Allow deploying using email address

tobias · tobias · commit 7c653935be1e · 2022-04-03T09:28:20.000-04:00
We document that the username is required to deploy, but allow users to log in via their email address, which leads some users to think that their email address is their username. This expands deployment to support using the email address to match what we allow at login. This fixes #620.
diff --git a/src/clojars/auth.clj b/src/clojars/auth.clj
@@ -108,13 +108,15 @@
        (.after (db/get-time) expires_at)))
 
 (defn token-credential-fn [db]
-  (fn [{:keys [username password]}]
+  (fn [{username-or-email :username password :password}]
     (log/with-context {:tag :authentication
-                       :username username
+                       :username username-or-email
                        :type :token}
       (let [password-hash (when password
-                            (db/hash-deploy-token password))]
-        (if-let [token (and password
+                            (db/hash-deploy-token password))
+            username (:user (db/find-user-by-user-or-email db username-or-email))]
+        (if-let [token (and username
+                            password
                             (->> (db/find-user-tokens-by-username db username)
                                  (remove :disabled)
                                  (filter #(let [{:keys [token_hash]} %]
diff --git a/test/clojars/integration/uploads_test.clj b/test/clojars/integration/uploads_test.clj
@@ -40,8 +40,9 @@
           help/test-port))
 
 (defn deploy
-  [{:keys [artifact-map coordinates jar-file password pom-file transfer-listener]
-    :or {transfer-listener (fn [])}}]
+  [{:keys [artifact-map coordinates jar-file password pom-file transfer-listener username]
+    :or {transfer-listener (fn [])
+         username "dantheman"}}]
   ;; HttpWagon uses a static, inaccessible http client that caches cookies, so
   ;; we have to clear sessions on each deploy to mimic having new prucesses
   ;; deploying.
@@ -52,7 +53,7 @@
    :jar-file jar-file
    :pom-file pom-file
    :repository {"test" {:url (repo-url)
-                        :username "dantheman"
+                        :username username
                         :password password}}
    :local-repo help/local-repo
    :transfer-listener transfer-listener))
@@ -124,6 +125,18 @@
         (within [:td.last-used]
                 (has (text? (common/format-timestamp now)))))))
 
+(deftest user-can-deploy-using-email-address
+  (-> (session (help/app-from-system))
+      (register-as "dantheman" "test@example.org" "password"))
+  (let [token (create-deploy-token (session (help/app-from-system)) "dantheman" "password" "testing")]
+      (deploy
+       {:coordinates '[org.clojars.dantheman/test "0.0.1"]
+        :jar-file (io/file (io/resource "test.jar"))
+        :pom-file (help/rewrite-pom (io/file (io/resource "test-0.0.1/test.pom"))
+                                    {:groupId "org.clojars.dantheman"})
+        :username "test@example.org"
+        :password token})))
+
 (deftest deploying-with-a-scoped-token
   (-> (session (help/app-from-system))
       (register-as "dantheman" "test@example.org" "password"))
