@ -1399,7 +1403,7 @@ module.exports = function (config, DB) {
       })
 
       it('should get secondary email', () => {
-        return db.getSecondaryEmail(secondEmail.email)
+        return db.getSecondaryEmail(emailToHex(secondEmail.email))
           .then((result) => {
             assert.equal(result.email, secondEmail.email, 'matches secondEmail email')
             assert.equal(!! result.isPrimary, false, 'isPrimary is false on secondEmail email')
@@ -1424,7 +1428,7 @@ module.exports = function (config, DB) {
       })
 
       it('should delete email', () => {
-        return db.deleteEmail(secondEmail.uid, secondEmail.email)
+        return db.deleteEmail(secondEmail.uid, emailToHex(secondEmail.email))
           .then((result) => {
             assert.deepEqual(result, {}, 'Returned an empty object on email deletion')
 
@@ -1482,7 +1486,7 @@ module.exports = function (config, DB) {
       })
 
       it('should fail to delete primary email', () => {
-        return db.deleteEmail(accountData.uid, accountData.normalizedEmail)
+        return db.deleteEmail(accountData.uid, emailToHex(accountData.normalizedEmail))
           .then(assert.fail, (err) => {
             assert.equal(err.errno, 136, 'should return email delete errno')
             assert.equal(err.code, 400, 'should return email delete code')
@@ -1501,7 +1505,7 @@ module.exports = function (config, DB) {
       })
 
       it('should fail to get non-existent secondary email', () => {
-        return db.getSecondaryEmail('non-existent@email.com')
+        return db.getSecondaryEmail(emailToHex('non-existent@email.com'))
           .then(assert.fail, (err) => {
             assert.equal(err.errno, 116, 'should return not found errno')
             assert.equal(err.code, 404, 'should return not found code')
@@ -1692,7 +1696,7 @@ module.exports = function (config, DB) {
 
       it('should change a user\'s email', () => {
         let sessionTokenData
-        return db.setPrimaryEmail(account.uid, secondEmail.email)
+        return db.setPrimaryEmail(account.uid, emailToHex(secondEmail.email))
           .then(function (res) {
             assert.deepEqual(res, {}, 'Returned an empty object on email change')
             return db.accountEmails(account.uid)
@@ -1721,7 +1725,7 @@ module.exports = function (config, DB) {
             assert.equal(session.email, secondEmail.email, 'should equal new primary email')
             assert.deepEqual(session.emailCode, secondEmail.emailCode, 'should equal new primary emailCode')
             assert.deepEqual(session.uid, account.uid, 'should equal account uid')
-            return P.all([db.accountRecord(secondEmail.email), db.accountRecord(account.email)])
+            return P.all([db.accountRecord(emailToHex(secondEmail.email)), db.accountRecord(emailToHex(account.email))])
           })
           .then((res) => {
             assert.deepEqual(res[0], res[1], 'should return the same account record regardless of email used')

db-server/test/backend/remote.js

@@ -10,7 +10,7 @@ const P = require('../../../lib/promise')
 const clientThen = require('../client-then')
 
 function emailToHex(email) {
-  return Buffer(email).toString('hex')
+  return Buffer.from(email).toString('hex')
 }
 
 // Helper function that performs two tests:
@@ -192,7 +192,7 @@ module.exports = function(cfg, makeServer) {
             assert.equal(!! result[2].isPrimary, false, 'isPrimary is false on thirdEmailRecord email')
             assert.equal(!! result[2].isVerified, false, 'matches secondEmail thirdEmailRecord')
 
-            return client.delThen('/account/' + user.accountId + '/emails/' + secondEmailRecord.email)
+            return client.delThen('/account/' + user.accountId + '/emails/' + emailToHex(secondEmailRecord.email))
           })
           .then(function (r) {
             respOkEmpty(r)
@@ -228,7 +228,7 @@ module.exports = function(cfg, makeServer) {
         return client.putThen('/account/' + user.accountId, user.account)
           .then(function(r) {
             respOkEmpty(r)
-            var randomPassword = Buffer(crypto.randomBytes(32)).toString('hex')
+            var randomPassword = Buffer.from(crypto.randomBytes(32)).toString('hex')
             return client.postThen('/account/' + user.accountId + '/checkPassword', {'verifyHash': randomPassword})
             .then(function(r) {
               assert(false, 'should not be here, password isn\'t valid')
@@ -1180,7 +1180,7 @@ module.exports = function(cfg, makeServer) {
           .then(
             function (r) {
               respOkEmpty(r)
-              return client.getThen('/emailBounces/' + Buffer(email).toString('hex'))
+              return client.getThen('/emailBounces/' + Buffer.from(email).toString('hex'))
             }
           )
           .then(

db-server/test/fake.js

@@ -20,7 +20,7 @@ function base64_16() { return base64(16) }
 function base64_65() { return base64(65) }
 
 function buf(len) {
-  return Buffer(crypto.randomBytes(len))
+  return Buffer.from(crypto.randomBytes(len))
 }
 function buf16() { return buf(16) }
 function buf32() { return buf(32) }

lib/db/mem.js

@@ -1072,7 +1072,8 @@ module.exports = function (log, error) {
     return P.resolve({})
   }
 
