Merge pull request #4 from slava-lu/fix/final_fixes

Email to lowercase
slava-lu · Dec 16, 2023 · 488ec09 · 488ec09
2 parents 447b793 + 9c1a1a2
commit 488ec09
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 8 deletions.
diff --git a/src/api/v1/auth/account/routes.js b/src/api/v1/auth/account/routes.js
@@ -70,7 +70,8 @@ const cookiesOptionRemember = () => ({
  */
 router.post('/', async (req, res, next) => {
   try {
-    const { email = '', mobilePhone, password, firstName = '', lastName = '', isRemember } = req.body
+    const { email: emailRaw = '', mobilePhone, password, firstName = '', lastName = '', isRemember } = req.body
+    const email = emailRaw.toLowerCase()
 
     const validationResult = validatePassword(password)
     if (validationResult) {

diff --git a/src/api/v1/auth/login/localAuth.js b/src/api/v1/auth/login/localAuth.js
@@ -7,7 +7,8 @@ const { validatePassword } = require('@utils/helpers')
 const localAuth = async (req, res, next) => {
   const ct = new Date()
   try {
-    const { email, mobilePhone, password } = req.body
+    const { email: emailRaw, mobilePhone, password } = req.body
+    const email = emailRaw.toLowerCase()
 
     const validationResult = validatePassword(password)
     if (validationResult) {

diff --git a/src/api/v1/auth/login/routes.js b/src/api/v1/auth/login/routes.js
@@ -171,7 +171,8 @@ router.post('/local', localAuth, checkUser(), postLogin(), async (req, res, next
  */
 router.post('/loginAs', checkUser(), checkRoles('impersonation'), passwordCheck(), async (req, res, next) => {
   const { accountId, hashCheck } = req.user
-  const { email } = req.body
+  const { email: emailRaw } = req.body
+  const email = emailRaw.toLowerCase()
   try {
     const { userId } = getOne(await getUserData(email))
     if (!userId) {

diff --git a/src/api/v1/auth/oauth/oauthMiddleware.js b/src/api/v1/auth/oauth/oauthMiddleware.js
@@ -31,7 +31,8 @@ const oauthMiddleware = () => {
 
       const decodedIdToken = jwt.decode(idToken)
 
-      const { sub, email, given_name, family_name, name, picture } = decodedIdToken
+      const { sub, email: emailRaw, given_name, family_name, name, picture } = decodedIdToken
+      const email = emailRaw.toLowerCase()
 
       // some roles are not allowed to log in using social networks
       const userInfo = getOne(await getUserInfoByEmail(email))
@@ -57,7 +58,7 @@ const oauthMiddleware = () => {
         name,
         picture,
         refresh_token,
-        access_token
+        access_token,
       )
 
       req.user = result

diff --git a/src/api/v1/auth/password/routes.js b/src/api/v1/auth/password/routes.js
@@ -150,7 +150,8 @@ router.post('/change', checkUser(), async (req, res, next) => {
  */
 router.get('/checkResetCode', async (req, res, next) => {
   try {
-    const { passwordResetCode, email } = req?.query
+    const { passwordResetCode, email: emailRaw } = req?.query
+    const email = emailRaw.toLowerCase()
     if (!passwordResetCode || !email) {
       return res.status(403).send({
         resultCode: resultCodes.ERROR,
@@ -227,7 +228,9 @@ router.get('/checkResetCode', async (req, res, next) => {
 router.post('/resetByCode', async (req, res, next) => {
   const passwordChangedAt = new Date()
   try {
-    const { passwordResetCode, email, password } = req.body
+    const { passwordResetCode, email: emailRaw, password } = req.body
+    const email = emailRaw.toLowerCase()
+
     if (!passwordResetCode || !email || !password) {
       return res.status(403).send({
         resultCode: resultCodes.ERROR,
@@ -314,7 +317,8 @@ router.post('/resetByCode', async (req, res, next) => {
 router.get('/requestResetCode', async (req, res, next) => {
   const passwordResetAt = new Date()
   try {
-    const { email } = req?.query
+    const { email: emailRaw } = req?.query
+    const email = emailRaw.toLowerCase()
     if (!email) {
       return res.status(400).send({
         resultCode: resultCodes.ERROR,