From d691dee2caf1f6cb1baf695ae1dccc70bd0915b2 Mon Sep 17 00:00:00 2001
From: Sabe Jones <sabrecat@gmail.com>
Date: Tue, 13 Nov 2018 15:34:50 -0600
Subject: [PATCH] fix(usernames): filter @ on server side for username lookup

---
 website/server/controllers/api-v3/members.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/server/controllers/api-v3/members.js b/website/server/controllers/api-v3/members.js
index cb96ad73ab..1723c925b2 100644
--- a/website/server/controllers/api-v3/members.js
+++ b/website/server/controllers/api-v3/members.js
@@ -130,13 +130,14 @@ api.getMemberByUsername = {
     if (validationErrors) throw validationErrors;
 
     let username = req.params.username.toLowerCase();
+    if (username[0] === '@') username = username.slice(1, username.length);
 
     let member = await User
       .findOne({'auth.local.lowerCaseUsername': username, 'flags.verifiedUsername': true})
       .select(memberFields)
       .exec();
 
-    if (!member || !member.flags.verifiedUsername) throw new NotFound(res.t('userNotFound'));
+    if (!member) throw new NotFound(res.t('userNotFound'));
 
     // manually call toJSON with minimize: true so empty paths aren't returned
     let memberToJSON = member.toJSON({minimize: true});