From 9c485dddd61edd8426b4c5f475db187c829bf388 Mon Sep 17 00:00:00 2001
From: Arslan Ashraf <34372316+arslanashraf7@users.noreply.github.com>
Date: Fri, 17 May 2024 23:21:32 +0500
Subject: [PATCH] fix: make `lis_person_contact_email_primary` matching
 case-insensitive

---
 lms/djangoapps/lti_provider/tests/test_users.py | 10 ++++++++++
 lms/djangoapps/lti_provider/users.py            |  4 ++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lms/djangoapps/lti_provider/tests/test_users.py b/lms/djangoapps/lti_provider/tests/test_users.py
index 1d19d8995be9..fa8274eef30e 100644
--- a/lms/djangoapps/lti_provider/tests/test_users.py
+++ b/lms/djangoapps/lti_provider/tests/test_users.py
@@ -158,6 +158,16 @@ def test_auto_linking_of_users_using_lis_person_contact_email_primary(self, crea
         users.authenticate_lti_user(request, self.lti_user_id, self.auto_linking_consumer)
         create_user.assert_called_with(self.lti_user_id, self.auto_linking_consumer, self.old_user.email)
 
+    def test_auto_linking_of_users_using_lis_person_contact_email_primary_case_insensitive(self, create_user, switch_user):  # pylint: disable=line-too-long
+        request = RequestFactory().post("/", {"lis_person_contact_email_primary": self.old_user.email.upper()})
+        request.user = self.old_user
+
+        users.authenticate_lti_user(request, self.lti_user_id, self.lti_consumer)
+        create_user.assert_called_with(self.lti_user_id, self.lti_consumer)
+
+        users.authenticate_lti_user(request, self.lti_user_id, self.auto_linking_consumer)
+        create_user.assert_called_with(self.lti_user_id, self.auto_linking_consumer, request.user.email)
+
     def test_raise_exception_trying_to_auto_link_unauthenticate_user(self, create_user, switch_user):
         request = RequestFactory().post("/")
         request.user = AnonymousUser()
diff --git a/lms/djangoapps/lti_provider/users.py b/lms/djangoapps/lti_provider/users.py
index c2373522b960..d1ade6ead325 100644
--- a/lms/djangoapps/lti_provider/users.py
+++ b/lms/djangoapps/lti_provider/users.py
@@ -40,8 +40,8 @@ def authenticate_lti_user(request, lti_user_id, lti_consumer):
         if lti_consumer.require_user_account:
             # Verify that the email from the LTI Launch and the logged-in user are the same
             # before linking the LtiUser with the edx_user.
-            if request.user.is_authenticated and request.user.email == lis_email:
-                lti_user = create_lti_user(lti_user_id, lti_consumer, lis_email)
+            if request.user.is_authenticated and request.user.email.lower() == lis_email.lower():
+                lti_user = create_lti_user(lti_user_id, lti_consumer, request.user.email)
             else:
                 # Ask the user to login before linking.
                 raise PermissionDenied() from exc