From 0c98f553493647d6cffd4f5488bffeeef401167a Mon Sep 17 00:00:00 2001
From: Aiden Price <aidenprice@fastmail.com>
Date: Fri, 15 Dec 2023 16:13:47 +1100
Subject: [PATCH] Fix possible SQL injection

---
 querybook/server/app/auth/auth0_auth.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/querybook/server/app/auth/auth0_auth.py b/querybook/server/app/auth/auth0_auth.py
index 86b2c00e8..805f42152 100644
--- a/querybook/server/app/auth/auth0_auth.py
+++ b/querybook/server/app/auth/auth0_auth.py
@@ -115,9 +115,8 @@ def _parse_user_profile(self, resp):
 
     @with_session
     def login_user(self, username, email, fullname, session=None):
-        if not username:
-            raise AuthenticationError("Username must not be empty!")
-
+        if not username or not isinstance(username, str):
+            raise AuthenticationError("Please provide a valid username")
         user = get_user_by_name(username, session=session)
         if not user:
             user = create_user(