fixed login email should not be case-sensitive

Erudika · Jun 21, 2024 · e8b4b26 · e8b4b26
1 parent cfb3c98
commit e8b4b26
Showing 1 changed file with 23 additions and 14 deletions.
diff --git a/src/main/java/com/erudika/scoold/controllers/SigninController.java b/src/main/java/com/erudika/scoold/controllers/SigninController.java
@@ -386,32 +386,40 @@ private boolean activateWithEmailToken(User u, String token) {
 
 	private String getEmailFromAccessToken(String accessToken) {
 		String[] tokenParts = StringUtils.split(accessToken, ":");
-		return (tokenParts != null && tokenParts.length > 0) ? tokenParts[0] : "";
+		return (tokenParts != null && tokenParts.length > 0) ? StringUtils.toRootLowerCase(tokenParts[0]) : "";
 	}
 
 	private boolean isEmailRegistered(String email) {
-		Sysprop ident = pc.read(email);
+		if (StringUtils.isBlank(email)) {
+			return false;
+		}
+		Sysprop ident = pc.read(email.toLowerCase());
 		return ident != null && ident.hasProperty(Config._PASSWORD);
 	}
 
 	private boolean isAccountLocked(String email) {
-		Sysprop ident = pc.read(email);
-		if (ident != null && !StringUtils.isBlank((String) ident.getProperty(Config._EMAIL_TOKEN))) {
-			User u = pc.read(Utils.type(User.class), ident.getCreatorid());
-			return u != null && !u.getActive();
+		if (!StringUtils.isBlank(email)) {
+			Sysprop ident = pc.read(email.toLowerCase());
+			if (ident != null && !StringUtils.isBlank((String) ident.getProperty(Config._EMAIL_TOKEN))) {
+				User u = pc.read(Utils.type(User.class), ident.getCreatorid());
+				return u != null && !u.getActive();
+			}
 		}
 		return false;
 	}
 
 	private void verifyEmailIfNecessary(String name, String email, HttpServletRequest req) {
-		Sysprop ident = pc.read(email);
-		if (ident != null && !ident.hasProperty(Config._EMAIL_TOKEN)) {
-			User u = new User(ident.getCreatorid());
-			u.setActive(false);
-			u.setName(name);
-			u.setEmail(email);
-			u.setIdentifier(email);
-			utils.sendWelcomeEmail(u, true, req);
+		if (!StringUtils.isBlank(email)) {
+			email = email.toLowerCase();
+			Sysprop ident = pc.read(email);
+			if (ident != null && !ident.hasProperty(Config._EMAIL_TOKEN)) {
+				User u = new User(ident.getCreatorid());
+				u.setActive(false);
+				u.setName(name);
+				u.setEmail(email);
+				u.setIdentifier(email);
+				utils.sendWelcomeEmail(u, true, req);
+			}
 		}
 	}
 
@@ -424,6 +432,7 @@ private String generatePasswordResetToken(String email, HttpServletRequest req)
 		if (StringUtils.isBlank(email)) {
 			return "";
 		}
+		email = email.toLowerCase();
 		Sysprop s = pc.read(email);
 		// pass reset emails can be sent once every 12h
 		if (s != null) {