-  Memory.prototype.getSecondaryEmail = function (emailBuffer) {
+  Memory.prototype.getSecondaryEmail = function (email) {
+    const emailBuffer = Buffer.from(email, 'hex')
     const normalizedEmail = emailBuffer.toString('utf8').toLowerCase()
 
     if (emails[normalizedEmail]) {
@@ -1082,7 +1083,8 @@ module.exports = function (log, error) {
     }
   }
 
-  Memory.prototype.accountRecord = function (emailBuffer) {
+  Memory.prototype.accountRecord = function (email) {
+    const emailBuffer = Buffer.from(email, 'hex')
     const normalizedEmail = emailBuffer.toString('utf8').toLowerCase()
 
     if (! emails[normalizedEmail]) {
@@ -1123,6 +1125,7 @@ module.exports = function (log, error) {
   }
 
   Memory.prototype.setPrimaryEmail = function (uid, email) {
+    email = Buffer.from(email, 'hex').toString('utf8')
     if (! emails[email]) {
       return P.reject(error.notFound())
     }
@@ -1140,6 +1143,7 @@ module.exports = function (log, error) {
   }
 
   Memory.prototype.deleteEmail = function (uid, email) {
+    email = Buffer.from(email, 'hex').toString('utf8')
     var emailRecord = emails[email]
 
     if (emailRecord && emailRecord.uid.toString('hex') === uid.toString('hex') && emailRecord.isPrimary === false) {

lib/db/mysql.js

@@ -806,15 +806,17 @@ module.exports = function (log, error) {
   // Get : email
   // Values : email = $1
   var GET_SECONDARY_EMAIL = 'CALL getSecondaryEmail_1(?)'
-  MySql.prototype.getSecondaryEmail = function (emailBuffer) {
+  MySql.prototype.getSecondaryEmail = function (email) {
+    const emailBuffer = Buffer.from(email, 'hex')
     return this.readFirstResult(GET_SECONDARY_EMAIL, [emailBuffer.toString('utf8')])
   }
 
   // Select : accounts
   // Fields : uid, email, normalizedEmail, emailVerified, emailCode, kA, wrapWrapKb, verifierVersion, authSalt, verifierSetAt, createdAt, lockedAt, primaryEmail
   // Where  : emails.normalizedEmail = LOWER($1)
   var GET_ACCOUNT_RECORD = 'CALL accountRecord_2(?)'
-  MySql.prototype.accountRecord = function (emailBuffer) {
+  MySql.prototype.accountRecord = function (email) {
+    const emailBuffer = Buffer.from(email, 'hex')
     return this.readFirstResult(GET_ACCOUNT_RECORD, [emailBuffer.toString('utf8')])
   }
 
@@ -834,11 +836,12 @@ module.exports = function (log, error) {
   // Values : uid = $1, email = $2
   var SET_PRIMARY_EMAIL = 'CALL setPrimaryEmail_1(?, ?)'
   MySql.prototype.setPrimaryEmail = function (uid, email) {
+    const emailBuffer = Buffer.from(email, 'hex')
     return this.write(
       SET_PRIMARY_EMAIL,
       [
         uid,
-        email
+        emailBuffer.toString('utf8')
       ]
     )
   }
@@ -847,11 +850,12 @@ module.exports = function (log, error) {
   // Values : uid = $1, email = $2
   var DELETE_EMAIL = 'CALL deleteEmail_2(?, ?)'
   MySql.prototype.deleteEmail = function (uid, email) {
+    const emailBuffer = Buffer.from(email, 'hex')
     return this.write(
       DELETE_EMAIL,
       [
         uid,
-        email
+        emailBuffer.toString('utf8')
       ]
     )
       .catch(function(err){
@@ -1321,4 +1325,3 @@ module.exports = function (log, error) {
 
   return MySql
 }
-

scripts/populate-session-tokens.js

@@ -19,8 +19,8 @@ var DB = require('../lib/db/mysql')(log, require('../db-server').errors)
 var config = require('../config')
 var crypto = require('crypto')
 
-var zeroBuffer16 = Buffer('00000000000000000000000000000000', 'hex')
-var zeroBuffer32 = Buffer('0000000000000000000000000000000000000000000000000000000000000000', 'hex')
+var zeroBuffer16 = Buffer.from('00000000000000000000000000000000', 'hex')
+var zeroBuffer32 = Buffer.from('0000000000000000000000000000000000000000000000000000000000000000', 'hex')
 
 var count = parseInt(process.argv[2])
 
@@ -127,4 +127,3 @@ if (count > 0) {
 } else {
   throw new Error('Invalid argument')
 }
-

test/local/metrics_tests.js

@@ -12,8 +12,8 @@ const crypto = require('crypto')
 const proxyquire = require('proxyquire')
 const sinon = require('sinon')
 
-const zeroBuffer16 = Buffer('00000000000000000000000000000000', 'hex')
-const zeroBuffer32 = Buffer('0000000000000000000000000000000000000000000000000000000000000000', 'hex')
+const zeroBuffer16 = Buffer.from('00000000000000000000000000000000', 'hex')
+const zeroBuffer32 = Buffer.from('0000000000000000000000000000000000000000000000000000000000000000', 'hex')
 
 describe('DB metrics', () => {
 
@@ -344,7 +344,7 @@ describe('DB metrics', () => {
   }
 
   function hex (length) {
-    return Buffer(crypto.randomBytes(length).toString('hex'), 'hex')
+    return Buffer.from(crypto.randomBytes(length).toString('hex'), 'hex')
   }
 
 })