From 1bf2e23f5d53f91ed634028aa5b8200384188a5b Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 19 Jun 2025 15:41:49 -0400
Subject: [PATCH] make username lowercase

---
 server/routers/auth/login.ts                 | 4 ++--
 server/routers/auth/requestPasswordReset.ts  | 4 ++--
 server/routers/auth/resetPassword.ts         | 4 ++--
 server/routers/auth/signup.ts                | 4 ++--
 server/routers/idp/validateOidcCallback.ts   | 6 ++++--
 server/routers/resource/authWithWhitelist.ts | 4 ++--
 server/routers/user/createOrgUser.ts         | 3 ++-
 server/routers/user/inviteUser.ts            | 4 ++--
 8 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/server/routers/auth/login.ts b/server/routers/auth/login.ts
index 5558a9c7..f5f7ff77 100644
--- a/server/routers/auth/login.ts
+++ b/server/routers/auth/login.ts
@@ -23,8 +23,8 @@ export const loginBodySchema = z
     .object({
         email: z
             .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
         password: z.string(),
         code: z.string().optional()
     })
diff --git a/server/routers/auth/requestPasswordReset.ts b/server/routers/auth/requestPasswordReset.ts
index 4127533f..62951ab1 100644
--- a/server/routers/auth/requestPasswordReset.ts
+++ b/server/routers/auth/requestPasswordReset.ts
@@ -20,8 +20,8 @@ export const requestPasswordResetBody = z
     .object({
         email: z
             .string()
-            .email()
-            .transform((v) => v.toLowerCase())
+            .toLowerCase()
+            .email(),
     })
     .strict();
 
diff --git a/server/routers/auth/resetPassword.ts b/server/routers/auth/resetPassword.ts
index d99b8718..8ae62eb0 100644
--- a/server/routers/auth/resetPassword.ts
+++ b/server/routers/auth/resetPassword.ts
@@ -21,8 +21,8 @@ export const resetPasswordBody = z
     .object({
         email: z
             .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
         token: z.string(), // reset secret code
         newPassword: passwordSchema,
         code: z.string().optional() // 2fa code
diff --git a/server/routers/auth/signup.ts b/server/routers/auth/signup.ts
index d2a1e730..0c7e926e 100644
--- a/server/routers/auth/signup.ts
+++ b/server/routers/auth/signup.ts
@@ -26,8 +26,8 @@ import { UserType } from "@server/types/UserTypes";
 export const signupBodySchema = z.object({
     email: z
         .string()
-        .email()
-        .transform((v) => v.toLowerCase()),
+        .toLowerCase()
+        .email(),
     password: passwordSchema,
     inviteToken: z.string().optional(),
     inviteId: z.string().optional()
diff --git a/server/routers/idp/validateOidcCallback.ts b/server/routers/idp/validateOidcCallback.ts
index 0066693f..eaf9a2e6 100644
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -172,10 +172,10 @@ export async function validateOidcCallback(
         const claims = arctic.decodeIdToken(idToken);
         logger.debug("ID token claims", { claims });
 
-        const userIdentifier = jmespath.search(
+        let userIdentifier = jmespath.search(
             claims,
             existingIdp.idpOidcConfig.identifierPath
-        );
+        ) as string | null;
 
         if (!userIdentifier) {
             return next(
@@ -186,6 +186,8 @@ export async function validateOidcCallback(
             );
         }
 
+        userIdentifier = userIdentifier.toLowerCase();
+
         logger.debug("User identifier", { userIdentifier });
 
         let email = null;
diff --git a/server/routers/resource/authWithWhitelist.ts b/server/routers/resource/authWithWhitelist.ts
index ba0d36d3..07662f7f 100644
--- a/server/routers/resource/authWithWhitelist.ts
+++ b/server/routers/resource/authWithWhitelist.ts
@@ -22,8 +22,8 @@ const authWithWhitelistBodySchema = z
     .object({
         email: z
             .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
         otp: z.string().optional()
     })
     .strict();
diff --git a/server/routers/user/createOrgUser.ts b/server/routers/user/createOrgUser.ts
index f6fcb619..264ea3d9 100644
--- a/server/routers/user/createOrgUser.ts
+++ b/server/routers/user/createOrgUser.ts
@@ -21,6 +21,7 @@ const bodySchema = z
     .object({
         email: z
             .string()
+            .toLowerCase()
             .optional()
             .refine((data) => {
                 if (data) {
@@ -28,7 +29,7 @@ const bodySchema = z
                 }
                 return true;
             }),
-        username: z.string().nonempty(),
+        username: z.string().nonempty().toLowerCase(),
         name: z.string().optional(),
         type: z.enum(["internal", "oidc"]).optional(),
         idpId: z.number().optional(),
diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts
index 6b47338a..5b2e8d1e 100644
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -30,8 +30,8 @@ const inviteUserBodySchema = z
     .object({
         email: z
             .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
         roleId: z.number(),
         validHours: z.number().gt(0).lte(168),
         sendEmail: z.boolean().optional(),