make username lowercase

2026-01-28 22:00:51 +00:00 · 2025-06-19 15:41:49 -04:00
parent 58ba0d07b0
commit 1bf2e23f5d
8 changed files with 18 additions and 15 deletions
--- a/server/routers/auth/login.ts
+++ b/server/routers/auth/login.ts
@@ -23,8 +23,8 @@ export const loginBodySchema = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        password: z.string(),
        code: z.string().optional()
    })
--- a/server/routers/auth/requestPasswordReset.ts
+++ b/server/routers/auth/requestPasswordReset.ts
@@ -20,8 +20,8 @@ export const requestPasswordResetBody = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase())
+            .toLowerCase()
+            .email(),
    })
    .strict();

--- a/server/routers/auth/resetPassword.ts
+++ b/server/routers/auth/resetPassword.ts
@@ -21,8 +21,8 @@ export const resetPasswordBody = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        token: z.string(), // reset secret code
        newPassword: passwordSchema,
        code: z.string().optional() // 2fa code
--- a/server/routers/auth/signup.ts
+++ b/server/routers/auth/signup.ts
@@ -26,8 +26,8 @@ import { UserType } from "@server/types/UserTypes";
 export const signupBodySchema = z.object({
    email: z
        .string()
-        .email()
-        .transform((v) => v.toLowerCase()),
+        .toLowerCase()
+        .email(),
    password: passwordSchema,
    inviteToken: z.string().optional(),
    inviteId: z.string().optional()
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -172,10 +172,10 @@ export async function validateOidcCallback(
        const claims = arctic.decodeIdToken(idToken);
        logger.debug("ID token claims", { claims });

-        const userIdentifier = jmespath.search(
+        let userIdentifier = jmespath.search(
            claims,
            existingIdp.idpOidcConfig.identifierPath
-        );
+        ) as string | null;

        if (!userIdentifier) {
            return next(
@@ -186,6 +186,8 @@ export async function validateOidcCallback(
            );
        }

+        userIdentifier = userIdentifier.toLowerCase();
+
        logger.debug("User identifier", { userIdentifier });

        let email = null;
--- a/server/routers/resource/authWithWhitelist.ts
+++ b/server/routers/resource/authWithWhitelist.ts
@@ -22,8 +22,8 @@ const authWithWhitelistBodySchema = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        otp: z.string().optional()
    })
    .strict();
--- a/server/routers/user/createOrgUser.ts
+++ b/server/routers/user/createOrgUser.ts
@@ -21,6 +21,7 @@ const bodySchema = z
    .object({
        email: z
            .string()
+            .toLowerCase()
            .optional()
            .refine((data) => {
                if (data) {
@@ -28,7 +29,7 @@ const bodySchema = z
                }
                return true;
            }),
-        username: z.string().nonempty(),
+        username: z.string().nonempty().toLowerCase(),
        name: z.string().optional(),
        type: z.enum(["internal", "oidc"]).optional(),
        idpId: z.number().optional(),
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -30,8 +30,8 @@ const inviteUserBodySchema = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        roleId: z.number(),
        validHours: z.number().gt(0).lte(168),
        sendEmail: z.boolean().optional(),