Case insensitive username check in JPQL - jpql

I would like to create a case insensitive username check in my login process. A trivial NamedQuery gives back the User entity pass the test:
SELECT u FROM User u WHERE u.userName LIKE :userName AND u.password = :password
But this LIKE not the LIKE that I would LIKE. It compares the userNames case sensitive. Could anybody help me?

OK. I have solved!
The NamedQuery:
SELECT u FROM UserWithRoles u WHERE LOWER( u.userName ) = :userName AND u.password = :password"
The bean code which sets the query up:
q.setParameter( "userName", userName_.toLowerCase() );

Related

can I call a function to set my USERNAME_FIELD = ''?

can I call a function in USERNAME_FIELD = '' to create an optional choice for login, using email or phone number? if yes how?
yes, you can
you can write special login function in your view and use query like this :
user = User.objects.filter(Q(email=value)|Q(username=value)).first()
login(request, user)
I use Q django db functions to complex query and I can use Or in my queries for example in up code I filter email equal by value or username equal by value so if uaer enter username or email I can find him
in other ways I can use two query but its not common
like this :
user_by_username=User.objects.filter(usernsme=value).first()
if user_by_username:
login(request,user)
else:
user_by_email=User.objects.filter(email=value).first()
if user_by_email:
login(request,user_by_email)
and default user model hasn't mobile field you can save mobile as username or create special usermodel
or create new model for your user profile

How to add dynamic filters in arangodb

i want to handle dynamic query string in Arangodb
let condition = 'FILTER u.username == '+value
if(usingPhoneNumber){
condition = 'FILTER u.phoneNumber == '+value
}
const query = aql`
FOR u in users
${condition}
RETURN u
`
if I do like this, I'm getting error like
ArangoError: AQL: syntax error, unexpected bind parameter near '#value0
we can pass aql query into another aql query
let condition = aql`FILTER u.username == ${value}`
if(usingPhoneNumber){
condition = aql`FILTER u.phoneNumber == ${value}`
}
const query = aql`
FOR u in users
${condition}
RETURN u
`
this fixes my issue. thank guys for your answers
I guess your username and phone number are strings, so they must be between quotes.
let condition = 'FILTER u.username == "' + value + '"'
if(usingPhoneNumber){
condition = 'FILTER u.phoneNumber == "' + value '"'
}
const query = aql`
FOR u in users
${condition}
RETURN u
`
Could you try something like
let condition = 'FILTER u.username == ${value}'
if(usingPhoneNumber){
condition = 'FILTER u.phoneNumber == ${value}'
}
Assuming the value is getting something assigned, I feel this might work. Do let me know the error that comes up, in case it comes up.
I suggest you try adding the condition in the query.
FOR u in users
FILTER u.username ==${value0} OR u.phoneNumber == ${value0}
RETURN u
If this works for you, I supose the problem is the aql formater assumes all inserted values with ${} are bind parameters, wich will be iterated over and not a constant query declaration.
Your current script resolves to:
{
"query" : "FOR u IN users #value0 RETURN c._key",
"bindVars" : {
"value0" : "'FILTER u.username == '+value"
}

Custom LIKE statement in Java Spring Data and Cassandra #Query

I need to query from a table using LIKE statement where parameters are optional.
This is custom query where I can filter employee table by which Non-Empty request param:
Select select = QueryBuilder.select().from("employee");
Where selectWhere = select.where();
if (!email.isEmpty()) {
selectWhere.and(QueryBuilder.like("email", "%" + email + "%"));
}
if (!firstName.isEmpty()) {
selectWhere.and(QueryBuilder.like("first_name", "%" + firstName + "%"));
}
//Note: User will provide either email or first_name or both.
However, the above custom query will need to manually map the Rows to the object which I find too tedious:
ResultSet rs = cassandraClient.getApplicationSession().execute( select );
return rs.all().stream().map(row -> row.getString("first_name")).collect( Collectors.toList() );
Is there a way where I can use a Query annotation like below, so it will return the entity directly?
#Query("SELECT * FROM employee WHERE email LIKE :email AND first_name LIKE :firstName")
Employee search(#Param(value="email" String email, #Param(value="firstName" String firstName)
I tried passing an empty parameter value, but I am getting the following error:
LIKE value can't be empty.

Getting wrong User ID from self._uid

I'm trying to get the logged in user's id from self._uid. But when I logged in with a user and I got the user_id = 1 (which is the user_id of the administrator account)
That is my line. Am I doing something wrong?
user_id = self._uid
Replace your code
from
user_id = self._uid
to
user_id = self.env.user
These will give us current logged user as a recordset. So if you need id, get it like self.env.user.id

How to make case sensitive query with nodejs + pg

How to make case sensitive query with nodejs + pg
I want to select column content == 'a#gmail.com',
but it seems become select column == 'a#gmail.com'?
[error: column "a#gmail.com" does not exist]
code
var userEmail = 'a#gmail.com';
var query = 'SELECT EXISTS(SELECT * FROM "User" WHERE "Email" = "'+userEmail+'")';
dbClient.query(query, function(error, result) {
...
For use binding parameters you must number it begining with $1 (then $2 and so), then put the parameters in an Array:
var query = 'SELECT EXISTS(SELECT * FROM "User" WHERE "Email" = $1)';
dbClient.query(query, [userEmail], function(error, result) {
Always pass the parameters in an array. Is most secure.
Remember do not pass a function to query if you have a very big table unless you want to read all the table before returns the control to de function. Else you can use the "on" event or use a promise way (like https://www.npmjs.com/package/pg-promise-strict)
This doesn't have anything to do with case. The problem is that you're putting the email address in double-quotes, and in (most varieties of) SQL double-quotes indicate a column name or table name. That's why the error message says column "a#gmail.com" does not exist.
Use single-quotes around values:
var userEmail = 'a#gmail.com';
var query = 'SELECT EXISTS(SELECT * FROM "User" WHERE "Email" = \'' + userEmail + '\')';
Ideally, though, you should just use parameter binding so you don't have to worry about quoting values at all. When you use string concatenation to build SQL queries you very often open yourself up to SQL injection attacks.

Resources