Fix password reset when querying for emails with upcase characters (fixes #9059) (#9707)

* downcase updating an email to be consistent with creating * add tests to ensure downcase of email for create/update * create migration to downcase existing User objects * delete 'only' * change gmail to example * add trailing comma from lint error * search for emails with at least one capital letter * fix query in order to search for any email with at least one capital letter * batch process effected users with at least one capital in email * update script for batch process effected users
2025-12-14 21:27:23 +01:00 · 2018-03-17 17:13:54 -04:00
parent b9a6d9ceec
commit 04b4912d59
4 changed files with 109 additions and 5 deletions
--- a/website/server/controllers/api-v3/auth.js
+++ b/website/server/controllers/api-v3/auth.js
@@ -629,7 +629,7 @@ api.updateEmail = {
    if (validationErrors) throw validationErrors;

    let emailAlreadyInUse = await User.findOne({
-      'auth.local.email': req.body.newEmail,
+      'auth.local.email': req.body.newEmail.toLowerCase(),
    }).select({_id: 1}).lean().exec();

    if (emailAlreadyInUse) throw new NotAuthorized(res.t('cannotFulfillReq', { techAssistanceEmail: TECH_ASSISTANCE_EMAIL }));
@@ -643,7 +643,7 @@ api.updateEmail = {
      await passwordUtils.convertToBcrypt(user, password);
    }

-    user.auth.local.email = req.body.newEmail;
+    user.auth.local.email = req.body.newEmail.toLowerCase();
    await user.save();

    return res.respond(200, { email: user.auth.local.email });