fix(authentication): emails are not always converted to lowercase bef…

…ore storing (#648)
ConduitPlatform · Jun 30, 2023 · 810cf4f · 810cf4f
1 parent 0581c51
commit 810cf4f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/modules/authentication/src/Authentication.ts b/modules/authentication/src/Authentication.ts
@@ -216,7 +216,7 @@ export default class Authentication extends ManagedModule<Config> {
     call: GrpcRequest<UserCreateRequest>,
     callback: GrpcCallback<UserCreateResponse>,
   ) {
-    const email = call.request.email;
+    const email = call.request.email.toLowerCase();
     let password = call.request.password;
     const verify = call.request.verify;
 

diff --git a/modules/authentication/src/admin/user.ts b/modules/authentication/src/admin/user.ts
@@ -51,21 +51,22 @@ export class UserAdmin {
   }
 
   async createUser(call: ParsedRouterRequest): Promise<UnparsedRouterResponse> {
-    const { email, password } = call.request.params;
+    const email = call.request.params.email.toLowerCase();
+    const password = call.request.params.password;
     if (AuthUtils.invalidEmailAddress(email)) {
       throw new GrpcError(status.INVALID_ARGUMENT, 'Invalid email address provided');
     }
 
     let user: User | null = await User.getInstance().findOne({
-      email: email.toLowerCase(),
+      email: email,
     });
     if (!isNil(user)) {
       throw new GrpcError(status.ALREADY_EXISTS, 'User already exists');
     }
 
     const hashedPassword = await AuthUtils.hashPassword(password);
     user = await User.getInstance().create({
-      email,
+      email: email,
       hashedPassword,
       isVerified: true,
     });
@@ -75,7 +76,8 @@ export class UserAdmin {
   }
 
   async patchUser(call: ParsedRouterRequest): Promise<UnparsedRouterResponse> {
-    const { id, email, isVerified, hasTwoFA, phoneNumber } = call.request.params;
+    const { id, isVerified, hasTwoFA, phoneNumber } = call.request.params;
+    const email = call.request.params.email.toLowerCase();
 
     const user: User | null = await User.getInstance().findOne({ _id: id });
     if (isNil(user)) {
@@ -86,6 +88,12 @@ export class UserAdmin {
         'Can not enable 2fa without a phone number',
       );
     }
+    if (user.email !== email) {
+      const duplicateEmail: User | null = await User.getInstance().findOne({ email });
+      if (!isNil(duplicateEmail)) {
+        throw new GrpcError(status.INVALID_ARGUMENT, 'Email already exists');
+      }
+    }
     let twoFaMethod: string | undefined;
     if (hasTwoFA) {
       twoFaMethod = user.twoFaMethod ?? 'phone';

diff --git a/modules/authentication/src/handlers/local.ts b/modules/authentication/src/handlers/local.ts
@@ -416,7 +416,7 @@ export class LocalHandlers implements IAuthenticationStrategy {
         'Re-login required to enter sudo mode',
       );
     }
-    const { newEmail } = call.request.params;
+    const newEmail = call.request.params.newEmail.toLowerCase();
     const { user } = call.request.context;
     const config = ConfigController.getInstance().config;