Make Username and Email Case-Insensitive (#586)

* Make user email and username lowercase whenever they are sent to a controller

* Change ToLower to ToLowerInvariant

* Move toLowerInvariant to database queries only

Co-authored-by: Jason Naylor <jasonleenaylor@users.noreply.github.com>
Co-authored-by: D. Ror <imnasnainaec@gmail.com>

Backend/Controllers/UserController.cs

@@ -37,12 +37,12 @@ public UserController(IUserService userService, IPermissionService permissionSer
         [HttpPost("forgot")]
         public async Task<IActionResult> ResetPasswordRequest([FromBody] PasswordResetData data)
         {
-            var email = data.Email;
             // create password reset
-            var resetRequest = await _passwordResetService.CreatePasswordReset(email);
+            var resetRequest = await _passwordResetService.CreatePasswordReset(data.Email);
 
             // find user attached to email
-            var user = _userService.GetAllUsers().Result.Single(user => user.Email.Equals(email));
+            var user = _userService.GetAllUsers().Result.Single(user =>
+                user.Email.ToLowerInvariant().Equals(data.Email.ToLowerInvariant()));
 
             // create email
             var message = new MimeMessage();
@@ -172,7 +172,8 @@ public async Task<IActionResult> Post([FromBody] User user)
         [HttpPost("checkusername/{username}")]
         public async Task<IActionResult> CheckUsername(string username)
         {
-            var usernameTaken = (await _userService.GetAllUsers()).Find(x => x.Username == username) != null;
+            var usernameTaken = (await _userService.GetAllUsers()).Find(x =>
+                x.Username.ToLowerInvariant() == username.ToLowerInvariant()) != null;
             if (usernameTaken)
             {
                 return BadRequest();
@@ -188,7 +189,8 @@ public async Task<IActionResult> CheckUsername(string username)
         [HttpPost("checkemail/{email}")]
         public async Task<IActionResult> CheckEmail(string email)
         {
-            var emailTaken = (await _userService.GetAllUsers()).Find(x => x.Email == email) != null;
+            var emailTaken = (await _userService.GetAllUsers()).Find(x =>
+                x.Email.ToLowerInvariant() == email.ToLowerInvariant()) != null;
             if (emailTaken)
             {
                 return BadRequest();

Backend/Services/UserApiServices.cs

@@ -107,7 +107,8 @@ private static byte[] CreateSalt()
         public async Task<User> Authenticate(string username, string password)
         {
             // Fetch the stored user.
-            var userList = await _userDatabase.Users.FindAsync(x => x.Username == username);
+            var userList = await _userDatabase.Users.FindAsync(x =>
+                x.Username.ToLowerInvariant() == username.ToLowerInvariant());
             var foundUser = userList.FirstOrDefault();
 
             // Return null if user with specified username not found.
@@ -244,7 +245,8 @@ public async Task<User> Create(User user)
 
             // Check to see if username or email address is taken
             if (users.Count != 0 && _userDatabase.Users.Find(
-                x => (x.Username == user.Username || x.Email == user.Email)).ToList().Count > 0)
+                x => (x.Username.ToLowerInvariant() == user.Username.ToLowerInvariant() ||
+                x.Email.ToLowerInvariant() == user.Email.ToLowerInvariant())).ToList().Count > 0)
             {
                 return null;
             }

docs/api/users/user.md

@@ -4,7 +4,7 @@
 
 **name** :
 
-**email** : Valid email address
+**email** : Valid email address - Should always be stored in lowercase
 
 **phone** : Valid phone number
 
@@ -16,7 +16,7 @@
 
 **password** :
 
-**username** :
+**username** : Should always be stored in lowercase
 
 **uiLang** :