Skip to content

fix: normalize email inputs to lowercase in signup, login, and googleLogin (fixes #982) #1446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SamraddhiJoshi wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: normalize email inputs to lowercase in signup, login, and googleLogin (fixes #982) #1446

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 15 additions & 8 deletions backend/controllers/authController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,11 @@ export const signup = async (req, res) => {
return res.status(400).json({ message: 'Name must be at least 2 characters long' });
}

if (!email) {
return res.status(400).json({ message: 'Email is required' });
}
const normalizedEmail = email.trim().toLowerCase();

const passwordRegex = /^(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9]).{8,}$/;
if (!password || !passwordRegex.test(password)) {
return res.status(400).json({
Expand All @@ -65,13 +70,13 @@ export const signup = async (req, res) => {
});
}

const checkExisting = await User.findOne({ email });
const checkExisting = await User.findOne({ email: normalizedEmail });
if (checkExisting) {
return res.status(409).json({ message: 'User already exists' });
}

const hashedPassword = await bcrypt.hash(password, 10);
const newUser = new User({ name, email, password: hashedPassword });
const newUser = new User({ name, email: normalizedEmail, password: hashedPassword });
await newUser.save();

const jwtSecret = getJwtSecret(res);
Expand Down Expand Up @@ -104,7 +109,8 @@ export const login = async (req, res) => {
return res.status(400).json({ message: 'Email and password are required' });
}

const user = await User.findOne({ email });
const normalizedEmail = email.trim().toLowerCase();
const user = await User.findOne({ email: normalizedEmail });
if (!user) {
// Do NOT reveal whether the user exists
return res.status(401).json({ message: 'Invalid credentials' });
Expand Down Expand Up @@ -372,20 +378,21 @@ export const googleLogin = async (req, res) => {
return res.status(400).json({ message: 'Email is missing from the Google identity token' });
}

let user = await User.findOne({ email });
const normalizedEmail = email.trim().toLowerCase();
let user = await User.findOne({ email: normalizedEmail });

if (!user) {
const randomPassword = crypto.randomBytes(32).toString('hex');
const hashedPassword = await bcrypt.hash(randomPassword, 10);
user = new User({
name: name || email.split('@')[0],
email,
name: name || normalizedEmail.split('@')[0],
email: normalizedEmail,
password: hashedPassword,
});
await user.save();
console.log(`[GOOGLE AUTH] Created new user profile for: ${email}`);
console.log(`[GOOGLE AUTH] Created new user profile for: ${normalizedEmail}`);
} else {
console.log(`[GOOGLE AUTH] Logged in existing user: ${email}`);
console.log(`[GOOGLE AUTH] Logged in existing user: ${normalizedEmail}`);
}

const jwtSecret = getJwtSecret(res);
Expand Down