Make all LIKE queries case insensitive (#2402)

app/models/concerns/queries.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+module Queries
+  extend ActiveSupport::Concern
+
+  def created_at_text
+    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
+    # Postgres requires created_at to be cast to a string
+    if active_database == "postgresql"
+      "created_at::text"
+    else
+      "created_at"
+    end
+  end
+
+  def like_text
+    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
+    # Use postgres case insensitive like
+    if active_database == "postgresql"
+      "ILIKE"
+    else
+      "LIKE"
+    end
+  end
+end

app/models/room.rb

@@ -32,23 +32,19 @@ class Room < ApplicationRecord
 
   has_one_attached :presentation
 
-  def self.admins_search(string)
-    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
-    # Postgres requires created_at to be cast to a string
-    created_at_query = if active_database == "postgresql"
-      "created_at::text"
-    else
-      "created_at"
-    end
+  class << self
+    include Queries
 
-    search_query = "rooms.name LIKE :search OR rooms.uid LIKE :search OR users.email LIKE :search" \
-    " OR users.#{created_at_query} LIKE :search"
+    def admins_search(string)
+      like = like_text
+      search_query = "rooms.name #{like} :search OR rooms.uid #{like} :search OR users.email #{like} :search" \
+      " OR users.#{created_at_text} #{like} :search"
 
       search_param = "%#{sanitize_sql_like(string)}%"
       where(search_query, search: search_param)
     end
 
-  def self.admins_order(column, direction, running_ids)
+    def admins_order(column, direction, running_ids)
       # Include the owner of the table
       table = joins(:owner)
 
@@ -63,6 +59,7 @@ class Room < ApplicationRecord
 
       table
     end
+  end
 
   # Determines if a user owns a room.
   def owned_by?(user)

app/models/user.rb

@@ -54,6 +54,7 @@ class User < ApplicationRecord
 
   class << self
     include AuthValues
+    include Queries
 
     # Generates a user from omniauth.
     def from_omniauth(auth)
@@ -69,49 +70,47 @@ class User < ApplicationRecord
         u.save!
       end
     end
-  end
 
-  def self.admins_search(string)
+    def admins_search(string)
       return all if string.blank?
 
-    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
-    # Postgres requires created_at to be cast to a string
-    created_at_query = if active_database == "postgresql"
-      "created_at::text"
-    else
-      "created_at"
-    end
+      like = like_text # Get the correct like clause to use based on db adapter
 
-    search_query = "users.name LIKE :search OR email LIKE :search OR username LIKE :search" \
-                  " OR users.#{created_at_query} LIKE :search OR users.provider LIKE :search" \
-                  " OR roles.name LIKE :search"
+      search_query = "users.name #{like} :search OR email #{like} :search OR username #{like} :search" \
+                    " OR users.#{created_at_text} #{like} :search OR users.provider #{like} :search" \
+                    " OR roles.name #{like} :search"
 
       search_param = "%#{sanitize_sql_like(string)}%"
       where(search_query, search: search_param)
     end
 
-  def self.admins_order(column, direction)
+    def admins_order(column, direction)
       # Arel.sql to avoid sql injection
       order(Arel.sql("users.#{column} #{direction}"))
     end
 
-  def self.shared_list_search(string)
+    def shared_list_search(string)
       return all if string.blank?
 
-    search_query = "users.name LIKE :search OR users.uid LIKE :search"
+      like = like_text # Get the correct like clause to use based on db adapter
+
+      search_query = "users.name #{like} :search OR users.uid #{like} :search"
 
       search_param = "%#{sanitize_sql_like(string)}%"
       where(search_query, search: search_param)
     end
 
-  def self.merge_list_search(string)
+    def merge_list_search(string)
       return all if string.blank?
 
-    search_query = "users.name LIKE :search OR users.email LIKE :search"
+      like = like_text # Get the correct like clause to use based on db adapter
+
+      search_query = "users.name #{like} :search OR users.email #{like} :search"
 
       search_param = "%#{sanitize_sql_like(string)}%"
       where(search_query, search: search_param)
     end
+  end
 
   # Returns a list of rooms ordered by last session (with nil rooms last)
   def ordered_rooms