Bug: case sensitive emails (#485)

Fixes #484 Co-authored-by: Rajat Saxena <[email protected]>
codelitdev · Aug 30, 2024 · 599e367 · 599e367
1 parent 07f9d38
commit 599e367
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 11 deletions.
diff --git a/apps/web/auth.ts b/apps/web/auth.ts
@@ -32,35 +32,36 @@ export const { auth, signIn, signOut, handlers } = NextAuth({
                     return null;
                 }
 
-                const { email, code }: any = parsedCredentials.data;
+                const { email, code } = parsedCredentials.data;
+                const sanitizedEmail = email.toLowerCase();
 
                 const verificationToken =
                     await VerificationToken.findOneAndDelete({
-                        email,
+                        email: sanitizedEmail,
                         domain: domain.name,
                         code: hashCode(+code),
                         timestamp: { $gt: Date.now() },
                     });
                 if (!verificationToken) {
                     error(`Invalid code`, {
-                        email: email,
+                        email: sanitizedEmail,
                     });
                     return null;
                 }
 
                 let user = await User.findOne({
                     domain: domain._id,
-                    email,
+                    email: sanitizedEmail,
                 });
                 if (!user) {
                     user = await createUser({
                         domain,
-                        email,
+                        email: sanitizedEmail,
                     });
                 }
                 return {
                     id: user.userId,
-                    email,
+                    email: sanitizedEmail,
                     name: user.name,
                 };
             },

diff --git a/apps/web/graphql/mails/logic.ts b/apps/web/graphql/mails/logic.ts
@@ -36,17 +36,17 @@ export async function createSubscription(
     ctx: GQLContext,
 ): Promise<boolean> {
     try {
+        const sanitizedEmail = email.toLowerCase();
         let dbUser: User | null = await UserModel.findOne({
-            name,
-            email,
+            email: sanitizedEmail,
             domain: ctx.subdomain._id,
         });
 
         if (!dbUser) {
             dbUser = await createUser({
                 domain: ctx.subdomain!,
                 name: name,
-                email: email,
+                email: sanitizedEmail,
                 lead: constants.leadNewsletter,
             });
         }

diff --git a/apps/web/pages/api/auth/code/generate.ts b/apps/web/pages/api/auth/code/generate.ts
@@ -28,17 +28,19 @@ export default async function handler(
     }
     const code = generateUniquePasscode();
 
+    const sanitizedEmail = (email as string).toLowerCase();
+
     await VerificationToken.create({
         domain: domain.name,
-        email,
+        email: sanitizedEmail,
         code: hashCode(code),
         timestamp: Date.now() + 1000 * 60 * 5,
     });
 
     try {
         const emailBody = pug.render(MagicCodeEmailTemplate, { code });
         await send({
-            to: [<string>email],
+            to: [sanitizedEmail],
             subject: `${responses.sign_in_mail_prefix} ${req.headers["host"]}`,
             body: emailBody,
         });